From 53126a0af9341d609247ef63b494c44b33a93baf Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 10 Apr 2024 16:06:29 +0200
Subject: bump libnDPI to 142c8f5afb90629762920db6703831826513e00b

 * fixed `git format` hash length

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 libnDPI                                            |   2 +-
 test/results/caches_cfg/ookla.pcap.out             |  12 +-
 test/results/caches_cfg/teams.pcap.out             |  38 +-
 test/results/caches_global/bittorrent.pcap.out     |  10 +-
 .../caches_global/lru_ipv6_caches.pcapng.out       |  25 +-
 test/results/caches_global/mining.pcapng.out       |  14 +-
 test/results/caches_global/ookla.pcap.out          |  12 +-
 test/results/caches_global/teams.pcap.out          |  38 +-
 test/results/caches_global/zoom_p2p.pcapng.out     |  14 +-
 test/results/default/1kxun.pcap.out                |  20 +-
 test/results/default/443-chrome.pcap.out           |  18 +-
 test/results/default/443-curl.pcap.out             |  10 +-
 test/results/default/443-firefox.pcap.out          |  10 +-
 test/results/default/443-git.pcap.out              |  10 +-
 test/results/default/443-opvn.pcap.out             |  10 +-
 test/results/default/443-safari.pcap.out           |  10 +-
 test/results/default/4in4tunnel.pcap.out           |  22 +-
 test/results/default/4in6tunnel.pcap.out           |  14 +-
 test/results/default/6in4tunnel.pcap.out           |  14 +-
 test/results/default/6in6tunnel.pcap.out           |  14 +-
 test/results/default/BGP_Cisco_hdlc_slarp.pcap.out |  10 +-
 test/results/default/BGP_redist.pcap.out           |  10 +-
 test/results/default/EAQ.pcap.out                  |  10 +-
 .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out  |  14 +-
 test/results/default/IEC104.pcap.out               |  10 +-
 test/results/default/KakaoTalk_chat.pcap.out       |  14 +-
 test/results/default/KakaoTalk_talk.pcap.out       |  14 +-
 test/results/default/NTPv2.pcap.out                |  14 +-
 test/results/default/NTPv3.pcap.out                |  14 +-
 test/results/default/NTPv4.pcap.out                |  14 +-
 test/results/default/Oscar.pcap.out                |  10 +-
 test/results/default/TivoDVR.pcap.out              |  14 +-
 test/results/default/WebattackRCE.pcap.out         |  14 +-
 test/results/default/WebattackSQLinj.pcap.out      |  10 +-
 test/results/default/WebattackXSS.pcap.out         |  12 +-
 test/results/default/activision.pcap.out           |  14 +-
 test/results/default/adult_content.pcap.out        |  10 +-
 test/results/default/afp.pcap.out                  |  10 +-
 test/results/default/agora-sd-rtn.pcap.out         |  22 +-
 test/results/default/ah.pcapng.out                 |  14 +-
 test/results/default/ajp.pcap.out                  |  10 +-
 test/results/default/alexa-app.pcapng.out          |  10 +-
 test/results/default/alicloud.pcap.out             |  34 +-
 test/results/default/among_us.pcap.out             |  10 +-
 test/results/default/amqp.pcap.out                 |  10 +-
 test/results/default/android.pcap.out              |  10 +-
 test/results/default/anyconnect-vpn.pcap.out       |  10 +-
 test/results/default/anydesk.pcapng.out            |  14 +-
 test/results/default/avast.pcap.out                |  46 +-
 test/results/default/avast_securedns.pcapng.out    |  34 +-
 test/results/default/bacnet.pcap.out               |  20 +-
 test/results/default/bad-dns-traffic.pcap.out      |  50 +-
 test/results/default/badpackets.pcap.out           |  12 +-
 test/results/default/beckhoff_ads.pcapng.out       |  10 +-
 test/results/default/bets.pcapng.out               |  10 +-
 test/results/default/bfd.pcap.out                  |  10 +-
 test/results/default/bitcoin.pcap.out              |  20 +-
 test/results/default/bittorrent.pcap.out           |  10 +-
 .../results/default/bittorrent_tcp_miss.pcapng.out |  10 +-
 test/results/default/bittorrent_utp.pcap.out       |  12 +-
 test/results/default/bjnp.pcap.out                 |  10 +-
 test/results/default/bot.pcap.out                  |  10 +-
 test/results/default/bt-dns.pcap.out               |   8 +-
 test/results/default/bt-http.pcapng.out            |  10 +-
 test/results/default/bt_search.pcap.out            |  14 +-
 test/results/default/c1222.pcapng.out              |  14 +-
 test/results/default/cachefly.pcapng.out           |  10 +-
 test/results/default/can.pcap.out                  |  14 +-
 test/results/default/capwap.pcap.out               |  10 +-
 test/results/default/capwap_data.pcapng.out        |  10 +-
 test/results/default/cassandra.pcap.out            |  10 +-
 test/results/default/ceph.pcap.out                 |  10 +-
 test/results/default/check_mk_new.pcap.out         |  10 +-
 test/results/default/chrome.pcap.out               |  10 +-
 test/results/default/cip_io.pcap.out               |  10 +-
 test/results/default/citrix.pcap.out               |   8 +-
 test/results/default/cloudflare-warp.pcap.out      |  10 +-
 test/results/default/coap_mqtt.pcap.out            |  14 +-
 test/results/default/collectd.pcap.out             |  26 +-
 test/results/default/corba.pcap.out                |  10 +-
 test/results/default/cpha.pcap.out                 |  14 +-
 .../default/crawler_false_positive.pcapng.out      |  10 +-
 test/results/default/crynet.pcap.out               |  24 +-
 test/results/default/custom_categories.pcapng.out  |  14 +-
 test/results/default/custom_risk_mask.pcapng.out   |  14 +-
 test/results/default/custom_rules_ipv6.pcapng.out  |  18 +-
 .../custom_rules_same-ip_multiple_ports.pcapng.out |  12 +-
 test/results/default/dazn.pcapng.out               |  10 +-
 test/results/default/dcerpc.pcap.out               |  14 +-
 test/results/default/dhcp-fuzz.pcapng.out          |  14 +-
 test/results/default/diameter.pcap.out             |  14 +-
 test/results/default/discord.pcap.out              |  16 +-
 test/results/default/discord_mid_flow.pcap.out     |  14 +-
 test/results/default/dlep.pcapng.out               |  10 +-
 test/results/default/dlms.pcap.out                 |  12 +-
 test/results/default/dlt_ppp.pcap.out              |   8 +-
 test/results/default/dnp3.pcap.out                 |  24 +-
 test/results/default/dns-exf.pcap.out              |  20 +-
 test/results/default/dns-google-nsid.pcapng.out    |  16 +-
 test/results/default/dns-invalid-chars.pcap.out    |  14 +-
 test/results/default/dns-tunnel-iodine.pcap.out    |  20 +-
 test/results/default/dns.pcap.out                  |  12 +-
 test/results/default/dns2tcp_tunnel.pcap.out       |  10 +-
 test/results/default/dns_ambiguous_names.pcap.out  |  14 +-
 test/results/default/dns_doh.pcap.out              |  10 +-
 test/results/default/dns_dot.pcap.out              |  10 +-
 test/results/default/dns_exfiltration.pcap.out     |  14 +-
 test/results/default/dns_fragmented.pcap.out       |  14 +-
 test/results/default/dns_invert_query.pcapng.out   |  10 +-
 test/results/default/dns_long_domainname.pcap.out  |  14 +-
 .../dnscrypt-v1-and-resolver-pings.pcap.out        |  14 +-
 test/results/default/dnscrypt-v2-doh.pcap.out      |  10 +-
 test/results/default/dnscrypt-v2.pcap.out          |  16 +-
 .../dnscrypt_skype_false_positive.pcapng.out       |  18 +-
 test/results/default/doh.pcapng.out                |  10 +-
 test/results/default/doq.pcapng.out                |  14 +-
 test/results/default/doq_adguard.pcapng.out        |  14 +-
 .../results/default/dos_win98_smb_netbeui.pcap.out |  10 +-
 test/results/default/dotenv.pcap.out               |  18 +-
 test/results/default/drda_db2.pcap.out             |  10 +-
 test/results/default/dropbox.pcap.out              |  14 +-
 test/results/default/dtls.pcap.out                 |  14 +-
 test/results/default/dtls2.pcap.out                |  14 +-
 test/results/default/dtls_certificate.pcapng.out   |  14 +-
 .../default/dtls_certificate_fragments.pcap.out    |  16 +-
 test/results/default/dtls_mid_sessions.pcapng.out  |  14 +-
 test/results/default/dtls_old_version.pcapng.out   |  14 +-
 .../dtls_session_id_and_coockie_both.pcap.out      |  14 +-
 test/results/default/edonkey.pcap.out              |  10 +-
 test/results/default/elasticsearch.pcap.out        |  12 +-
 test/results/default/elf.pcap.out                  |  31 +
 test/results/default/emotet.pcap.out               |  26 +-
 test/results/default/encrypted_sni.pcap.out        |  14 +-
 test/results/default/epicgames.pcapng.out          |  14 +-
 test/results/default/esp.pcapng.out                |  14 +-
 test/results/default/ethereum.pcap.out             |  10 +-
 test/results/default/ethernetIP.pcap.out           |  10 +-
 test/results/default/ethersbus.pcap.out            |  10 +-
 test/results/default/ethersio.pcap.out             |  14 +-
 test/results/default/exe_download.pcap.out         |  20 +-
 test/results/default/exe_download_as_png.pcap.out  |  10 +-
 test/results/default/facebook.pcap.out             |  10 +-
 test/results/default/fastcgi.pcap.out              |  10 +-
 test/results/default/fins.pcap.out                 |  12 +-
 test/results/default/firefox.pcap.out              |  10 +-
 test/results/default/fix.pcap.out                  |  10 +-
 test/results/default/fix2.pcap.out                 |  10 +-
 test/results/default/flute.pcapng.out              |  10 +-
 test/results/default/forticlient.pcap.out          |  10 +-
 test/results/default/ftp-start-tls.pcap.out        |  10 +-
 test/results/default/ftp.pcap.out                  |  14 +-
 test/results/default/ftp_failed.pcap.out           |  14 +-
 test/results/default/fuzz-2006-06-26-2594.pcap.out |  14 +-
 .../results/default/fuzz-2006-09-29-28586.pcap.out |  10 +-
 .../results/default/fuzz-2020-02-16-11740.pcap.out |  18 +-
 .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out    |  14 +-
 test/results/default/fuzz-2021-10-13.pcap.out      |  14 +-
 test/results/default/gaijin_mobile_mixed.pcap.out  |  12 +-
 test/results/default/gaijin_warthunder.pcap.out    |  10 +-
 test/results/default/gearman.pcap.out              |  10 +-
 test/results/default/geforcenow.pcapng.out         |  10 +-
 test/results/default/genshin-impact.pcap.out       |  20 +-
 test/results/default/git.pcap.out                  |  10 +-
 test/results/default/gnutella.pcap.out             |  20 +-
 test/results/default/google_chat.pcapng.out        |  10 +-
 test/results/default/google_meet.pcapng.out        |  10 +-
 test/results/default/google_ssl.pcap.out           |  10 +-
 test/results/default/googledns_android10.pcap.out  |  10 +-
 test/results/default/gquic.pcap.out                |  14 +-
 .../default/gquic_only_from_server.pcap.out        |  10 +-
 test/results/default/gre.pcapng.out                |  14 +-
 test/results/default/gtp_c.pcap.out                |  10 +-
 test/results/default/gtp_false_positive.pcapng.out |  14 +-
 test/results/default/gtp_prime.pcapng.out          |  10 +-
 test/results/default/h323-overflow.pcap.out        |  12 +-
 test/results/default/h323.pcap.out                 |  10 +-
 test/results/default/h323_tcp.pcap.out             |  10 +-
 test/results/default/haproxy.pcap.out              |  14 +-
 test/results/default/hart_ip.pcap.out              |  10 +-
 .../default/heuristic_tcp_ack_payload.pcap.out     |  14 +-
 test/results/default/hislip.pcap.out               |  10 +-
 test/results/default/hl7.pcap.out                  |  10 +-
 test/results/default/hots.pcapng.out               |  14 +-
 test/results/default/hpvirtgrp.pcap.out            |  24 +-
 test/results/default/hsrp0.pcap.out                |  10 +-
 test/results/default/hsrp2.pcap.out                |  14 +-
 test/results/default/hsrp2_ipv6.pcapng.out         |  10 +-
 .../http-crash-content-disposition.pcap.out        |  10 +-
 test/results/default/http-lines-split.pcap.out     |  10 +-
 test/results/default/http-manipulated.pcap.out     |  12 +-
 test/results/default/http-proxy.pcapng.out         |  10 +-
 test/results/default/http.pcapng.out               |  10 +-
 test/results/default/http2.pcapng.out              |  14 +-
 test/results/default/http_asymmetric.pcapng.out    |  10 +-
 test/results/default/http_auth.pcap.out            |  10 +-
 test/results/default/http_connect.pcap.out         |  10 +-
 .../http_guessed_host_and_guessed.pcapng.out       |  14 +-
 test/results/default/http_invalid_server.pcap.out  |  10 +-
 test/results/default/http_ipv6.pcap.out            |  18 +-
 test/results/default/http_on_sip_port.pcap.out     |  10 +-
 .../http_origin_different_than_host.pcap.out       |  10 +-
 .../default/http_starting_with_reply.pcapng.out    |  10 +-
 .../http_ua_splitted_in_two_pkts.pcapng.out        |  10 +-
 test/results/default/i3d.pcap.out                  |  18 +-
 test/results/default/iax.pcap.out                  |  10 +-
 test/results/default/icmp-tunnel.pcap.out          |  16 +-
 test/results/default/iec60780-5-104.pcap.out       |  12 +-
 test/results/default/ieee_c37118.pcap.out          |  12 +-
 test/results/default/imap-starttls.pcap.out        |  10 +-
 test/results/default/imap.pcap.out                 |  10 +-
 test/results/default/imaps.pcap.out                |  12 +-
 test/results/default/imo.pcap.out                  |  12 +-
 test/results/default/instagram.pcap.out            |  22 +-
 .../results/default/ip_fragmented_garbage.pcap.out |  10 +-
 test/results/default/iphone.pcap.out               |  10 +-
 test/results/default/ipp.pcap.out                  |  10 +-
 test/results/default/ipsec_isakmp_esp.pcap.out     |  30 +-
 test/results/default/ipv6_in_gtp.pcap.out          |  16 +-
 test/results/default/irc.pcap.out                  |  10 +-
 test/results/default/iso9506-1-mms.pcap.out        |  10 +-
 .../default/ja3_lots_of_cipher_suites.pcap.out     |  10 +-
 .../ja3_lots_of_cipher_suites_2_anon.pcap.out      |  10 +-
 test/results/default/jabber.pcap.out               |  26 +-
 test/results/default/jsonrpc.pcap.out              |  10 +-
 test/results/default/kafka.pcapng.out              |  16 +-
 test/results/default/kcp.pcap.out                  |  14 +-
 test/results/default/kerberos-error.pcap.out       |  14 +-
 test/results/default/kerberos-login.pcap.out       |  12 +-
 test/results/default/kerberos.pcap.out             |  42 +-
 test/results/default/kerberos_fuzz.pcapng.out      |  14 +-
 test/results/default/kismet.pcap.out               |  10 +-
 test/results/default/kontiki.pcap.out              |  14 +-
 test/results/default/line.pcap.out                 |  12 +-
 .../results/default/linecall_falsepositve.pcap.out |  10 +-
 test/results/default/lisp_registration.pcap.out    |  10 +-
 test/results/default/log4j-webapp-exploit.pcap.out |  10 +-
 test/results/default/lol_wild_rift_udp.pcap.out    |  18 +-
 test/results/default/long_tls_certificate.pcap.out |  10 +-
 test/results/default/lru_ipv6_caches.pcapng.out    |  25 +-
 test/results/default/malformed_dns.pcap.out        |  10 +-
 test/results/default/malformed_icmp.pcap.out       |  10 +-
 test/results/default/malware.pcap.out              |  14 +-
 test/results/default/memcached.cap.out             |  10 +-
 test/results/default/merakicloud.pcapng.out        |  14 +-
 test/results/default/mgcp.pcap.out                 |  18 +-
 test/results/default/mining.pcapng.out             |  14 +-
 test/results/default/modbus.pcap.out               |  10 +-
 test/results/default/monero.pcap.out               |  10 +-
 .../default/mongo_false_positive.pcapng.out        |  10 +-
 test/results/default/mongodb.pcap.out              |  18 +-
 test/results/default/mpeg-dash.pcap.out            |  12 +-
 test/results/default/mpeg.pcap.out                 |  10 +-
 test/results/default/mpegts.pcap.out               |  14 +-
 test/results/default/mqtt.pcap.out                 |  10 +-
 test/results/default/mssql_tds.pcap.out            |  14 +-
 test/results/default/mullvad_dns.pcap.out          |  14 +-
 test/results/default/mullvad_wireguard.pcap.out    |  14 +-
 test/results/default/mumble.pcapng.out             |  10 +-
 test/results/default/munin.pcap.out                |  16 +-
 test/results/default/mysql.pcapng.out              |  12 +-
 test/results/default/natpmp.pcap.out               |  12 +-
 test/results/default/nats.pcap.out                 |  10 +-
 ...ndpi_match_string_subprotocol__error.pcapng.out |  12 +-
 test/results/default/nest_log_sink.pcap.out        |  34 +-
 test/results/default/netbios.pcap.out              |  10 +-
 .../default/netbios_wildcard_dns_query.pcap.out    |  14 +-
 test/results/default/netease_games.pcapng.out      |  14 +-
 test/results/default/netflix.pcap.out              | 114 +--
 test/results/default/netflow-fritz.pcap.out        |  14 +-
 test/results/default/netflowv9.pcap.out            |  14 +-
 test/results/default/nfsv2.pcap.out                |  10 +-
 test/results/default/nfsv3.pcap.out                |  10 +-
 test/results/default/nintendo.pcap.out             |  14 +-
 test/results/default/nntp.pcap.out                 |  10 +-
 test/results/default/no_sni.pcap.out               |  10 +-
 test/results/default/nomachine.pcapng.out          |  10 +-
 test/results/default/ocs.pcap.out                  |  10 +-
 test/results/default/ocsp.pcapng.out               |  22 +-
 test/results/default/oicq.pcap.out                 |  40 +-
 test/results/default/ookla.pcap.out                |  12 +-
 test/results/default/opc-ua.pcap.out               |  10 +-
 test/results/default/openflow.pcap.out             |  10 +-
 test/results/default/openvpn-tlscrypt.pcap.out     |  10 +-
 test/results/default/openvpn.pcap.out              |  22 +-
 test/results/default/openvpn_nohmac.pcapng.out     |  10 +-
 test/results/default/openvpn_nohmac_tcp.pcapng.out |  10 +-
 test/results/default/opera-vpn.pcapng.out          |  10 +-
 test/results/default/oracle12.pcapng.out           |  10 +-
 test/results/default/os_detected.pcapng.out        |  14 +-
 .../results/default/ospfv2_add_new_prefix.pcap.out |  10 +-
 .../default/ossfuzz_seed_fake_traces_1.pcapng.out  |  20 +-
 .../default/ossfuzz_seed_fake_traces_2.pcapng.out  |  16 +-
 .../default/ossfuzz_seed_fake_traces_3.pcapng.out  |  10 +-
 .../default/ossfuzz_seed_fake_traces_4.pcapng.out  |  10 +-
 test/results/default/path_of_exile.pcapng.out      |  10 +-
 test/results/default/pfcp.pcapng.out               |  10 +-
 test/results/default/pgm.pcap.out                  |  10 +-
 test/results/default/pgsql.pcap.out                |  12 +-
 test/results/default/pia.pcap.out                  |  10 +-
 test/results/default/pim.pcap.out                  |  14 +-
 test/results/default/pinterest.pcap.out            |  14 +-
 test/results/default/pluralsight.pcap.out          |  10 +-
 test/results/default/pop3.pcap.out                 |  12 +-
 test/results/default/pop3_stls.pcap.out            |  10 +-
 test/results/default/pops.pcapng.out               |  10 +-
 test/results/default/portable_executable.pcap.out  |  34 +
 test/results/default/pps.pcap.out                  |  56 +-
 test/results/default/pptp.pcap.out                 |  10 +-
 test/results/default/profinet-io-le.pcap.out       |  14 +-
 test/results/default/protobuf.pcap.out             |  18 +-
 test/results/default/protonvpn.pcap.out            |  10 +-
 test/results/default/psiphon3.pcap.out             |  10 +-
 test/results/default/ptpv2.pcap.out                |  14 +-
 test/results/default/punycode-idn.pcap.out         |  10 +-
 test/results/default/quic-23.pcap.out              |  14 +-
 test/results/default/quic-24.pcap.out              |  14 +-
 test/results/default/quic-27.pcap.out              |  14 +-
 test/results/default/quic-28.pcap.out              |  14 +-
 test/results/default/quic-29.pcap.out              |  14 +-
 test/results/default/quic-33.pcapng.out            |  14 +-
 test/results/default/quic-34.pcap.out              |  14 +-
 .../default/quic-forcing-vn-with-data.pcapng.out   |  14 +-
 test/results/default/quic-fuzz-overflow.pcapng.out |  14 +-
 test/results/default/quic-mvfst-22.pcap.out        |   8 +-
 .../quic-mvfst-22_decryption_error.pcap.out        |  14 +-
 test/results/default/quic-mvfst-27.pcapng.out      |  12 +-
 test/results/default/quic-mvfst-exp.pcap.out       |  14 +-
 test/results/default/quic-v2.pcapng.out            |  14 +-
 test/results/default/quic.pcap.out                 |  16 +-
 test/results/default/quic046.pcap.out              |  14 +-
 test/results/default/quic_0RTT.pcap.out            |  14 +-
 test/results/default/quic_cc_ack.pcapng.out        |  14 +-
 .../default/quic_crypto_aes_auth_size.pcap.out     |  14 +-
 .../quic_frags_ch_in_multiple_packets.pcapng.out   |  14 +-
 ...h_out_of_order_same_packet_craziness.pcapng.out |  60 +-
 .../default/quic_frags_different_dcid.pcapng.out   |  14 +-
 test/results/default/quic_interop_V.pcapng.out     |  10 +-
 test/results/default/quic_q39.pcap.out             |  10 +-
 test/results/default/quic_q43.pcap.out             |  10 +-
 test/results/default/quic_q46.pcap.out             |  10 +-
 test/results/default/quic_q46_b.pcap.out           |  14 +-
 test/results/default/quic_q50.pcap.out             |  14 +-
 test/results/default/quic_t50.pcap.out             |  14 +-
 test/results/default/quic_t51.pcap.out             |  14 +-
 test/results/default/quickplay.pcap.out            |  30 +-
 .../default/radius_false_positive.pcapng.out       |  14 +-
 test/results/default/radmin3.pcapng.out            |  10 +-
 test/results/default/raft.pcap.out                 |  10 +-
 test/results/default/raknet.pcap.out               |  12 +-
 test/results/default/rdp.pcap.out                  |  10 +-
 test/results/default/rdp2.pcap.out                 |  20 +-
 test/results/default/rdp3.pcap.out                 |  10 +-
 test/results/default/reasm_crash_anon.pcapng.out   |  14 +-
 test/results/default/reasm_segv_anon.pcapng.out    |  10 +-
 test/results/default/reddit.pcap.out               |  10 +-
 test/results/default/resp.pcap.out                 |  10 +-
 test/results/default/riot.pcapng.out               |  18 +-
 test/results/default/riotgames.pcap.out            |  26 +-
 test/results/default/rmcp.pcap.out                 |  14 +-
 test/results/default/roblox.pcapng.out             |  14 +-
 test/results/default/roughtime.pcap.out            |  16 +-
 .../default/rsh-syslog-false-positive.pcap.out     |  10 +-
 test/results/default/rsh.pcap.out                  |  10 +-
 test/results/default/rsync.pcap.out                |  10 +-
 ...tcp_multiple_pkts_in_the_same_datagram.pcap.out |  14 +-
 test/results/default/rtmp.pcap.out                 |  10 +-
 test/results/default/rtp.pcapng.out                |  14 +-
 test/results/default/rtps.pcap.out                 |  10 +-
 test/results/default/rtsp.pcap.out                 |  10 +-
 test/results/default/rtsp_setup_http.pcapng.out    |  14 +-
 test/results/default/rx.pcap.out                   |  10 +-
 test/results/default/s7comm-plus.pcap.out          |  10 +-
 test/results/default/s7comm.pcap.out               |  10 +-
 test/results/default/safari.pcap.out               |  10 +-
 test/results/default/salesforce.pcap.out           |  10 +-
 .../default/sccp_hw_conf_register.pcapng.out       |  10 +-
 test/results/default/sctp.cap.out                  |  10 +-
 test/results/default/selfsigned.pcap.out           |  10 +-
 test/results/default/sflow.pcap.out                |  14 +-
 test/results/default/shadowsocks.pcap.out          |  10 +-
 test/results/default/shell.pcap.out                |  42 ++
 test/results/default/signal.pcap.out               |  10 +-
 test/results/default/simple-dnscrypt.pcap.out      |  10 +-
 test/results/default/sip.pcap.out                  |  18 +-
 test/results/default/sip_hello.pcapng.out          |  10 +-
 test/results/default/sites.pcapng.out              |  40 +-
 test/results/default/skinny.pcap.out               |  10 +-
 .../results/default/skype-conference-call.pcap.out |  14 +-
 test/results/default/smb_deletefile.pcap.out       |  10 +-
 test/results/default/smb_frags.pcap.out            |  10 +-
 test/results/default/smbv1.pcap.out                |  14 +-
 test/results/default/smpp_in_general.pcap.out      |  10 +-
 test/results/default/smtp-starttls.pcap.out        |  12 +-
 test/results/default/smtp.pcap.out                 |  10 +-
 test/results/default/smtps.pcapng.out              |  10 +-
 test/results/default/snapchat.pcap.out             |  10 +-
 test/results/default/snapchat_call.pcapng.out      |  14 +-
 test/results/default/snapchat_call_v1.pcapng.out   |  14 +-
 test/results/default/snmp.pcap.out                 |  16 +-
 test/results/default/soap.pcap.out                 |  12 +-
 test/results/default/socks.pcap.out                |  12 +-
 test/results/default/softether.pcap.out            |  32 +-
 test/results/default/someip-tp.pcap.out            |  14 +-
 .../default/someip-udp-method-call.pcapng.out      |  10 +-
 test/results/default/someip_sd_sample.pcap.out     |  14 +-
 test/results/default/source_engine.pcap.out        |  28 +-
 test/results/default/spotify_tcp.pcap.out          |   8 +-
 test/results/default/sql_injection.pcap.out        |  10 +-
 test/results/default/srvloc-v1.pcapng.out          |  14 +-
 test/results/default/srvloc.pcap.out               | 816 ++++++++++-----------
 test/results/default/ssdp-m-search-ua.pcap.out     |  14 +-
 test/results/default/ssdp-m-search.pcap.out        |  10 +-
 test/results/default/ssh.pcap.out                  |  10 +-
 .../default/ssl-cert-name-mismatch.pcap.out        |  10 +-
 test/results/default/starcraft_battle.pcap.out     |  20 +-
 test/results/default/steam.pcapng.out              |  10 +-
 test/results/default/stomp.pcapng.out              |  10 +-
 test/results/default/stun.pcap.out                 |  24 +-
 test/results/default/stun_classic.pcap.out         |  10 +-
 test/results/default/stun_dtls_rtp.pcapng.out      |  14 +-
 .../default/stun_dtls_rtp_unidir.pcapng.out        |  10 +-
 .../stun_dtls_unidirectional_client.pcap.out       |  14 +-
 .../stun_dtls_unidirectional_server.pcap.out       |  14 +-
 test/results/default/stun_google_meet.pcapng.out   |  12 +-
 .../results/default/stun_msteams_unidir.pcapng.out |  10 +-
 test/results/default/stun_signal.pcapng.out        |  50 +-
 .../stun_tcp_multiple_msgs_same_pkt.pcap.out       |  10 +-
 test/results/default/stun_wa_call.pcapng.out       |  22 +-
 test/results/default/stun_zoom.pcapng.out          |  14 +-
 test/results/default/syncthing.pcap.out            |  14 +-
 test/results/default/synscan.pcap.out              |  10 +-
 test/results/default/syslog.pcap.out               |  28 +-
 test/results/default/tailscale.pcap.out            |  14 +-
 .../targusdataspeed_false_positives.pcap.out       |  12 +-
 test/results/default/tcp_scan.pcapng.out           |  10 +-
 test/results/default/teams.pcap.out                |  38 +-
 test/results/default/teamspeak3.pcap.out           | 206 +++---
 test/results/default/teamviewer.pcap.out           |  10 +-
 test/results/default/telegram.pcap.out             |  10 +-
 test/results/default/telegram_videocall.pcapng.out |  48 +-
 test/results/default/telnet.pcap.out               |  10 +-
 test/results/default/tencent_games.pcap.out        |  14 +-
 test/results/default/teredo.pcap.out               |  14 +-
 test/results/default/tftp.pcap.out                 |  16 +-
 test/results/default/threema.pcap.out              |  16 +-
 test/results/default/thrift.pcap.out               |  12 +-
 test/results/default/tinc.pcap.out                 |  10 +-
 test/results/default/tk.pcap.out                   |  10 +-
 test/results/default/tls-appdata.pcap.out          |  20 +-
 test/results/default/tls-esni-fuzzed.pcap.out      |  14 +-
 test/results/default/tls-rdn-extract.pcap.out      |  14 +-
 test/results/default/tls_2_reasms.pcapng.out       |  10 +-
 test/results/default/tls_2_reasms_b.pcapng.out     |  10 +-
 test/results/default/tls_alert.pcap.out            |  12 +-
 .../default/tls_certificate_too_long.pcap.out      |  22 +-
 test/results/default/tls_cipher_lens.pcap.out      |  14 +-
 ..._certificate_with_missing_server_one.pcapng.out |  10 +-
 test/results/default/tls_ech.pcapng.out            |  14 +-
 test/results/default/tls_esni_sni_both.pcap.out    |  10 +-
 .../results/default/tls_false_positives.pcapng.out |  10 +-
 test/results/default/tls_invalid_reads.pcap.out    |  14 +-
 test/results/default/tls_long_cert.pcap.out        |  10 +-
 test/results/default/tls_malicious_sha1.pcapng.out |  14 +-
 test/results/default/tls_missing_ch_frag.pcap.out  |  12 +-
 .../tls_multiple_synack_different_seq.pcapng.out   |  10 +-
 test/results/default/tls_port_80.pcapng.out        |  10 +-
 test/results/default/tls_torrent.pcapng.out        |  10 +-
 test/results/default/tls_unidirectional.pcap.out   |  12 +-
 .../default/tls_verylong_certificate.pcap.out      |  10 +-
 test/results/default/toca-boca.pcap.out            |  30 +-
 test/results/default/tor.pcap.out                  |  12 +-
 test/results/default/tplink_shp.pcap.out           |  18 +-
 test/results/default/trickbot.pcap.out             |  10 +-
 test/results/default/tumblr.pcap.out               |  14 +-
 test/results/default/tunnelbear.pcap.out           |  10 +-
 test/results/default/tuya_lp.pcap.out              |  14 +-
 test/results/default/ubntac2.pcap.out              |  14 +-
 test/results/default/uftp_v4_v5.pcap.out           |  12 +-
 test/results/default/ultrasurf.pcap.out            |  10 +-
 test/results/default/umas.pcap.out                 |  10 +-
 test/results/default/upnp.pcap.out                 |  14 +-
 test/results/default/viber.pcap.out                |  16 +-
 test/results/default/vk.pcapng.out                 |  10 +-
 test/results/default/vnc.pcap.out                  |  10 +-
 test/results/default/vrrp3.pcapng.out              |  14 +-
 test/results/default/vxlan.pcap.out                |  14 +-
 test/results/default/wa_video.pcap.out             |  25 +-
 test/results/default/wa_voice.pcap.out             |  17 +-
 test/results/default/waze.pcap.out                 |  16 +-
 test/results/default/webdav.pcap.out               |  10 +-
 test/results/default/webex.pcap.out                |  10 +-
 test/results/default/websocket.pcap.out            |  10 +-
 test/results/default/wechat.pcap.out               |  16 +-
 test/results/default/weibo.pcap.out                |  16 +-
 test/results/default/whatsapp.pcap.out             | 130 ++--
 test/results/default/whatsapp_login_call.pcap.out  |  33 +-
 test/results/default/whatsapp_login_chat.pcap.out  |  12 +-
 .../default/whatsapp_voice_and_message.pcap.out    |  10 +-
 test/results/default/whatsappfiles.pcap.out        |  10 +-
 test/results/default/whois.pcapng.out              |  14 +-
 .../default/windowsupdate_over_http.pcap.out       |  16 +-
 test/results/default/wireguard.pcap.out            |  18 +-
 test/results/default/wow.pcap.out                  |  12 +-
 test/results/default/xdmcp.pcap.out                |  10 +-
 test/results/default/xiaomi.pcap.out               |  18 +-
 test/results/default/xss.pcap.out                  |  10 +-
 test/results/default/yandex.pcapng.out             |  14 +-
 test/results/default/yojimbo.pcap.out              |  14 +-
 test/results/default/youtube_quic.pcap.out         |  10 +-
 test/results/default/youtubeupload.pcap.out        |  10 +-
 test/results/default/z3950.pcapng.out              |  12 +-
 test/results/default/zabbix.pcap.out               |  12 +-
 test/results/default/zattoo.pcap.out               |  10 +-
 test/results/default/zoom.pcap.out                 |  16 +-
 test/results/default/zoom2.pcap.out                |  10 +-
 test/results/default/zoom_p2p.pcapng.out           |  14 +-
 test/results/disable_aggressiveness/ookla.pcap.out |  12 +-
 .../tls_verylong_certificate.pcap.out              |  10 +-
 .../disable_protocols/dns_long_domainname.pcap.out |  14 +-
 .../results/disable_protocols/pluralsight.pcap.out |  10 +-
 .../disable_protocols/quic-mvfst-27.pcapng.out     |  12 +-
 test/results/disable_protocols/soap.pcap.out       |  12 +-
 .../dns_process_response_disable/dns.pcap.out      |  12 +-
 .../dns.pcap.out                                   |  12 +-
 .../dns_subclassification_disable/dns.pcap.out     |  12 +-
 test/results/enable_doh_heuristic/doh.pcapng.out   |  10 +-
 test/results/enable_payload_stat/1kxun.pcap.out    |  20 +-
 test/results/flow-analyse/default/elf.pcap.out     |   1 +
 test/results/flow-analyse/default/netflix.pcap.out |  28 +-
 .../default/portable_executable.pcap.out           |   1 +
 test/results/flow-analyse/default/shell.pcap.out   |   1 +
 .../flow-analyse/default/starcraft_battle.pcap.out |   2 +-
 .../default/telegram_videocall.pcapng.out          |   2 +-
 test/results/flow-analyse/default/waze.pcap.out    |   2 +-
 .../default/whatsapp_login_call.pcap.out           |   2 +-
 .../stun_mapped_address_disabled/teams.pcap.out    |  17 +
 .../flow-captured/caches_cfg/teams.pcap.out        |   4 +-
 .../caches_global/lru_ipv6_caches.pcapng.out       |   2 +
 .../flow-captured/caches_global/teams.pcap.out     |   4 +-
 test/results/flow-captured/default/elf.pcap.out    |   2 +
 test/results/flow-captured/default/ftp.pcap.out    |   1 -
 .../default/lru_ipv6_caches.pcapng.out             |   2 +
 .../default/portable_executable.pcap.out           |   1 +
 test/results/flow-captured/default/shell.pcap.out  |   4 +
 .../flow-captured/default/stun_signal.pcapng.out   |   4 +-
 test/results/flow-captured/default/teams.pcap.out  |   4 +-
 .../default/telegram_videocall.pcapng.out          |   6 -
 .../flow-captured/default/wa_video.pcap.out        |   3 +
 .../stun_mapped_address_disabled/teams.pcap.out    |  21 +
 test/results/flow-info/caches_cfg/teams.pcap.out   |  21 +-
 .../caches_global/lru_ipv6_caches.pcapng.out       |   9 +
 .../results/flow-info/caches_global/teams.pcap.out |  21 +-
 test/results/flow-info/default/1kxun.pcap.out      |   5 +-
 test/results/flow-info/default/443-chrome.pcap.out |   2 +-
 .../flow-info/default/KakaoTalk_chat.pcap.out      |   1 +
 .../flow-info/default/KakaoTalk_talk.pcap.out      |   1 +
 test/results/flow-info/default/collectd.pcap.out   |   2 +
 test/results/flow-info/default/dotenv.pcap.out     |   4 +-
 test/results/flow-info/default/elf.pcap.out        |  12 +
 test/results/flow-info/default/emotet.pcap.out     |   8 +-
 .../flow-info/default/exe_download.pcap.out        |   4 +-
 test/results/flow-info/default/ftp.pcap.out        |   2 -
 test/results/flow-info/default/gnutella.pcap.out   |   8 +-
 test/results/flow-info/default/http_ipv6.pcap.out  |   1 +
 test/results/flow-info/default/instagram.pcap.out  |   4 +
 test/results/flow-info/default/kerberos.pcap.out   |  13 +
 test/results/flow-info/default/kontiki.pcap.out    |   1 +
 .../flow-info/default/lru_ipv6_caches.pcapng.out   |   9 +
 test/results/flow-info/default/netflix.pcap.out    |  72 +-
 test/results/flow-info/default/nintendo.pcap.out   |   2 +-
 .../flow-info/default/portable_executable.pcap.out |  12 +
 test/results/flow-info/default/pps.pcap.out        |  42 +-
 test/results/flow-info/default/quickplay.pcap.out  |  16 +-
 test/results/flow-info/default/riot.pcapng.out     |   2 +-
 test/results/flow-info/default/shell.pcap.out      |  20 +
 .../flow-info/default/starcraft_battle.pcap.out    |   4 +-
 .../flow-info/default/stun_signal.pcapng.out       |  54 +-
 .../flow-info/default/stun_wa_call.pcapng.out      |   8 +-
 test/results/flow-info/default/teams.pcap.out      |  21 +-
 .../default/telegram_videocall.pcapng.out          |  22 +-
 .../default/tls_certificate_too_long.pcap.out      |   9 +-
 test/results/flow-info/default/wa_video.pcap.out   |   9 +-
 test/results/flow-info/default/wa_voice.pcap.out   |   8 +-
 test/results/flow-info/default/waze.pcap.out       |   4 +-
 test/results/flow-info/default/wechat.pcap.out     |   1 +
 test/results/flow-info/default/weibo.pcap.out      |   2 +
 .../flow-info/default/whatsapp_login_call.pcap.out |  24 +-
 .../default/windowsupdate_over_http.pcap.out       |   4 +-
 test/results/flow-info/default/zoom.pcap.out       |   1 +
 .../flow-info/enable_payload_stat/1kxun.pcap.out   |   5 +-
 .../flow-info/ip_lists_disable/1kxun.pcap.out      |   5 +-
 .../stun_mapped_address_disabled/teams.pcap.out    | 573 +++++++++++++++
 .../flow_risk_lists_disable/protonvpn.pcap.out     |  10 +-
 test/results/guessing_disable/webex.pcap.out       |  10 +-
 .../http_process_response_disable/http.pcapng.out  |  10 +-
 .../http_asymmetric.pcapng.out                     |  10 +-
 test/results/influxd/caches_cfg/ookla.pcap.out     |   2 +-
 test/results/influxd/caches_cfg/teams.pcap.out     |  10 +-
 .../influxd/caches_global/bittorrent.pcap.out      |   2 +-
 .../caches_global/lru_ipv6_caches.pcapng.out       |  10 +-
 .../influxd/caches_global/mining.pcapng.out        |   2 +-
 test/results/influxd/caches_global/ookla.pcap.out  |   2 +-
 test/results/influxd/caches_global/teams.pcap.out  |  10 +-
 .../influxd/caches_global/zoom_p2p.pcapng.out      |   2 +-
 test/results/influxd/default/1kxun.pcap.out        |   6 +-
 test/results/influxd/default/443-chrome.pcap.out   |   2 +-
 test/results/influxd/default/443-curl.pcap.out     |   2 +-
 test/results/influxd/default/443-firefox.pcap.out  |   2 +-
 test/results/influxd/default/443-git.pcap.out      |   2 +-
 test/results/influxd/default/443-opvn.pcap.out     |   2 +-
 test/results/influxd/default/443-safari.pcap.out   |   2 +-
 test/results/influxd/default/4in4tunnel.pcap.out   |   2 +-
 test/results/influxd/default/4in6tunnel.pcap.out   |   2 +-
 test/results/influxd/default/6in4tunnel.pcap.out   |   2 +-
 test/results/influxd/default/6in6tunnel.pcap.out   |   2 +-
 .../influxd/default/BGP_Cisco_hdlc_slarp.pcap.out  |   2 +-
 test/results/influxd/default/BGP_redist.pcap.out   |   2 +-
 test/results/influxd/default/EAQ.pcap.out          |   2 +-
 .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out  |   2 +-
 test/results/influxd/default/IEC104.pcap.out       |   2 +-
 .../influxd/default/KakaoTalk_chat.pcap.out        |   2 +-
 .../influxd/default/KakaoTalk_talk.pcap.out        |   2 +-
 test/results/influxd/default/NTPv2.pcap.out        |   2 +-
 test/results/influxd/default/NTPv3.pcap.out        |   2 +-
 test/results/influxd/default/NTPv4.pcap.out        |   2 +-
 test/results/influxd/default/Oscar.pcap.out        |   2 +-
 test/results/influxd/default/TivoDVR.pcap.out      |   2 +-
 test/results/influxd/default/WebattackRCE.pcap.out |   2 +-
 .../influxd/default/WebattackSQLinj.pcap.out       |   2 +-
 test/results/influxd/default/WebattackXSS.pcap.out |   2 +-
 test/results/influxd/default/activision.pcap.out   |   2 +-
 .../results/influxd/default/adult_content.pcap.out |   2 +-
 test/results/influxd/default/afp.pcap.out          |   2 +-
 test/results/influxd/default/agora-sd-rtn.pcap.out |   2 +-
 test/results/influxd/default/ah.pcapng.out         |   2 +-
 test/results/influxd/default/ajp.pcap.out          |   2 +-
 test/results/influxd/default/alexa-app.pcapng.out  |   2 +-
 test/results/influxd/default/alicloud.pcap.out     |   2 +-
 test/results/influxd/default/among_us.pcap.out     |   2 +-
 test/results/influxd/default/amqp.pcap.out         |   2 +-
 test/results/influxd/default/android.pcap.out      |   2 +-
 .../influxd/default/anyconnect-vpn.pcap.out        |   2 +-
 test/results/influxd/default/anydesk.pcapng.out    |   2 +-
 test/results/influxd/default/avast.pcap.out        |   2 +-
 .../influxd/default/avast_securedns.pcapng.out     |   2 +-
 test/results/influxd/default/bacnet.pcap.out       |   2 +-
 .../influxd/default/bad-dns-traffic.pcap.out       |   4 +-
 test/results/influxd/default/badpackets.pcap.out   |   2 +-
 .../influxd/default/beckhoff_ads.pcapng.out        |   2 +-
 test/results/influxd/default/bets.pcapng.out       |   2 +-
 test/results/influxd/default/bfd.pcap.out          |   2 +-
 test/results/influxd/default/bitcoin.pcap.out      |   2 +-
 test/results/influxd/default/bittorrent.pcap.out   |   2 +-
 .../influxd/default/bittorrent_tcp_miss.pcapng.out |   2 +-
 .../influxd/default/bittorrent_utp.pcap.out        |   2 +-
 test/results/influxd/default/bjnp.pcap.out         |   2 +-
 test/results/influxd/default/bot.pcap.out          |   2 +-
 test/results/influxd/default/bt-dns.pcap.out       |   2 +-
 test/results/influxd/default/bt-http.pcapng.out    |   2 +-
 test/results/influxd/default/bt_search.pcap.out    |   2 +-
 test/results/influxd/default/c1222.pcapng.out      |   2 +-
 test/results/influxd/default/cachefly.pcapng.out   |   2 +-
 test/results/influxd/default/can.pcap.out          |   2 +-
 test/results/influxd/default/capwap.pcap.out       |   2 +-
 .../results/influxd/default/capwap_data.pcapng.out |   2 +-
 test/results/influxd/default/cassandra.pcap.out    |   2 +-
 test/results/influxd/default/ceph.pcap.out         |   2 +-
 test/results/influxd/default/check_mk_new.pcap.out |   2 +-
 test/results/influxd/default/chrome.pcap.out       |   2 +-
 test/results/influxd/default/cip_io.pcap.out       |   2 +-
 test/results/influxd/default/citrix.pcap.out       |   2 +-
 .../influxd/default/cloudflare-warp.pcap.out       |   2 +-
 test/results/influxd/default/coap_mqtt.pcap.out    |   2 +-
 test/results/influxd/default/collectd.pcap.out     |   2 +-
 test/results/influxd/default/corba.pcap.out        |   2 +-
 test/results/influxd/default/cpha.pcap.out         |   2 +-
 .../default/crawler_false_positive.pcapng.out      |   2 +-
 test/results/influxd/default/crynet.pcap.out       |   2 +-
 .../influxd/default/custom_categories.pcapng.out   |   2 +-
 .../influxd/default/custom_risk_mask.pcapng.out    |   2 +-
 .../influxd/default/custom_rules_ipv6.pcapng.out   |   2 +-
 .../custom_rules_same-ip_multiple_ports.pcapng.out |   2 +-
 test/results/influxd/default/dazn.pcapng.out       |   2 +-
 test/results/influxd/default/dcerpc.pcap.out       |   2 +-
 test/results/influxd/default/dhcp-fuzz.pcapng.out  |   2 +-
 test/results/influxd/default/diameter.pcap.out     |   2 +-
 test/results/influxd/default/discord.pcap.out      |   2 +-
 .../influxd/default/discord_mid_flow.pcap.out      |   2 +-
 test/results/influxd/default/dlep.pcapng.out       |   2 +-
 test/results/influxd/default/dlms.pcap.out         |   2 +-
 test/results/influxd/default/dlt_ppp.pcap.out      |   2 +-
 test/results/influxd/default/dnp3.pcap.out         |   2 +-
 test/results/influxd/default/dns-exf.pcap.out      |   2 +-
 .../influxd/default/dns-google-nsid.pcapng.out     |   2 +-
 .../influxd/default/dns-invalid-chars.pcap.out     |   2 +-
 .../influxd/default/dns-tunnel-iodine.pcap.out     |   2 +-
 test/results/influxd/default/dns.pcap.out          |   2 +-
 .../influxd/default/dns2tcp_tunnel.pcap.out        |   2 +-
 .../influxd/default/dns_ambiguous_names.pcap.out   |   2 +-
 test/results/influxd/default/dns_doh.pcap.out      |   2 +-
 test/results/influxd/default/dns_dot.pcap.out      |   2 +-
 .../influxd/default/dns_exfiltration.pcap.out      |   2 +-
 .../influxd/default/dns_fragmented.pcap.out        |   2 +-
 .../influxd/default/dns_invert_query.pcapng.out    |   2 +-
 .../influxd/default/dns_long_domainname.pcap.out   |   2 +-
 .../dnscrypt-v1-and-resolver-pings.pcap.out        |   2 +-
 .../influxd/default/dnscrypt-v2-doh.pcap.out       |   2 +-
 test/results/influxd/default/dnscrypt-v2.pcap.out  |   2 +-
 .../dnscrypt_skype_false_positive.pcapng.out       |   2 +-
 test/results/influxd/default/doh.pcapng.out        |   2 +-
 test/results/influxd/default/doq.pcapng.out        |   2 +-
 .../results/influxd/default/doq_adguard.pcapng.out |   2 +-
 .../influxd/default/dos_win98_smb_netbeui.pcap.out |   2 +-
 test/results/influxd/default/dotenv.pcap.out       |   2 +-
 test/results/influxd/default/drda_db2.pcap.out     |   2 +-
 test/results/influxd/default/dropbox.pcap.out      |   2 +-
 test/results/influxd/default/dtls.pcap.out         |   2 +-
 test/results/influxd/default/dtls2.pcap.out        |   2 +-
 .../influxd/default/dtls_certificate.pcapng.out    |   2 +-
 .../default/dtls_certificate_fragments.pcap.out    |   2 +-
 .../influxd/default/dtls_mid_sessions.pcapng.out   |   2 +-
 .../influxd/default/dtls_old_version.pcapng.out    |   2 +-
 .../dtls_session_id_and_coockie_both.pcap.out      |   2 +-
 test/results/influxd/default/edonkey.pcap.out      |   2 +-
 .../results/influxd/default/elasticsearch.pcap.out |   2 +-
 test/results/influxd/default/elf.pcap.out          |  11 +
 test/results/influxd/default/emotet.pcap.out       |   6 +-
 .../results/influxd/default/encrypted_sni.pcap.out |   2 +-
 test/results/influxd/default/epicgames.pcapng.out  |   2 +-
 test/results/influxd/default/esp.pcapng.out        |   2 +-
 test/results/influxd/default/ethereum.pcap.out     |   2 +-
 test/results/influxd/default/ethernetIP.pcap.out   |   2 +-
 test/results/influxd/default/ethersbus.pcap.out    |   2 +-
 test/results/influxd/default/ethersio.pcap.out     |   2 +-
 test/results/influxd/default/exe_download.pcap.out |   4 +-
 .../influxd/default/exe_download_as_png.pcap.out   |   2 +-
 test/results/influxd/default/facebook.pcap.out     |   2 +-
 test/results/influxd/default/fastcgi.pcap.out      |   2 +-
 test/results/influxd/default/fins.pcap.out         |   2 +-
 test/results/influxd/default/firefox.pcap.out      |   2 +-
 test/results/influxd/default/fix.pcap.out          |   2 +-
 test/results/influxd/default/fix2.pcap.out         |   2 +-
 test/results/influxd/default/flute.pcapng.out      |   2 +-
 test/results/influxd/default/forticlient.pcap.out  |   2 +-
 .../results/influxd/default/ftp-start-tls.pcap.out |   2 +-
 test/results/influxd/default/ftp.pcap.out          |   8 +-
 test/results/influxd/default/ftp_failed.pcap.out   |   2 +-
 .../influxd/default/fuzz-2006-06-26-2594.pcap.out  |   2 +-
 .../influxd/default/fuzz-2006-09-29-28586.pcap.out |   2 +-
 .../influxd/default/fuzz-2020-02-16-11740.pcap.out |   2 +-
 .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out    |   2 +-
 .../influxd/default/fuzz-2021-10-13.pcap.out       |   2 +-
 .../influxd/default/gaijin_mobile_mixed.pcap.out   |   2 +-
 .../influxd/default/gaijin_warthunder.pcap.out     |   2 +-
 test/results/influxd/default/gearman.pcap.out      |   2 +-
 test/results/influxd/default/geforcenow.pcapng.out |   2 +-
 .../influxd/default/genshin-impact.pcap.out        |   2 +-
 test/results/influxd/default/git.pcap.out          |   2 +-
 test/results/influxd/default/gnutella.pcap.out     |   4 +-
 .../results/influxd/default/google_chat.pcapng.out |   2 +-
 .../results/influxd/default/google_meet.pcapng.out |   2 +-
 test/results/influxd/default/google_ssl.pcap.out   |   2 +-
 .../influxd/default/googledns_android10.pcap.out   |   2 +-
 test/results/influxd/default/gquic.pcap.out        |   2 +-
 .../default/gquic_only_from_server.pcap.out        |   2 +-
 test/results/influxd/default/gre.pcapng.out        |   2 +-
 test/results/influxd/default/gtp_c.pcap.out        |   2 +-
 .../influxd/default/gtp_false_positive.pcapng.out  |   2 +-
 test/results/influxd/default/gtp_prime.pcapng.out  |   2 +-
 .../results/influxd/default/h323-overflow.pcap.out |   2 +-
 test/results/influxd/default/h323.pcap.out         |   2 +-
 test/results/influxd/default/h323_tcp.pcap.out     |   2 +-
 test/results/influxd/default/haproxy.pcap.out      |   2 +-
 test/results/influxd/default/hart_ip.pcap.out      |   2 +-
 .../default/heuristic_tcp_ack_payload.pcap.out     |   2 +-
 test/results/influxd/default/hislip.pcap.out       |   2 +-
 test/results/influxd/default/hl7.pcap.out          |   2 +-
 test/results/influxd/default/hots.pcapng.out       |   2 +-
 test/results/influxd/default/hpvirtgrp.pcap.out    |   2 +-
 test/results/influxd/default/hsrp0.pcap.out        |   2 +-
 test/results/influxd/default/hsrp2.pcap.out        |   2 +-
 test/results/influxd/default/hsrp2_ipv6.pcapng.out |   2 +-
 .../http-crash-content-disposition.pcap.out        |   2 +-
 .../influxd/default/http-lines-split.pcap.out      |   2 +-
 .../influxd/default/http-manipulated.pcap.out      |   2 +-
 test/results/influxd/default/http-proxy.pcapng.out |   2 +-
 test/results/influxd/default/http.pcapng.out       |   2 +-
 test/results/influxd/default/http2.pcapng.out      |   2 +-
 .../influxd/default/http_asymmetric.pcapng.out     |   2 +-
 test/results/influxd/default/http_auth.pcap.out    |   2 +-
 test/results/influxd/default/http_connect.pcap.out |   2 +-
 .../http_guessed_host_and_guessed.pcapng.out       |   2 +-
 .../influxd/default/http_invalid_server.pcap.out   |   2 +-
 test/results/influxd/default/http_ipv6.pcap.out    |   2 +-
 .../influxd/default/http_on_sip_port.pcap.out      |   2 +-
 .../http_origin_different_than_host.pcap.out       |   2 +-
 .../default/http_starting_with_reply.pcapng.out    |   2 +-
 .../http_ua_splitted_in_two_pkts.pcapng.out        |   2 +-
 test/results/influxd/default/i3d.pcap.out          |   2 +-
 test/results/influxd/default/iax.pcap.out          |   2 +-
 test/results/influxd/default/icmp-tunnel.pcap.out  |   2 +-
 .../influxd/default/iec60780-5-104.pcap.out        |   2 +-
 test/results/influxd/default/ieee_c37118.pcap.out  |   2 +-
 .../results/influxd/default/imap-starttls.pcap.out |   2 +-
 test/results/influxd/default/imap.pcap.out         |   2 +-
 test/results/influxd/default/imaps.pcap.out        |   2 +-
 test/results/influxd/default/imo.pcap.out          |   2 +-
 test/results/influxd/default/instagram.pcap.out    |   2 +-
 .../influxd/default/ip_fragmented_garbage.pcap.out |   2 +-
 test/results/influxd/default/iphone.pcap.out       |   2 +-
 test/results/influxd/default/ipp.pcap.out          |   2 +-
 .../influxd/default/ipsec_isakmp_esp.pcap.out      |   2 +-
 test/results/influxd/default/ipv6_in_gtp.pcap.out  |   2 +-
 test/results/influxd/default/irc.pcap.out          |   2 +-
 .../results/influxd/default/iso9506-1-mms.pcap.out |   2 +-
 .../default/ja3_lots_of_cipher_suites.pcap.out     |   2 +-
 .../ja3_lots_of_cipher_suites_2_anon.pcap.out      |   2 +-
 test/results/influxd/default/jabber.pcap.out       |   2 +-
 test/results/influxd/default/jsonrpc.pcap.out      |   2 +-
 test/results/influxd/default/kafka.pcapng.out      |   2 +-
 test/results/influxd/default/kcp.pcap.out          |   2 +-
 .../influxd/default/kerberos-error.pcap.out        |   2 +-
 .../influxd/default/kerberos-login.pcap.out        |   2 +-
 test/results/influxd/default/kerberos.pcap.out     |   2 +-
 .../influxd/default/kerberos_fuzz.pcapng.out       |   2 +-
 test/results/influxd/default/kismet.pcap.out       |   2 +-
 test/results/influxd/default/kontiki.pcap.out      |   2 +-
 test/results/influxd/default/line.pcap.out         |   2 +-
 .../influxd/default/linecall_falsepositve.pcap.out |   2 +-
 .../influxd/default/lisp_registration.pcap.out     |   2 +-
 .../influxd/default/log4j-webapp-exploit.pcap.out  |   2 +-
 .../influxd/default/lol_wild_rift_udp.pcap.out     |   2 +-
 .../influxd/default/long_tls_certificate.pcap.out  |   2 +-
 .../influxd/default/lru_ipv6_caches.pcapng.out     |  10 +-
 .../results/influxd/default/malformed_dns.pcap.out |   2 +-
 .../influxd/default/malformed_icmp.pcap.out        |   2 +-
 test/results/influxd/default/malware.pcap.out      |   2 +-
 test/results/influxd/default/memcached.cap.out     |   2 +-
 .../results/influxd/default/merakicloud.pcapng.out |   2 +-
 test/results/influxd/default/mgcp.pcap.out         |   2 +-
 test/results/influxd/default/mining.pcapng.out     |   2 +-
 test/results/influxd/default/modbus.pcap.out       |   2 +-
 test/results/influxd/default/monero.pcap.out       |   2 +-
 .../default/mongo_false_positive.pcapng.out        |   2 +-
 test/results/influxd/default/mongodb.pcap.out      |   2 +-
 test/results/influxd/default/mpeg-dash.pcap.out    |   2 +-
 test/results/influxd/default/mpeg.pcap.out         |   2 +-
 test/results/influxd/default/mpegts.pcap.out       |   2 +-
 test/results/influxd/default/mqtt.pcap.out         |   2 +-
 test/results/influxd/default/mssql_tds.pcap.out    |   2 +-
 test/results/influxd/default/mullvad_dns.pcap.out  |   2 +-
 .../influxd/default/mullvad_wireguard.pcap.out     |   2 +-
 test/results/influxd/default/mumble.pcapng.out     |   2 +-
 test/results/influxd/default/munin.pcap.out        |   2 +-
 test/results/influxd/default/mysql.pcapng.out      |   2 +-
 test/results/influxd/default/natpmp.pcap.out       |   2 +-
 test/results/influxd/default/nats.pcap.out         |   2 +-
 ...ndpi_match_string_subprotocol__error.pcapng.out |   2 +-
 .../results/influxd/default/nest_log_sink.pcap.out |   2 +-
 test/results/influxd/default/netbios.pcap.out      |   2 +-
 .../default/netbios_wildcard_dns_query.pcap.out    |   2 +-
 .../influxd/default/netease_games.pcapng.out       |   2 +-
 test/results/influxd/default/netflix.pcap.out      |   6 +-
 .../results/influxd/default/netflow-fritz.pcap.out |   2 +-
 test/results/influxd/default/netflowv9.pcap.out    |   2 +-
 test/results/influxd/default/nfsv2.pcap.out        |   2 +-
 test/results/influxd/default/nfsv3.pcap.out        |   2 +-
 test/results/influxd/default/nintendo.pcap.out     |   2 +-
 test/results/influxd/default/nntp.pcap.out         |   2 +-
 test/results/influxd/default/no_sni.pcap.out       |   2 +-
 test/results/influxd/default/nomachine.pcapng.out  |   2 +-
 test/results/influxd/default/ocs.pcap.out          |   2 +-
 test/results/influxd/default/ocsp.pcapng.out       |   2 +-
 test/results/influxd/default/oicq.pcap.out         |   2 +-
 test/results/influxd/default/ookla.pcap.out        |   2 +-
 test/results/influxd/default/opc-ua.pcap.out       |   2 +-
 test/results/influxd/default/openflow.pcap.out     |   2 +-
 .../influxd/default/openvpn-tlscrypt.pcap.out      |   2 +-
 test/results/influxd/default/openvpn.pcap.out      |   2 +-
 .../influxd/default/openvpn_nohmac.pcapng.out      |   2 +-
 .../influxd/default/openvpn_nohmac_tcp.pcapng.out  |   2 +-
 test/results/influxd/default/opera-vpn.pcapng.out  |   2 +-
 test/results/influxd/default/oracle12.pcapng.out   |   2 +-
 .../results/influxd/default/os_detected.pcapng.out |   2 +-
 .../influxd/default/ospfv2_add_new_prefix.pcap.out |   2 +-
 .../default/ossfuzz_seed_fake_traces_1.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_2.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_3.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_4.pcapng.out  |   2 +-
 .../influxd/default/path_of_exile.pcapng.out       |   2 +-
 test/results/influxd/default/pfcp.pcapng.out       |   2 +-
 test/results/influxd/default/pgm.pcap.out          |   2 +-
 test/results/influxd/default/pgsql.pcap.out        |   2 +-
 test/results/influxd/default/pia.pcap.out          |   2 +-
 test/results/influxd/default/pim.pcap.out          |   2 +-
 test/results/influxd/default/pinterest.pcap.out    |   2 +-
 test/results/influxd/default/pluralsight.pcap.out  |   2 +-
 test/results/influxd/default/pop3.pcap.out         |   2 +-
 test/results/influxd/default/pop3_stls.pcap.out    |   2 +-
 test/results/influxd/default/pops.pcapng.out       |   2 +-
 .../influxd/default/portable_executable.pcap.out   |  11 +
 test/results/influxd/default/pps.pcap.out          |   6 +-
 test/results/influxd/default/pptp.pcap.out         |   2 +-
 .../influxd/default/profinet-io-le.pcap.out        |   2 +-
 test/results/influxd/default/protobuf.pcap.out     |   2 +-
 test/results/influxd/default/protonvpn.pcap.out    |   2 +-
 test/results/influxd/default/psiphon3.pcap.out     |   2 +-
 test/results/influxd/default/ptpv2.pcap.out        |   2 +-
 test/results/influxd/default/punycode-idn.pcap.out |   2 +-
 test/results/influxd/default/quic-23.pcap.out      |   2 +-
 test/results/influxd/default/quic-24.pcap.out      |   2 +-
 test/results/influxd/default/quic-27.pcap.out      |   2 +-
 test/results/influxd/default/quic-28.pcap.out      |   2 +-
 test/results/influxd/default/quic-29.pcap.out      |   2 +-
 test/results/influxd/default/quic-33.pcapng.out    |   2 +-
 test/results/influxd/default/quic-34.pcap.out      |   2 +-
 .../default/quic-forcing-vn-with-data.pcapng.out   |   2 +-
 .../influxd/default/quic-fuzz-overflow.pcapng.out  |   2 +-
 .../results/influxd/default/quic-mvfst-22.pcap.out |   2 +-
 .../quic-mvfst-22_decryption_error.pcap.out        |   2 +-
 .../influxd/default/quic-mvfst-27.pcapng.out       |   2 +-
 .../influxd/default/quic-mvfst-exp.pcap.out        |   2 +-
 test/results/influxd/default/quic-v2.pcapng.out    |   2 +-
 test/results/influxd/default/quic.pcap.out         |   2 +-
 test/results/influxd/default/quic046.pcap.out      |   2 +-
 test/results/influxd/default/quic_0RTT.pcap.out    |   2 +-
 .../results/influxd/default/quic_cc_ack.pcapng.out |   2 +-
 .../default/quic_crypto_aes_auth_size.pcap.out     |   2 +-
 .../quic_frags_ch_in_multiple_packets.pcapng.out   |   2 +-
 ...h_out_of_order_same_packet_craziness.pcapng.out |   2 +-
 .../default/quic_frags_different_dcid.pcapng.out   |   2 +-
 .../influxd/default/quic_interop_V.pcapng.out      |   2 +-
 test/results/influxd/default/quic_q39.pcap.out     |   2 +-
 test/results/influxd/default/quic_q43.pcap.out     |   2 +-
 test/results/influxd/default/quic_q46.pcap.out     |   2 +-
 test/results/influxd/default/quic_q46_b.pcap.out   |   2 +-
 test/results/influxd/default/quic_q50.pcap.out     |   2 +-
 test/results/influxd/default/quic_t50.pcap.out     |   2 +-
 test/results/influxd/default/quic_t51.pcap.out     |   2 +-
 test/results/influxd/default/quickplay.pcap.out    |   6 +-
 .../default/radius_false_positive.pcapng.out       |   2 +-
 test/results/influxd/default/radmin3.pcapng.out    |   2 +-
 test/results/influxd/default/raft.pcap.out         |   2 +-
 test/results/influxd/default/raknet.pcap.out       |   2 +-
 test/results/influxd/default/rdp.pcap.out          |   2 +-
 test/results/influxd/default/rdp2.pcap.out         |   2 +-
 test/results/influxd/default/rdp3.pcap.out         |   2 +-
 .../influxd/default/reasm_crash_anon.pcapng.out    |   2 +-
 .../influxd/default/reasm_segv_anon.pcapng.out     |   2 +-
 test/results/influxd/default/reddit.pcap.out       |   2 +-
 test/results/influxd/default/resp.pcap.out         |   2 +-
 test/results/influxd/default/riot.pcapng.out       |   2 +-
 test/results/influxd/default/riotgames.pcap.out    |   2 +-
 test/results/influxd/default/rmcp.pcap.out         |   2 +-
 test/results/influxd/default/roblox.pcapng.out     |   2 +-
 test/results/influxd/default/roughtime.pcap.out    |   2 +-
 .../default/rsh-syslog-false-positive.pcap.out     |   2 +-
 test/results/influxd/default/rsh.pcap.out          |   2 +-
 test/results/influxd/default/rsync.pcap.out        |   2 +-
 ...tcp_multiple_pkts_in_the_same_datagram.pcap.out |   2 +-
 test/results/influxd/default/rtmp.pcap.out         |   2 +-
 test/results/influxd/default/rtp.pcapng.out        |   2 +-
 test/results/influxd/default/rtps.pcap.out         |   2 +-
 test/results/influxd/default/rtsp.pcap.out         |   2 +-
 .../influxd/default/rtsp_setup_http.pcapng.out     |   2 +-
 test/results/influxd/default/rx.pcap.out           |   2 +-
 test/results/influxd/default/s7comm-plus.pcap.out  |   2 +-
 test/results/influxd/default/s7comm.pcap.out       |   2 +-
 test/results/influxd/default/safari.pcap.out       |   2 +-
 test/results/influxd/default/salesforce.pcap.out   |   2 +-
 .../default/sccp_hw_conf_register.pcapng.out       |   2 +-
 test/results/influxd/default/sctp.cap.out          |   2 +-
 test/results/influxd/default/selfsigned.pcap.out   |   2 +-
 test/results/influxd/default/sflow.pcap.out        |   2 +-
 test/results/influxd/default/shadowsocks.pcap.out  |   2 +-
 test/results/influxd/default/shell.pcap.out        |  11 +
 test/results/influxd/default/signal.pcap.out       |   2 +-
 .../influxd/default/simple-dnscrypt.pcap.out       |   2 +-
 test/results/influxd/default/sip.pcap.out          |   2 +-
 test/results/influxd/default/sip_hello.pcapng.out  |   2 +-
 test/results/influxd/default/sites.pcapng.out      |   2 +-
 test/results/influxd/default/skinny.pcap.out       |   2 +-
 .../influxd/default/skype-conference-call.pcap.out |   2 +-
 .../influxd/default/smb_deletefile.pcap.out        |   2 +-
 test/results/influxd/default/smb_frags.pcap.out    |   2 +-
 test/results/influxd/default/smbv1.pcap.out        |   2 +-
 .../influxd/default/smpp_in_general.pcap.out       |   2 +-
 .../results/influxd/default/smtp-starttls.pcap.out |   2 +-
 test/results/influxd/default/smtp.pcap.out         |   2 +-
 test/results/influxd/default/smtps.pcapng.out      |   2 +-
 test/results/influxd/default/snapchat.pcap.out     |   2 +-
 .../influxd/default/snapchat_call.pcapng.out       |   2 +-
 .../influxd/default/snapchat_call_v1.pcapng.out    |   2 +-
 test/results/influxd/default/snmp.pcap.out         |   2 +-
 test/results/influxd/default/soap.pcap.out         |   2 +-
 test/results/influxd/default/socks.pcap.out        |   2 +-
 test/results/influxd/default/softether.pcap.out    |   2 +-
 test/results/influxd/default/someip-tp.pcap.out    |   2 +-
 .../default/someip-udp-method-call.pcapng.out      |   2 +-
 .../influxd/default/someip_sd_sample.pcap.out      |   2 +-
 .../results/influxd/default/source_engine.pcap.out |   2 +-
 test/results/influxd/default/spotify_tcp.pcap.out  |   2 +-
 .../results/influxd/default/sql_injection.pcap.out |   2 +-
 test/results/influxd/default/srvloc-v1.pcapng.out  |   2 +-
 test/results/influxd/default/srvloc.pcap.out       |   2 +-
 .../influxd/default/ssdp-m-search-ua.pcap.out      |   2 +-
 .../results/influxd/default/ssdp-m-search.pcap.out |   2 +-
 test/results/influxd/default/ssh.pcap.out          |   2 +-
 .../default/ssl-cert-name-mismatch.pcap.out        |   2 +-
 .../influxd/default/starcraft_battle.pcap.out      |   6 +-
 test/results/influxd/default/steam.pcapng.out      |   2 +-
 test/results/influxd/default/stomp.pcapng.out      |   2 +-
 test/results/influxd/default/stun.pcap.out         |   2 +-
 test/results/influxd/default/stun_classic.pcap.out |   2 +-
 .../influxd/default/stun_dtls_rtp.pcapng.out       |   2 +-
 .../default/stun_dtls_rtp_unidir.pcapng.out        |   2 +-
 .../stun_dtls_unidirectional_client.pcap.out       |   2 +-
 .../stun_dtls_unidirectional_server.pcap.out       |   2 +-
 .../influxd/default/stun_google_meet.pcapng.out    |   2 +-
 .../influxd/default/stun_msteams_unidir.pcapng.out |   2 +-
 .../results/influxd/default/stun_signal.pcapng.out |  10 +-
 .../stun_tcp_multiple_msgs_same_pkt.pcap.out       |   2 +-
 .../influxd/default/stun_wa_call.pcapng.out        |   8 +-
 test/results/influxd/default/stun_zoom.pcapng.out  |   2 +-
 test/results/influxd/default/syncthing.pcap.out    |   2 +-
 test/results/influxd/default/synscan.pcap.out      |   2 +-
 test/results/influxd/default/syslog.pcap.out       |   2 +-
 test/results/influxd/default/tailscale.pcap.out    |   2 +-
 .../targusdataspeed_false_positives.pcap.out       |   2 +-
 test/results/influxd/default/tcp_scan.pcapng.out   |   2 +-
 test/results/influxd/default/teams.pcap.out        |  10 +-
 test/results/influxd/default/teamspeak3.pcap.out   |   2 +-
 test/results/influxd/default/teamviewer.pcap.out   |   2 +-
 test/results/influxd/default/telegram.pcap.out     |   2 +-
 .../influxd/default/telegram_videocall.pcapng.out  |   8 +-
 test/results/influxd/default/telnet.pcap.out       |   2 +-
 .../results/influxd/default/tencent_games.pcap.out |   2 +-
 test/results/influxd/default/teredo.pcap.out       |   2 +-
 test/results/influxd/default/tftp.pcap.out         |   2 +-
 test/results/influxd/default/threema.pcap.out      |   2 +-
 test/results/influxd/default/thrift.pcap.out       |   2 +-
 test/results/influxd/default/tinc.pcap.out         |   2 +-
 test/results/influxd/default/tk.pcap.out           |   2 +-
 test/results/influxd/default/tls-appdata.pcap.out  |   2 +-
 .../influxd/default/tls-esni-fuzzed.pcap.out       |   2 +-
 .../influxd/default/tls-rdn-extract.pcap.out       |   2 +-
 .../influxd/default/tls_2_reasms.pcapng.out        |   2 +-
 .../influxd/default/tls_2_reasms_b.pcapng.out      |   2 +-
 test/results/influxd/default/tls_alert.pcap.out    |   2 +-
 .../default/tls_certificate_too_long.pcap.out      |   6 +-
 .../influxd/default/tls_cipher_lens.pcap.out       |   2 +-
 ..._certificate_with_missing_server_one.pcapng.out |   2 +-
 test/results/influxd/default/tls_ech.pcapng.out    |   2 +-
 .../influxd/default/tls_esni_sni_both.pcap.out     |   2 +-
 .../influxd/default/tls_false_positives.pcapng.out |   2 +-
 .../influxd/default/tls_invalid_reads.pcap.out     |   2 +-
 .../results/influxd/default/tls_long_cert.pcap.out |   2 +-
 .../influxd/default/tls_malicious_sha1.pcapng.out  |   2 +-
 .../influxd/default/tls_missing_ch_frag.pcap.out   |   2 +-
 .../tls_multiple_synack_different_seq.pcapng.out   |   2 +-
 .../results/influxd/default/tls_port_80.pcapng.out |   2 +-
 .../results/influxd/default/tls_torrent.pcapng.out |   2 +-
 .../influxd/default/tls_unidirectional.pcap.out    |   2 +-
 .../default/tls_verylong_certificate.pcap.out      |   2 +-
 test/results/influxd/default/toca-boca.pcap.out    |   2 +-
 test/results/influxd/default/tor.pcap.out          |   2 +-
 test/results/influxd/default/tplink_shp.pcap.out   |   2 +-
 test/results/influxd/default/trickbot.pcap.out     |   2 +-
 test/results/influxd/default/tumblr.pcap.out       |   2 +-
 test/results/influxd/default/tunnelbear.pcap.out   |   2 +-
 test/results/influxd/default/tuya_lp.pcap.out      |   2 +-
 test/results/influxd/default/ubntac2.pcap.out      |   2 +-
 test/results/influxd/default/uftp_v4_v5.pcap.out   |   2 +-
 test/results/influxd/default/ultrasurf.pcap.out    |   2 +-
 test/results/influxd/default/umas.pcap.out         |   2 +-
 test/results/influxd/default/upnp.pcap.out         |   2 +-
 test/results/influxd/default/viber.pcap.out        |   2 +-
 test/results/influxd/default/vk.pcapng.out         |   2 +-
 test/results/influxd/default/vnc.pcap.out          |   2 +-
 test/results/influxd/default/vrrp3.pcapng.out      |   2 +-
 test/results/influxd/default/vxlan.pcap.out        |   2 +-
 test/results/influxd/default/wa_video.pcap.out     |  10 +-
 test/results/influxd/default/wa_voice.pcap.out     |   8 +-
 test/results/influxd/default/waze.pcap.out         |   6 +-
 test/results/influxd/default/webdav.pcap.out       |   2 +-
 test/results/influxd/default/webex.pcap.out        |   2 +-
 test/results/influxd/default/websocket.pcap.out    |   2 +-
 test/results/influxd/default/wechat.pcap.out       |   2 +-
 test/results/influxd/default/weibo.pcap.out        |   2 +-
 test/results/influxd/default/whatsapp.pcap.out     |   2 +-
 .../influxd/default/whatsapp_login_call.pcap.out   |   8 +-
 .../influxd/default/whatsapp_login_chat.pcap.out   |   2 +-
 .../default/whatsapp_voice_and_message.pcap.out    |   2 +-
 .../results/influxd/default/whatsappfiles.pcap.out |   2 +-
 test/results/influxd/default/whois.pcapng.out      |   2 +-
 .../default/windowsupdate_over_http.pcap.out       |   6 +-
 test/results/influxd/default/wireguard.pcap.out    |   2 +-
 test/results/influxd/default/wow.pcap.out          |   2 +-
 test/results/influxd/default/xdmcp.pcap.out        |   2 +-
 test/results/influxd/default/xiaomi.pcap.out       |   2 +-
 test/results/influxd/default/xss.pcap.out          |   2 +-
 test/results/influxd/default/yandex.pcapng.out     |   2 +-
 test/results/influxd/default/yojimbo.pcap.out      |   2 +-
 test/results/influxd/default/youtube_quic.pcap.out |   2 +-
 .../results/influxd/default/youtubeupload.pcap.out |   2 +-
 test/results/influxd/default/z3950.pcapng.out      |   2 +-
 test/results/influxd/default/zabbix.pcap.out       |   2 +-
 test/results/influxd/default/zattoo.pcap.out       |   2 +-
 test/results/influxd/default/zoom.pcap.out         |   2 +-
 test/results/influxd/default/zoom2.pcap.out        |   2 +-
 test/results/influxd/default/zoom_p2p.pcapng.out   |   2 +-
 .../influxd/disable_aggressiveness/ookla.pcap.out  |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../disable_protocols/dns_long_domainname.pcap.out |   2 +-
 .../influxd/disable_protocols/pluralsight.pcap.out |   2 +-
 .../disable_protocols/quic-mvfst-27.pcapng.out     |   2 +-
 .../influxd/disable_protocols/soap.pcap.out        |   2 +-
 .../dns_process_response_disable/dns.pcap.out      |   2 +-
 .../dns.pcap.out                                   |   2 +-
 .../dns_subclassification_disable/dns.pcap.out     |   2 +-
 .../influxd/enable_doh_heuristic/doh.pcapng.out    |   2 +-
 .../influxd/enable_payload_stat/1kxun.pcap.out     |   6 +-
 .../flow_risk_lists_disable/protonvpn.pcap.out     |   2 +-
 .../influxd/guessing_disable/webex.pcap.out        |   2 +-
 .../http_process_response_disable/http.pcapng.out  |   2 +-
 .../http_asymmetric.pcapng.out                     |   2 +-
 .../influxd/ip_lists_disable/1kxun.pcap.out        |   6 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../stun_dtls_rtp_unidir.pcapng.out                |   2 +-
 .../stun_extra_dissection/stun_zoom.pcapng.out     |   2 +-
 .../stun_mapped_address_disabled/teams.pcap.out    |  11 +
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 test/results/ip_lists_disable/1kxun.pcap.out       |  20 +-
 .../tls_verylong_certificate.pcap.out              |  10 +-
 test/results/stats/caches_cfg/ookla.pcap.out       |   2 +-
 test/results/stats/caches_cfg/teams.pcap.out       |  16 +-
 .../stats/caches_global/bittorrent.pcap.out        |   2 +-
 .../stats/caches_global/lru_ipv6_caches.pcapng.out |  12 +-
 test/results/stats/caches_global/mining.pcapng.out |   2 +-
 test/results/stats/caches_global/ookla.pcap.out    |   2 +-
 test/results/stats/caches_global/teams.pcap.out    |  16 +-
 .../stats/caches_global/zoom_p2p.pcapng.out        |   2 +-
 test/results/stats/default/1kxun.pcap.out          |  10 +-
 test/results/stats/default/443-chrome.pcap.out     |   2 +-
 test/results/stats/default/443-curl.pcap.out       |   2 +-
 test/results/stats/default/443-firefox.pcap.out    |   2 +-
 test/results/stats/default/443-git.pcap.out        |   2 +-
 test/results/stats/default/443-opvn.pcap.out       |   2 +-
 test/results/stats/default/443-safari.pcap.out     |   2 +-
 test/results/stats/default/4in4tunnel.pcap.out     |   2 +-
 test/results/stats/default/4in6tunnel.pcap.out     |   2 +-
 test/results/stats/default/6in4tunnel.pcap.out     |   2 +-
 test/results/stats/default/6in6tunnel.pcap.out     |   2 +-
 .../stats/default/BGP_Cisco_hdlc_slarp.pcap.out    |   2 +-
 test/results/stats/default/BGP_redist.pcap.out     |   2 +-
 test/results/stats/default/EAQ.pcap.out            |   2 +-
 .../default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out  |   2 +-
 test/results/stats/default/IEC104.pcap.out         |   2 +-
 test/results/stats/default/KakaoTalk_chat.pcap.out |   2 +-
 test/results/stats/default/KakaoTalk_talk.pcap.out |   2 +-
 test/results/stats/default/NTPv2.pcap.out          |   2 +-
 test/results/stats/default/NTPv3.pcap.out          |   2 +-
 test/results/stats/default/NTPv4.pcap.out          |   2 +-
 test/results/stats/default/Oscar.pcap.out          |   2 +-
 test/results/stats/default/TivoDVR.pcap.out        |   2 +-
 test/results/stats/default/WebattackRCE.pcap.out   |   2 +-
 .../results/stats/default/WebattackSQLinj.pcap.out |   2 +-
 test/results/stats/default/WebattackXSS.pcap.out   |   2 +-
 test/results/stats/default/activision.pcap.out     |   2 +-
 test/results/stats/default/adult_content.pcap.out  |   2 +-
 test/results/stats/default/afp.pcap.out            |   2 +-
 test/results/stats/default/agora-sd-rtn.pcap.out   |   2 +-
 test/results/stats/default/ah.pcapng.out           |   2 +-
 test/results/stats/default/ajp.pcap.out            |   2 +-
 test/results/stats/default/alexa-app.pcapng.out    |   2 +-
 test/results/stats/default/alicloud.pcap.out       |   2 +-
 test/results/stats/default/among_us.pcap.out       |   2 +-
 test/results/stats/default/amqp.pcap.out           |   2 +-
 test/results/stats/default/android.pcap.out        |   2 +-
 test/results/stats/default/anyconnect-vpn.pcap.out |   2 +-
 test/results/stats/default/anydesk.pcapng.out      |   2 +-
 test/results/stats/default/avast.pcap.out          |   2 +-
 .../stats/default/avast_securedns.pcapng.out       |   2 +-
 test/results/stats/default/bacnet.pcap.out         |   2 +-
 .../results/stats/default/bad-dns-traffic.pcap.out |   6 +-
 test/results/stats/default/badpackets.pcap.out     |   2 +-
 test/results/stats/default/beckhoff_ads.pcapng.out |   2 +-
 test/results/stats/default/bets.pcapng.out         |   2 +-
 test/results/stats/default/bfd.pcap.out            |   2 +-
 test/results/stats/default/bitcoin.pcap.out        |   2 +-
 test/results/stats/default/bittorrent.pcap.out     |   2 +-
 .../stats/default/bittorrent_tcp_miss.pcapng.out   |   2 +-
 test/results/stats/default/bittorrent_utp.pcap.out |   2 +-
 test/results/stats/default/bjnp.pcap.out           |   2 +-
 test/results/stats/default/bot.pcap.out            |   2 +-
 test/results/stats/default/bt-dns.pcap.out         |   2 +-
 test/results/stats/default/bt-http.pcapng.out      |   2 +-
 test/results/stats/default/bt_search.pcap.out      |   2 +-
 test/results/stats/default/c1222.pcapng.out        |   2 +-
 test/results/stats/default/cachefly.pcapng.out     |   2 +-
 test/results/stats/default/can.pcap.out            |   2 +-
 test/results/stats/default/capwap.pcap.out         |   2 +-
 test/results/stats/default/capwap_data.pcapng.out  |   2 +-
 test/results/stats/default/cassandra.pcap.out      |   2 +-
 test/results/stats/default/ceph.pcap.out           |   2 +-
 test/results/stats/default/check_mk_new.pcap.out   |   2 +-
 test/results/stats/default/chrome.pcap.out         |   2 +-
 test/results/stats/default/cip_io.pcap.out         |   2 +-
 test/results/stats/default/citrix.pcap.out         |   2 +-
 .../results/stats/default/cloudflare-warp.pcap.out |   2 +-
 test/results/stats/default/coap_mqtt.pcap.out      |   2 +-
 test/results/stats/default/collectd.pcap.out       |   2 +-
 test/results/stats/default/corba.pcap.out          |   2 +-
 test/results/stats/default/cpha.pcap.out           |   2 +-
 .../default/crawler_false_positive.pcapng.out      |   2 +-
 test/results/stats/default/crynet.pcap.out         |   2 +-
 .../stats/default/custom_categories.pcapng.out     |   2 +-
 .../stats/default/custom_risk_mask.pcapng.out      |   2 +-
 .../stats/default/custom_rules_ipv6.pcapng.out     |   2 +-
 .../custom_rules_same-ip_multiple_ports.pcapng.out |   2 +-
 test/results/stats/default/dazn.pcapng.out         |   2 +-
 test/results/stats/default/dcerpc.pcap.out         |   2 +-
 test/results/stats/default/dhcp-fuzz.pcapng.out    |   2 +-
 test/results/stats/default/diameter.pcap.out       |   2 +-
 test/results/stats/default/discord.pcap.out        |   2 +-
 .../stats/default/discord_mid_flow.pcap.out        |   2 +-
 test/results/stats/default/dlep.pcapng.out         |   2 +-
 test/results/stats/default/dlms.pcap.out           |   2 +-
 test/results/stats/default/dlt_ppp.pcap.out        |   2 +-
 test/results/stats/default/dnp3.pcap.out           |   2 +-
 test/results/stats/default/dns-exf.pcap.out        |   4 +-
 .../stats/default/dns-google-nsid.pcapng.out       |   2 +-
 .../stats/default/dns-invalid-chars.pcap.out       |   2 +-
 .../stats/default/dns-tunnel-iodine.pcap.out       |   4 +-
 test/results/stats/default/dns.pcap.out            |   2 +-
 test/results/stats/default/dns2tcp_tunnel.pcap.out |   2 +-
 .../stats/default/dns_ambiguous_names.pcap.out     |   2 +-
 test/results/stats/default/dns_doh.pcap.out        |   2 +-
 test/results/stats/default/dns_dot.pcap.out        |   2 +-
 .../stats/default/dns_exfiltration.pcap.out        |   2 +-
 test/results/stats/default/dns_fragmented.pcap.out |   2 +-
 .../stats/default/dns_invert_query.pcapng.out      |   2 +-
 .../stats/default/dns_long_domainname.pcap.out     |   2 +-
 .../dnscrypt-v1-and-resolver-pings.pcap.out        |   2 +-
 .../results/stats/default/dnscrypt-v2-doh.pcap.out |   2 +-
 test/results/stats/default/dnscrypt-v2.pcap.out    |   2 +-
 .../dnscrypt_skype_false_positive.pcapng.out       |   2 +-
 test/results/stats/default/doh.pcapng.out          |   2 +-
 test/results/stats/default/doq.pcapng.out          |   2 +-
 test/results/stats/default/doq_adguard.pcapng.out  |   2 +-
 .../stats/default/dos_win98_smb_netbeui.pcap.out   |   2 +-
 test/results/stats/default/dotenv.pcap.out         |   2 +-
 test/results/stats/default/drda_db2.pcap.out       |   2 +-
 test/results/stats/default/dropbox.pcap.out        |   2 +-
 test/results/stats/default/dtls.pcap.out           |   2 +-
 test/results/stats/default/dtls2.pcap.out          |   2 +-
 .../stats/default/dtls_certificate.pcapng.out      |   2 +-
 .../default/dtls_certificate_fragments.pcap.out    |   2 +-
 .../stats/default/dtls_mid_sessions.pcapng.out     |   2 +-
 .../stats/default/dtls_old_version.pcapng.out      |   2 +-
 .../dtls_session_id_and_coockie_both.pcap.out      |   2 +-
 test/results/stats/default/edonkey.pcap.out        |   2 +-
 test/results/stats/default/elasticsearch.pcap.out  |   2 +-
 test/results/stats/default/elf.pcap.out            | 169 +++++
 test/results/stats/default/emotet.pcap.out         |   6 +-
 test/results/stats/default/encrypted_sni.pcap.out  |   2 +-
 test/results/stats/default/epicgames.pcapng.out    |   2 +-
 test/results/stats/default/esp.pcapng.out          |   2 +-
 test/results/stats/default/ethereum.pcap.out       |   2 +-
 test/results/stats/default/ethernetIP.pcap.out     |   2 +-
 test/results/stats/default/ethersbus.pcap.out      |   2 +-
 test/results/stats/default/ethersio.pcap.out       |   2 +-
 test/results/stats/default/exe_download.pcap.out   |   4 +-
 .../stats/default/exe_download_as_png.pcap.out     |   2 +-
 test/results/stats/default/facebook.pcap.out       |   2 +-
 test/results/stats/default/fastcgi.pcap.out        |   2 +-
 test/results/stats/default/fins.pcap.out           |   2 +-
 test/results/stats/default/firefox.pcap.out        |   2 +-
 test/results/stats/default/fix.pcap.out            |   2 +-
 test/results/stats/default/fix2.pcap.out           |   2 +-
 test/results/stats/default/flute.pcapng.out        |   2 +-
 test/results/stats/default/forticlient.pcap.out    |   2 +-
 test/results/stats/default/ftp-start-tls.pcap.out  |   2 +-
 test/results/stats/default/ftp.pcap.out            |   8 +-
 test/results/stats/default/ftp_failed.pcap.out     |   2 +-
 .../stats/default/fuzz-2006-06-26-2594.pcap.out    |   2 +-
 .../stats/default/fuzz-2006-09-29-28586.pcap.out   |   2 +-
 .../stats/default/fuzz-2020-02-16-11740.pcap.out   |   2 +-
 .../default/fuzz-2021-06-07-c6c72a0a56.pcap.out    |   2 +-
 .../results/stats/default/fuzz-2021-10-13.pcap.out |   2 +-
 .../stats/default/gaijin_mobile_mixed.pcap.out     |   2 +-
 .../stats/default/gaijin_warthunder.pcap.out       |   2 +-
 test/results/stats/default/gearman.pcap.out        |   2 +-
 test/results/stats/default/geforcenow.pcapng.out   |   2 +-
 test/results/stats/default/genshin-impact.pcap.out |   2 +-
 test/results/stats/default/git.pcap.out            |   2 +-
 test/results/stats/default/gnutella.pcap.out       |   4 +-
 test/results/stats/default/google_chat.pcapng.out  |   2 +-
 test/results/stats/default/google_meet.pcapng.out  |   2 +-
 test/results/stats/default/google_ssl.pcap.out     |   2 +-
 .../stats/default/googledns_android10.pcap.out     |   2 +-
 test/results/stats/default/gquic.pcap.out          |   2 +-
 .../stats/default/gquic_only_from_server.pcap.out  |   2 +-
 test/results/stats/default/gre.pcapng.out          |   2 +-
 test/results/stats/default/gtp_c.pcap.out          |   2 +-
 .../stats/default/gtp_false_positive.pcapng.out    |   2 +-
 test/results/stats/default/gtp_prime.pcapng.out    |   2 +-
 test/results/stats/default/h323-overflow.pcap.out  |   2 +-
 test/results/stats/default/h323.pcap.out           |   2 +-
 test/results/stats/default/h323_tcp.pcap.out       |   2 +-
 test/results/stats/default/haproxy.pcap.out        |   2 +-
 test/results/stats/default/hart_ip.pcap.out        |   2 +-
 .../default/heuristic_tcp_ack_payload.pcap.out     |   2 +-
 test/results/stats/default/hislip.pcap.out         |   2 +-
 test/results/stats/default/hl7.pcap.out            |   2 +-
 test/results/stats/default/hots.pcapng.out         |   2 +-
 test/results/stats/default/hpvirtgrp.pcap.out      |   2 +-
 test/results/stats/default/hsrp0.pcap.out          |   2 +-
 test/results/stats/default/hsrp2.pcap.out          |   2 +-
 test/results/stats/default/hsrp2_ipv6.pcapng.out   |   2 +-
 .../http-crash-content-disposition.pcap.out        |   2 +-
 .../stats/default/http-lines-split.pcap.out        |   2 +-
 .../stats/default/http-manipulated.pcap.out        |   2 +-
 test/results/stats/default/http-proxy.pcapng.out   |   2 +-
 test/results/stats/default/http.pcapng.out         |   2 +-
 test/results/stats/default/http2.pcapng.out        |   2 +-
 .../stats/default/http_asymmetric.pcapng.out       |   2 +-
 test/results/stats/default/http_auth.pcap.out      |   2 +-
 test/results/stats/default/http_connect.pcap.out   |   2 +-
 .../http_guessed_host_and_guessed.pcapng.out       |   2 +-
 .../stats/default/http_invalid_server.pcap.out     |   2 +-
 test/results/stats/default/http_ipv6.pcap.out      |   2 +-
 .../stats/default/http_on_sip_port.pcap.out        |   2 +-
 .../http_origin_different_than_host.pcap.out       |   2 +-
 .../default/http_starting_with_reply.pcapng.out    |   2 +-
 .../http_ua_splitted_in_two_pkts.pcapng.out        |   2 +-
 test/results/stats/default/i3d.pcap.out            |   2 +-
 test/results/stats/default/iax.pcap.out            |   2 +-
 test/results/stats/default/icmp-tunnel.pcap.out    |   2 +-
 test/results/stats/default/iec60780-5-104.pcap.out |   2 +-
 test/results/stats/default/ieee_c37118.pcap.out    |   2 +-
 test/results/stats/default/imap-starttls.pcap.out  |   2 +-
 test/results/stats/default/imap.pcap.out           |   2 +-
 test/results/stats/default/imaps.pcap.out          |   2 +-
 test/results/stats/default/imo.pcap.out            |   2 +-
 test/results/stats/default/instagram.pcap.out      |   2 +-
 .../stats/default/ip_fragmented_garbage.pcap.out   |   2 +-
 test/results/stats/default/iphone.pcap.out         |   2 +-
 test/results/stats/default/ipp.pcap.out            |   2 +-
 .../stats/default/ipsec_isakmp_esp.pcap.out        |   2 +-
 test/results/stats/default/ipv6_in_gtp.pcap.out    |   2 +-
 test/results/stats/default/irc.pcap.out            |   2 +-
 test/results/stats/default/iso9506-1-mms.pcap.out  |   2 +-
 .../default/ja3_lots_of_cipher_suites.pcap.out     |   2 +-
 .../ja3_lots_of_cipher_suites_2_anon.pcap.out      |   2 +-
 test/results/stats/default/jabber.pcap.out         |   2 +-
 test/results/stats/default/jsonrpc.pcap.out        |   2 +-
 test/results/stats/default/kafka.pcapng.out        |   2 +-
 test/results/stats/default/kcp.pcap.out            |   2 +-
 test/results/stats/default/kerberos-error.pcap.out |   2 +-
 test/results/stats/default/kerberos-login.pcap.out |   2 +-
 test/results/stats/default/kerberos.pcap.out       |   2 +-
 .../results/stats/default/kerberos_fuzz.pcapng.out |   2 +-
 test/results/stats/default/kismet.pcap.out         |   2 +-
 test/results/stats/default/kontiki.pcap.out        |   2 +-
 test/results/stats/default/line.pcap.out           |   2 +-
 .../stats/default/linecall_falsepositve.pcap.out   |   2 +-
 .../stats/default/lisp_registration.pcap.out       |   2 +-
 .../stats/default/log4j-webapp-exploit.pcap.out    |   2 +-
 .../stats/default/lol_wild_rift_udp.pcap.out       |   2 +-
 .../stats/default/long_tls_certificate.pcap.out    |   2 +-
 .../stats/default/lru_ipv6_caches.pcapng.out       |  12 +-
 test/results/stats/default/malformed_dns.pcap.out  |   2 +-
 test/results/stats/default/malformed_icmp.pcap.out |   2 +-
 test/results/stats/default/malware.pcap.out        |   2 +-
 test/results/stats/default/memcached.cap.out       |   2 +-
 test/results/stats/default/merakicloud.pcapng.out  |   2 +-
 test/results/stats/default/mgcp.pcap.out           |   2 +-
 test/results/stats/default/mining.pcapng.out       |   2 +-
 test/results/stats/default/modbus.pcap.out         |   2 +-
 test/results/stats/default/monero.pcap.out         |   2 +-
 .../stats/default/mongo_false_positive.pcapng.out  |   2 +-
 test/results/stats/default/mongodb.pcap.out        |   2 +-
 test/results/stats/default/mpeg-dash.pcap.out      |   2 +-
 test/results/stats/default/mpeg.pcap.out           |   2 +-
 test/results/stats/default/mpegts.pcap.out         |   2 +-
 test/results/stats/default/mqtt.pcap.out           |   2 +-
 test/results/stats/default/mssql_tds.pcap.out      |   2 +-
 test/results/stats/default/mullvad_dns.pcap.out    |   2 +-
 .../stats/default/mullvad_wireguard.pcap.out       |   2 +-
 test/results/stats/default/mumble.pcapng.out       |   2 +-
 test/results/stats/default/munin.pcap.out          |   2 +-
 test/results/stats/default/mysql.pcapng.out        |   2 +-
 test/results/stats/default/natpmp.pcap.out         |   2 +-
 test/results/stats/default/nats.pcap.out           |   2 +-
 ...ndpi_match_string_subprotocol__error.pcapng.out |   2 +-
 test/results/stats/default/nest_log_sink.pcap.out  |   2 +-
 test/results/stats/default/netbios.pcap.out        |   2 +-
 .../default/netbios_wildcard_dns_query.pcap.out    |   2 +-
 .../results/stats/default/netease_games.pcapng.out |   2 +-
 test/results/stats/default/netflix.pcap.out        |  10 +-
 test/results/stats/default/netflow-fritz.pcap.out  |   2 +-
 test/results/stats/default/netflowv9.pcap.out      |   2 +-
 test/results/stats/default/nfsv2.pcap.out          |   2 +-
 test/results/stats/default/nfsv3.pcap.out          |   2 +-
 test/results/stats/default/nintendo.pcap.out       |   2 +-
 test/results/stats/default/nntp.pcap.out           |   2 +-
 test/results/stats/default/no_sni.pcap.out         |   2 +-
 test/results/stats/default/nomachine.pcapng.out    |   2 +-
 test/results/stats/default/ocs.pcap.out            |   2 +-
 test/results/stats/default/ocsp.pcapng.out         |   2 +-
 test/results/stats/default/oicq.pcap.out           |   2 +-
 test/results/stats/default/ookla.pcap.out          |   2 +-
 test/results/stats/default/opc-ua.pcap.out         |   2 +-
 test/results/stats/default/openflow.pcap.out       |   2 +-
 .../stats/default/openvpn-tlscrypt.pcap.out        |   2 +-
 test/results/stats/default/openvpn.pcap.out        |   2 +-
 .../stats/default/openvpn_nohmac.pcapng.out        |   2 +-
 .../stats/default/openvpn_nohmac_tcp.pcapng.out    |   2 +-
 test/results/stats/default/opera-vpn.pcapng.out    |   2 +-
 test/results/stats/default/oracle12.pcapng.out     |   2 +-
 test/results/stats/default/os_detected.pcapng.out  |   2 +-
 .../stats/default/ospfv2_add_new_prefix.pcap.out   |   2 +-
 .../default/ossfuzz_seed_fake_traces_1.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_2.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_3.pcapng.out  |   2 +-
 .../default/ossfuzz_seed_fake_traces_4.pcapng.out  |   2 +-
 .../results/stats/default/path_of_exile.pcapng.out |   2 +-
 test/results/stats/default/pfcp.pcapng.out         |   2 +-
 test/results/stats/default/pgm.pcap.out            |   2 +-
 test/results/stats/default/pgsql.pcap.out          |   2 +-
 test/results/stats/default/pia.pcap.out            |   2 +-
 test/results/stats/default/pim.pcap.out            |   2 +-
 test/results/stats/default/pinterest.pcap.out      |   2 +-
 test/results/stats/default/pluralsight.pcap.out    |   2 +-
 test/results/stats/default/pop3.pcap.out           |   2 +-
 test/results/stats/default/pop3_stls.pcap.out      |   2 +-
 test/results/stats/default/pops.pcapng.out         |   2 +-
 .../stats/default/portable_executable.pcap.out     | 169 +++++
 test/results/stats/default/pps.pcap.out            |  12 +-
 test/results/stats/default/pptp.pcap.out           |   2 +-
 test/results/stats/default/profinet-io-le.pcap.out |   2 +-
 test/results/stats/default/protobuf.pcap.out       |   2 +-
 test/results/stats/default/protonvpn.pcap.out      |   2 +-
 test/results/stats/default/psiphon3.pcap.out       |   2 +-
 test/results/stats/default/ptpv2.pcap.out          |   2 +-
 test/results/stats/default/punycode-idn.pcap.out   |   2 +-
 test/results/stats/default/quic-23.pcap.out        |   2 +-
 test/results/stats/default/quic-24.pcap.out        |   2 +-
 test/results/stats/default/quic-27.pcap.out        |   2 +-
 test/results/stats/default/quic-28.pcap.out        |   2 +-
 test/results/stats/default/quic-29.pcap.out        |   2 +-
 test/results/stats/default/quic-33.pcapng.out      |   2 +-
 test/results/stats/default/quic-34.pcap.out        |   2 +-
 .../default/quic-forcing-vn-with-data.pcapng.out   |   2 +-
 .../stats/default/quic-fuzz-overflow.pcapng.out    |   2 +-
 test/results/stats/default/quic-mvfst-22.pcap.out  |   2 +-
 .../quic-mvfst-22_decryption_error.pcap.out        |   2 +-
 .../results/stats/default/quic-mvfst-27.pcapng.out |   2 +-
 test/results/stats/default/quic-mvfst-exp.pcap.out |   2 +-
 test/results/stats/default/quic-v2.pcapng.out      |   2 +-
 test/results/stats/default/quic.pcap.out           |   2 +-
 test/results/stats/default/quic046.pcap.out        |   2 +-
 test/results/stats/default/quic_0RTT.pcap.out      |   2 +-
 test/results/stats/default/quic_cc_ack.pcapng.out  |   2 +-
 .../default/quic_crypto_aes_auth_size.pcap.out     |   2 +-
 .../quic_frags_ch_in_multiple_packets.pcapng.out   |   2 +-
 ...h_out_of_order_same_packet_craziness.pcapng.out |   2 +-
 .../default/quic_frags_different_dcid.pcapng.out   |   2 +-
 .../stats/default/quic_interop_V.pcapng.out        |   2 +-
 test/results/stats/default/quic_q39.pcap.out       |   2 +-
 test/results/stats/default/quic_q43.pcap.out       |   2 +-
 test/results/stats/default/quic_q46.pcap.out       |   2 +-
 test/results/stats/default/quic_q46_b.pcap.out     |   2 +-
 test/results/stats/default/quic_q50.pcap.out       |   2 +-
 test/results/stats/default/quic_t50.pcap.out       |   2 +-
 test/results/stats/default/quic_t51.pcap.out       |   2 +-
 test/results/stats/default/quickplay.pcap.out      |  10 +-
 .../stats/default/radius_false_positive.pcapng.out |   2 +-
 test/results/stats/default/radmin3.pcapng.out      |   2 +-
 test/results/stats/default/raft.pcap.out           |   2 +-
 test/results/stats/default/raknet.pcap.out         |   2 +-
 test/results/stats/default/rdp.pcap.out            |   2 +-
 test/results/stats/default/rdp2.pcap.out           |   2 +-
 test/results/stats/default/rdp3.pcap.out           |   2 +-
 .../stats/default/reasm_crash_anon.pcapng.out      |   2 +-
 .../stats/default/reasm_segv_anon.pcapng.out       |   2 +-
 test/results/stats/default/reddit.pcap.out         |   2 +-
 test/results/stats/default/resp.pcap.out           |   2 +-
 test/results/stats/default/riot.pcapng.out         |   2 +-
 test/results/stats/default/riotgames.pcap.out      |   2 +-
 test/results/stats/default/rmcp.pcap.out           |   2 +-
 test/results/stats/default/roblox.pcapng.out       |   2 +-
 test/results/stats/default/roughtime.pcap.out      |   2 +-
 .../default/rsh-syslog-false-positive.pcap.out     |   2 +-
 test/results/stats/default/rsh.pcap.out            |   2 +-
 test/results/stats/default/rsync.pcap.out          |   2 +-
 ...tcp_multiple_pkts_in_the_same_datagram.pcap.out |   2 +-
 test/results/stats/default/rtmp.pcap.out           |   2 +-
 test/results/stats/default/rtp.pcapng.out          |   2 +-
 test/results/stats/default/rtps.pcap.out           |   2 +-
 test/results/stats/default/rtsp.pcap.out           |   2 +-
 .../stats/default/rtsp_setup_http.pcapng.out       |   2 +-
 test/results/stats/default/rx.pcap.out             |   2 +-
 test/results/stats/default/s7comm-plus.pcap.out    |   2 +-
 test/results/stats/default/s7comm.pcap.out         |   2 +-
 test/results/stats/default/safari.pcap.out         |   2 +-
 test/results/stats/default/salesforce.pcap.out     |   2 +-
 .../stats/default/sccp_hw_conf_register.pcapng.out |   2 +-
 test/results/stats/default/sctp.cap.out            |   2 +-
 test/results/stats/default/selfsigned.pcap.out     |   2 +-
 test/results/stats/default/sflow.pcap.out          |   2 +-
 test/results/stats/default/shadowsocks.pcap.out    |   2 +-
 test/results/stats/default/shell.pcap.out          | 169 +++++
 test/results/stats/default/signal.pcap.out         |   2 +-
 .../results/stats/default/simple-dnscrypt.pcap.out |   2 +-
 test/results/stats/default/sip.pcap.out            |   2 +-
 test/results/stats/default/sip_hello.pcapng.out    |   2 +-
 test/results/stats/default/sites.pcapng.out        |   2 +-
 test/results/stats/default/skinny.pcap.out         |   2 +-
 .../stats/default/skype-conference-call.pcap.out   |   2 +-
 test/results/stats/default/smb_deletefile.pcap.out |   2 +-
 test/results/stats/default/smb_frags.pcap.out      |   2 +-
 test/results/stats/default/smbv1.pcap.out          |   2 +-
 .../results/stats/default/smpp_in_general.pcap.out |   2 +-
 test/results/stats/default/smtp-starttls.pcap.out  |   2 +-
 test/results/stats/default/smtp.pcap.out           |   2 +-
 test/results/stats/default/smtps.pcapng.out        |   2 +-
 test/results/stats/default/snapchat.pcap.out       |   2 +-
 .../results/stats/default/snapchat_call.pcapng.out |   2 +-
 .../stats/default/snapchat_call_v1.pcapng.out      |   2 +-
 test/results/stats/default/snmp.pcap.out           |   2 +-
 test/results/stats/default/soap.pcap.out           |   2 +-
 test/results/stats/default/socks.pcap.out          |   2 +-
 test/results/stats/default/softether.pcap.out      |   2 +-
 test/results/stats/default/someip-tp.pcap.out      |   2 +-
 .../default/someip-udp-method-call.pcapng.out      |   2 +-
 .../stats/default/someip_sd_sample.pcap.out        |   2 +-
 test/results/stats/default/source_engine.pcap.out  |   2 +-
 test/results/stats/default/spotify_tcp.pcap.out    |   2 +-
 test/results/stats/default/sql_injection.pcap.out  |   2 +-
 test/results/stats/default/srvloc-v1.pcapng.out    |   2 +-
 test/results/stats/default/srvloc.pcap.out         |   2 +-
 .../stats/default/ssdp-m-search-ua.pcap.out        |   2 +-
 test/results/stats/default/ssdp-m-search.pcap.out  |   2 +-
 test/results/stats/default/ssh.pcap.out            |   2 +-
 .../stats/default/ssl-cert-name-mismatch.pcap.out  |   2 +-
 .../stats/default/starcraft_battle.pcap.out        |  10 +-
 test/results/stats/default/steam.pcapng.out        |   2 +-
 test/results/stats/default/stomp.pcapng.out        |   2 +-
 test/results/stats/default/stun.pcap.out           |   2 +-
 test/results/stats/default/stun_classic.pcap.out   |   2 +-
 .../results/stats/default/stun_dtls_rtp.pcapng.out |   2 +-
 .../stats/default/stun_dtls_rtp_unidir.pcapng.out  |   2 +-
 .../stun_dtls_unidirectional_client.pcap.out       |   2 +-
 .../stun_dtls_unidirectional_server.pcap.out       |   2 +-
 .../stats/default/stun_google_meet.pcapng.out      |   2 +-
 .../stats/default/stun_msteams_unidir.pcapng.out   |   2 +-
 test/results/stats/default/stun_signal.pcapng.out  |  16 +-
 .../stun_tcp_multiple_msgs_same_pkt.pcap.out       |   2 +-
 test/results/stats/default/stun_wa_call.pcapng.out |  14 +-
 test/results/stats/default/stun_zoom.pcapng.out    |   2 +-
 test/results/stats/default/syncthing.pcap.out      |   2 +-
 test/results/stats/default/synscan.pcap.out        |   2 +-
 test/results/stats/default/syslog.pcap.out         |   2 +-
 test/results/stats/default/tailscale.pcap.out      |   2 +-
 .../targusdataspeed_false_positives.pcap.out       |   2 +-
 test/results/stats/default/tcp_scan.pcapng.out     |   2 +-
 test/results/stats/default/teams.pcap.out          |  16 +-
 test/results/stats/default/teamspeak3.pcap.out     |   2 +-
 test/results/stats/default/teamviewer.pcap.out     |   2 +-
 test/results/stats/default/telegram.pcap.out       |   2 +-
 .../stats/default/telegram_videocall.pcapng.out    |  10 +-
 test/results/stats/default/telnet.pcap.out         |   2 +-
 test/results/stats/default/tencent_games.pcap.out  |   2 +-
 test/results/stats/default/teredo.pcap.out         |   2 +-
 test/results/stats/default/tftp.pcap.out           |   2 +-
 test/results/stats/default/threema.pcap.out        |   2 +-
 test/results/stats/default/thrift.pcap.out         |   2 +-
 test/results/stats/default/tinc.pcap.out           |   2 +-
 test/results/stats/default/tk.pcap.out             |   2 +-
 test/results/stats/default/tls-appdata.pcap.out    |   2 +-
 .../results/stats/default/tls-esni-fuzzed.pcap.out |   2 +-
 .../results/stats/default/tls-rdn-extract.pcap.out |   2 +-
 test/results/stats/default/tls_2_reasms.pcapng.out |   2 +-
 .../stats/default/tls_2_reasms_b.pcapng.out        |   2 +-
 test/results/stats/default/tls_alert.pcap.out      |   2 +-
 .../default/tls_certificate_too_long.pcap.out      |   6 +-
 .../results/stats/default/tls_cipher_lens.pcap.out |   2 +-
 ..._certificate_with_missing_server_one.pcapng.out |   2 +-
 test/results/stats/default/tls_ech.pcapng.out      |   2 +-
 .../stats/default/tls_esni_sni_both.pcap.out       |   2 +-
 .../stats/default/tls_false_positives.pcapng.out   |   2 +-
 .../stats/default/tls_invalid_reads.pcap.out       |   2 +-
 test/results/stats/default/tls_long_cert.pcap.out  |   2 +-
 .../stats/default/tls_malicious_sha1.pcapng.out    |   2 +-
 .../stats/default/tls_missing_ch_frag.pcap.out     |   2 +-
 .../tls_multiple_synack_different_seq.pcapng.out   |   2 +-
 test/results/stats/default/tls_port_80.pcapng.out  |   2 +-
 test/results/stats/default/tls_torrent.pcapng.out  |   2 +-
 .../stats/default/tls_unidirectional.pcap.out      |   2 +-
 .../default/tls_verylong_certificate.pcap.out      |   2 +-
 test/results/stats/default/toca-boca.pcap.out      |   2 +-
 test/results/stats/default/tor.pcap.out            |   2 +-
 test/results/stats/default/tplink_shp.pcap.out     |   2 +-
 test/results/stats/default/trickbot.pcap.out       |   2 +-
 test/results/stats/default/tumblr.pcap.out         |   2 +-
 test/results/stats/default/tunnelbear.pcap.out     |   2 +-
 test/results/stats/default/tuya_lp.pcap.out        |   2 +-
 test/results/stats/default/ubntac2.pcap.out        |   2 +-
 test/results/stats/default/uftp_v4_v5.pcap.out     |   2 +-
 test/results/stats/default/ultrasurf.pcap.out      |   2 +-
 test/results/stats/default/umas.pcap.out           |   2 +-
 test/results/stats/default/upnp.pcap.out           |   2 +-
 test/results/stats/default/viber.pcap.out          |   2 +-
 test/results/stats/default/vk.pcapng.out           |   2 +-
 test/results/stats/default/vnc.pcap.out            |   2 +-
 test/results/stats/default/vrrp3.pcapng.out        |   2 +-
 test/results/stats/default/vxlan.pcap.out          |   2 +-
 test/results/stats/default/wa_video.pcap.out       |  14 +-
 test/results/stats/default/wa_voice.pcap.out       |  14 +-
 test/results/stats/default/waze.pcap.out           |  10 +-
 test/results/stats/default/webdav.pcap.out         |   2 +-
 test/results/stats/default/webex.pcap.out          |   2 +-
 test/results/stats/default/websocket.pcap.out      |   2 +-
 test/results/stats/default/wechat.pcap.out         |   2 +-
 test/results/stats/default/weibo.pcap.out          |   2 +-
 test/results/stats/default/whatsapp.pcap.out       |   2 +-
 .../stats/default/whatsapp_login_call.pcap.out     |  14 +-
 .../stats/default/whatsapp_login_chat.pcap.out     |   2 +-
 .../default/whatsapp_voice_and_message.pcap.out    |   2 +-
 test/results/stats/default/whatsappfiles.pcap.out  |   2 +-
 test/results/stats/default/whois.pcapng.out        |   2 +-
 .../stats/default/windowsupdate_over_http.pcap.out |  10 +-
 test/results/stats/default/wireguard.pcap.out      |   2 +-
 test/results/stats/default/wow.pcap.out            |   2 +-
 test/results/stats/default/xdmcp.pcap.out          |   2 +-
 test/results/stats/default/xiaomi.pcap.out         |   2 +-
 test/results/stats/default/xss.pcap.out            |   2 +-
 test/results/stats/default/yandex.pcapng.out       |   2 +-
 test/results/stats/default/yojimbo.pcap.out        |   2 +-
 test/results/stats/default/youtube_quic.pcap.out   |   2 +-
 test/results/stats/default/youtubeupload.pcap.out  |   2 +-
 test/results/stats/default/z3950.pcapng.out        |   2 +-
 test/results/stats/default/zabbix.pcap.out         |   2 +-
 test/results/stats/default/zattoo.pcap.out         |   2 +-
 test/results/stats/default/zoom.pcap.out           |   2 +-
 test/results/stats/default/zoom2.pcap.out          |   2 +-
 test/results/stats/default/zoom_p2p.pcapng.out     |   2 +-
 .../stats/disable_aggressiveness/ookla.pcap.out    |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../disable_protocols/dns_long_domainname.pcap.out |   2 +-
 .../stats/disable_protocols/pluralsight.pcap.out   |   2 +-
 .../disable_protocols/quic-mvfst-27.pcapng.out     |   2 +-
 test/results/stats/disable_protocols/soap.pcap.out |   2 +-
 .../dns_process_response_disable/dns.pcap.out      |   2 +-
 .../dns.pcap.out                                   |   2 +-
 .../dns_subclassification_disable/dns.pcap.out     |   2 +-
 .../stats/enable_doh_heuristic/doh.pcapng.out      |   2 +-
 .../stats/enable_payload_stat/1kxun.pcap.out       |  10 +-
 .../flow_risk_lists_disable/protonvpn.pcap.out     |   2 +-
 test/results/stats/guessing_disable/webex.pcap.out |   2 +-
 .../http_process_response_disable/http.pcapng.out  |   2 +-
 .../http_asymmetric.pcapng.out                     |   2 +-
 test/results/stats/ip_lists_disable/1kxun.pcap.out |  10 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../stun_dtls_rtp_unidir.pcapng.out                |   2 +-
 .../stun_extra_dissection/stun_zoom.pcapng.out     |   2 +-
 .../stun_mapped_address_disabled/teams.pcap.out    | 169 +++++
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../tls_verylong_certificate.pcap.out              |   2 +-
 .../stun_dtls_rtp_unidir.pcapng.out                |  10 +-
 .../stun_extra_dissection/stun_zoom.pcapng.out     |  14 +-
 .../stun_mapped_address_disabled/teams.pcap.out    | 697 ++++++++++++++++++
 .../tls_verylong_certificate.pcap.out              |  10 +-
 .../tls_verylong_certificate.pcap.out              |  10 +-
 .../tls_verylong_certificate.pcap.out              |  10 +-
 1680 files changed, 8051 insertions(+), 5658 deletions(-)
 create mode 100644 test/results/default/elf.pcap.out
 create mode 100644 test/results/default/portable_executable.pcap.out
 create mode 100644 test/results/default/shell.pcap.out
 create mode 100644 test/results/flow-analyse/default/elf.pcap.out
 create mode 100644 test/results/flow-analyse/default/portable_executable.pcap.out
 create mode 100644 test/results/flow-analyse/default/shell.pcap.out
 create mode 100644 test/results/flow-analyse/stun_mapped_address_disabled/teams.pcap.out
 create mode 100644 test/results/flow-captured/default/elf.pcap.out
 create mode 100644 test/results/flow-captured/default/portable_executable.pcap.out
 create mode 100644 test/results/flow-captured/default/shell.pcap.out
 create mode 100644 test/results/flow-captured/stun_mapped_address_disabled/teams.pcap.out
 create mode 100644 test/results/flow-info/default/elf.pcap.out
 create mode 100644 test/results/flow-info/default/portable_executable.pcap.out
 create mode 100644 test/results/flow-info/default/shell.pcap.out
 create mode 100644 test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out
 create mode 100644 test/results/influxd/default/elf.pcap.out
 create mode 100644 test/results/influxd/default/portable_executable.pcap.out
 create mode 100644 test/results/influxd/default/shell.pcap.out
 create mode 100644 test/results/influxd/stun_mapped_address_disabled/teams.pcap.out
 create mode 100644 test/results/stats/default/elf.pcap.out
 create mode 100644 test/results/stats/default/portable_executable.pcap.out
 create mode 100644 test/results/stats/default/shell.pcap.out
 create mode 100644 test/results/stats/stun_mapped_address_disabled/teams.pcap.out
 create mode 100644 test/results/stun_mapped_address_disabled/teams.pcap.out

diff --git a/libnDPI b/libnDPI
index 09bb38343..142c8f5af 160000
--- a/libnDPI
+++ b/libnDPI
@@ -1 +1 @@
-Subproject commit 09bb383437c11ef55e926ed15cdf986c0d426827
+Subproject commit 142c8f5afb90629762920db6703831826513e00b
diff --git a/test/results/caches_cfg/ookla.pcap.out b/test/results/caches_cfg/ookla.pcap.out
index 18bcceae8..64ea4f5ff 100644
--- a/test/results/caches_cfg/ookla.pcap.out
+++ b/test/results/caches_cfg/ookla.pcap.out
@@ -1,4 +1,4 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="}
@@ -12,7 +12,7 @@
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
@@ -31,7 +31,7 @@
 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="}
@@ -53,7 +53,7 @@
 01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 113/113
 ~~ skipped flows.............: 0
@@ -62,8 +62,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529549 bytes
-~~ total memory freed........: 5529549 bytes
+~~ total memory allocated....: 5529653 bytes
+~~ total memory freed........: 5529653 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 523 chars
diff --git a/test/results/caches_cfg/teams.pcap.out b/test/results/caches_cfg/teams.pcap.out
index 6c6b3f894..563c78354 100644
--- a/test/results/caches_cfg/teams.pcap.out
+++ b/test/results/caches_cfg/teams.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
@@ -469,7 +469,7 @@
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
 01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -483,7 +483,7 @@
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
@@ -492,9 +492,11 @@
 01309{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
+00994{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":">??i)?<????????????r"}}
 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
+00994{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"s?>?ed???[??+ez4???m"}}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
@@ -542,9 +544,13 @@
 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
+01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
+01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
+00995{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
+00995{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -561,7 +567,9 @@
 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
 02296{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
@@ -595,10 +603,10 @@
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01228{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01228{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -634,7 +642,7 @@
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -649,13 +657,13 @@
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01003{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
@@ -671,7 +679,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":57,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1587041698021081}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":65,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":682,"global_ts_usec":1587041698021081}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1540/1498
 ~~ skipped flows.............: 0
@@ -680,9 +688,9 @@
 ~~ total active/idle flows...: 83/83
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6631998 bytes
-~~ total memory freed........: 6631998 bytes
-~~ total allocations/frees...: 88661/88661
+~~ total memory allocated....: 6633459 bytes
+~~ total memory freed........: 6633459 bytes
+~~ total allocations/frees...: 88666/88666
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 298 chars
 ~~ json message max len.......: 2504 chars
diff --git a/test/results/caches_global/bittorrent.pcap.out b/test/results/caches_global/bittorrent.pcap.out
index 9b2a3947f..7c31d74e2 100644
--- a/test/results/caches_global/bittorrent.pcap.out
+++ b/test/results/caches_global/bittorrent.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}}
@@ -161,7 +161,7 @@
 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1455469974358684,"flow_src_last_pkt_time":1455469975341953,"flow_dst_last_pkt_time":1455469976244642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":639,"flow_src_tot_l4_payload_len":451,"flow_dst_tot_l4_payload_len":686,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441488,"flow_src_last_pkt_time":1455469969441488,"flow_dst_last_pkt_time":1455469969441488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407300,"flow_src_last_pkt_time":1455469975407300,"flow_dst_last_pkt_time":1455469975407300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/caches_global\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 299/299
 ~~ skipped flows.............: 0
@@ -170,8 +170,8 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5601656 bytes
-~~ total memory freed........: 5601656 bytes
+~~ total memory allocated....: 5602048 bytes
+~~ total memory freed........: 5602048 bytes
 ~~ total allocations/frees...: 86434/86434
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 575 chars
diff --git a/test/results/caches_global/lru_ipv6_caches.pcapng.out b/test/results/caches_global/lru_ipv6_caches.pcapng.out
index 1d7bff703..471b1f42d 100644
--- a/test/results/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/caches_global/lru_ipv6_caches.pcapng.out
@@ -1,5 +1,5 @@
-00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473}
+00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473}
 00841{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="}
@@ -37,6 +37,7 @@
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
+01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"}
@@ -64,10 +65,12 @@
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="}
 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="}
+01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="}
 01018{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="}
+01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"}
 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"}
 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"}
@@ -78,12 +81,12 @@
 01284{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052954929738,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01279{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01283{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01045{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01172{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01283{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1639052981556623}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/caches_global\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1639052981556623}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 88/88
 ~~ skipped flows.............: 0
@@ -92,10 +95,10 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5539252 bytes
-~~ total memory freed........: 5539252 bytes
-~~ total allocations/frees...: 86096/86096
+~~ total memory allocated....: 5539536 bytes
+~~ total memory freed........: 5539536 bytes
+~~ total allocations/frees...: 86099/86099
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 585 chars
+~~ json message min len.......: 583 chars
 ~~ json message max len.......: 2407 chars
-~~ json message avg len.......: 1495 chars
+~~ json message avg len.......: 1494 chars
diff --git a/test/results/caches_global/mining.pcapng.out b/test/results/caches_global/mining.pcapng.out
index fda293274..bb91be847 100644
--- a/test/results/caches_global/mining.pcapng.out
+++ b/test/results/caches_global/mining.pcapng.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484655421797845}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484655421797845}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"}
@@ -8,7 +8,7 @@
 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"}
 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196094240063}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196094240063}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="}
@@ -33,12 +33,12 @@
 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"}
 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1514196703786322}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1514196703786322}
 02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":673,"packets-processed":673,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1514197279769698}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/caches_global\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":673,"packets-processed":673,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1514197279769698}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 673/673
 ~~ skipped flows.............: 0
@@ -47,8 +47,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5532198 bytes
-~~ total memory freed........: 5532198 bytes
+~~ total memory allocated....: 5532270 bytes
+~~ total memory freed........: 5532270 bytes
 ~~ total allocations/frees...: 86570/86570
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/caches_global/ookla.pcap.out b/test/results/caches_global/ookla.pcap.out
index 083c3bfe0..11b05081b 100644
--- a/test/results/caches_global/ookla.pcap.out
+++ b/test/results/caches_global/ookla.pcap.out
@@ -1,4 +1,4 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="}
@@ -12,7 +12,7 @@
 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"}
 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="}
 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
@@ -31,7 +31,7 @@
 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00766{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="}
@@ -53,7 +53,7 @@
 01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_global\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 113/113
 ~~ skipped flows.............: 0
@@ -62,8 +62,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529549 bytes
-~~ total memory freed........: 5529549 bytes
+~~ total memory allocated....: 5529653 bytes
+~~ total memory freed........: 5529653 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
diff --git a/test/results/caches_global/teams.pcap.out b/test/results/caches_global/teams.pcap.out
index dd0042076..6d191a72a 100644
--- a/test/results/caches_global/teams.pcap.out
+++ b/test/results/caches_global/teams.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
 01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
@@ -469,7 +469,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
 01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -483,7 +483,7 @@
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
@@ -492,9 +492,11 @@
 01312{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
+00997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":">??i)?<????????????r"}}
 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
+00997{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"s?>?ed???[??+ez4???m"}}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
@@ -542,9 +544,13 @@
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
+01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
+01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
+00998{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
+00998{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -561,7 +567,9 @@
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
 02299{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
@@ -595,10 +603,10 @@
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -634,7 +642,7 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00875{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -649,13 +657,13 @@
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
 01007{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
@@ -671,7 +679,7 @@
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":57,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1587041698021081}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_global\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":65,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":682,"global_ts_usec":1587041698021081}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1540/1498
 ~~ skipped flows.............: 0
@@ -680,9 +688,9 @@
 ~~ total active/idle flows...: 83/83
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6631998 bytes
-~~ total memory freed........: 6631998 bytes
-~~ total allocations/frees...: 88661/88661
+~~ total memory allocated....: 6633459 bytes
+~~ total memory freed........: 6633459 bytes
+~~ total allocations/frees...: 88666/88666
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 301 chars
 ~~ json message max len.......: 2507 chars
diff --git a/test/results/caches_global/zoom_p2p.pcapng.out b/test/results/caches_global/zoom_p2p.pcapng.out
index f7bfc9a7a..cb53ae42f 100644
--- a/test/results/caches_global/zoom_p2p.pcapng.out
+++ b/test/results/caches_global/zoom_p2p.pcapng.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -128,7 +128,7 @@
 01083{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/caches_global\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 763/763
 ~~ skipped flows.............: 0
@@ -137,10 +137,10 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5546080 bytes
-~~ total memory freed........: 5546080 bytes
+~~ total memory allocated....: 5546296 bytes
+~~ total memory freed........: 5546296 bytes
 ~~ total allocations/frees...: 86752/86752
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 578 chars
+~~ json message min len.......: 576 chars
 ~~ json message max len.......: 2177 chars
-~~ json message avg len.......: 1376 chars
+~~ json message avg len.......: 1375 chars
diff --git a/test/results/default/1kxun.pcap.out b/test/results/default/1kxun.pcap.out
index c0a46ccfd..4b1a5cc17 100644
--- a/test/results/default/1kxun.pcap.out
+++ b/test/results/default/1kxun.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -689,7 +689,7 @@
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
 01469{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}}
@@ -709,7 +709,7 @@
 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1654385127293052,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"}
 01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}}
 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_usec":1654385127425884,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"}
-01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
+01258{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_usec":1654385127488169,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1654385128878259,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
@@ -838,7 +838,7 @@
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01052{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01215{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
@@ -1291,7 +1291,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -1300,7 +1300,7 @@
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1723/1723
 ~~ skipped flows.............: 0
@@ -1309,9 +1309,9 @@
 ~~ total active/idle flows...: 197/197
 ~~ total timeout flows.......: 20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6054376 bytes
-~~ total memory freed........: 6054376 bytes
-~~ total allocations/frees...: 90515/90515
+~~ total memory allocated....: 6057552 bytes
+~~ total memory freed........: 6057552 bytes
+~~ total allocations/frees...: 90516/90516
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
 ~~ json message max len.......: 11852 chars
diff --git a/test/results/default/443-chrome.pcap.out b/test/results/default/443-chrome.pcap.out
index e5ac3fd77..27bce0bfa 100644
--- a/test/results/default/443-chrome.pcap.out
+++ b/test/results/default/443-chrome.pcap.out
@@ -1,10 +1,10 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109434258190}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109434258190}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1581109434258190,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
-01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01160{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1581109434258190}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1581109434258190}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500050 bytes
-~~ total memory freed........: 5500050 bytes
-~~ total allocations/frees...: 85862/85862
+~~ total memory allocated....: 5500087 bytes
+~~ total memory freed........: 5500087 bytes
+~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2505 chars
-~~ json message avg len.......: 1477 chars
+~~ json message avg len.......: 1476 chars
diff --git a/test/results/default/443-curl.pcap.out b/test/results/default/443-curl.pcap.out
index 019178c47..4e73ed05c 100644
--- a/test/results/default/443-curl.pcap.out
+++ b/test/results/default/443-curl.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113120474299}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113120474299}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120474299,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113120474299,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113120512991,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
@@ -11,7 +11,7 @@
 01452{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120564527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581113120564527,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707h2_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}}
 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121447770,"flow_dst_last_pkt_time":1581113121447985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":10128,"midstream":0,"thread_ts_usec":1581113121447985,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62811.5,"max":784064,"stddev":190271.5,"var":36203257856.0,"ent":2.2,"data": [38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":558.7,"var":312115.0,"ent":3.8,"data": [64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1],"entropies": [4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121570392,"flow_dst_last_pkt_time":1581113121570364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":65886,"midstream":0,"thread_ts_usec":1581113121570392,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113121570392}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113121570392}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 109/109
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508101 bytes
-~~ total memory freed........: 5508101 bytes
+~~ total memory allocated....: 5508125 bytes
+~~ total memory freed........: 5508125 bytes
 ~~ total allocations/frees...: 85977/85977
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/443-firefox.pcap.out b/test/results/default/443-firefox.pcap.out
index c9bbd5453..8f79e07ab 100644
--- a/test/results/default/443-firefox.pcap.out
+++ b/test/results/default/443-firefox.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109488041083}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109488041083}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488041083,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109488041083,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109488079587,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
@@ -11,7 +11,7 @@
 01518{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109488123785,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}}
 02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109490061876,"flow_dst_last_pkt_time":1581109490062194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":13867,"midstream":0,"thread_ts_usec":1581109490062194,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":130384.0,"max":1655693,"stddev":403949.6,"var":163175268352.0,"ent":2.0,"data": [38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243]},"pktlen": {"min":52,"avg":518.7,"max":1492,"stddev":610.4,"var":372566.0,"ent":4.0,"data": [64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016]},"bins": {"c_to_s": [11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109496480905,"flow_dst_last_pkt_time":1581109496480819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7675,"flow_dst_tot_l4_payload_len":406398,"midstream":0,"thread_ts_usec":1581109496480905,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109496480905}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109496480905}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 667/667
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5524337 bytes
-~~ total memory freed........: 5524337 bytes
+~~ total memory allocated....: 5524361 bytes
+~~ total memory freed........: 5524361 bytes
 ~~ total allocations/frees...: 86536/86536
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 549 chars
diff --git a/test/results/default/443-git.pcap.out b/test/results/default/443-git.pcap.out
index a1481bd85..32134dd53 100644
--- a/test/results/default/443-git.pcap.out
+++ b/test/results/default/443-git.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113657633853}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113657633853}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657633853,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113657633853,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113657744320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
@@ -11,7 +11,7 @@
 01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3550,"midstream":0,"thread_ts_usec":1581113657863749,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","tls": {"version":"TLSv1.2","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}}
 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658139408,"flow_dst_last_pkt_time":1581113658139371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":850,"flow_dst_tot_l4_payload_len":8277,"midstream":0,"thread_ts_usec":1581113658139408,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32615.3,"max":143502,"stddev":53225.8,"var":2832981760.0,"ent":3.2,"data": [110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227]},"pktlen": {"min":52,"avg":337.8,"max":1476,"stddev":464.4,"var":215710.4,"ent":4.0,"data": [64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52]},"bins": {"c_to_s": [14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0],"entropies": [4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658456571,"flow_dst_last_pkt_time":1581113658456501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":881,"flow_dst_tot_l4_payload_len":31704,"midstream":0,"thread_ts_usec":1581113658456571,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113658456571}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113658456571}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 70/70
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510486 bytes
-~~ total memory freed........: 5510486 bytes
+~~ total memory allocated....: 5510510 bytes
+~~ total memory freed........: 5510510 bytes
 ~~ total allocations/frees...: 85940/85940
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/443-opvn.pcap.out b/test/results/default/443-opvn.pcap.out
index 33400a4aa..7aaeb3c16 100644
--- a/test/results/default/443-opvn.pcap.out
+++ b/test/results/default/443-opvn.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581153175528454}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581153175528454}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581153175528454,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581153175528454,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175550065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581153175550065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
@@ -9,7 +9,7 @@
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153176603974,"flow_dst_last_pkt_time":1581153176626109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1581153176626109,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153177970762,"flow_dst_last_pkt_time":1581153177992252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3449,"flow_dst_tot_l4_payload_len":3196,"midstream":0,"thread_ts_usec":1581153177992252,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":158261.5,"max":1160659,"stddev":364282.7,"var":132701855744.0,"ent":2.7,"data": [21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313]},"pktlen": {"min":52,"avg":260.3,"max":1492,"stddev":407.4,"var":166005.6,"ent":3.8,"data": [64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104]},"bins": {"c_to_s": [7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":21,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153184491293,"flow_dst_last_pkt_time":1581153184491180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3974,"flow_dst_tot_l4_payload_len":4543,"midstream":0,"thread_ts_usec":1581153184491293,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1581153184491293}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1581153184491293}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 46/46
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501355 bytes
-~~ total memory freed........: 5501355 bytes
+~~ total memory allocated....: 5501379 bytes
+~~ total memory freed........: 5501379 bytes
 ~~ total allocations/frees...: 85907/85907
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/443-safari.pcap.out b/test/results/default/443-safari.pcap.out
index 26a0945cf..af7d16b01 100644
--- a/test/results/default/443-safari.pcap.out
+++ b/test/results/default/443-safari.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109359601646}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109359601646}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359601646,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109359601646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109359639845,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
@@ -11,7 +11,7 @@
 01496{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109359683783,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}}
 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360694080,"flow_dst_last_pkt_time":1581109360694172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":9828,"midstream":0,"thread_ts_usec":1581109360694172,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":70482.6,"max":695650,"stddev":174729.3,"var":30530334720.0,"ent":2.6,"data": [38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":559.6,"var":313139.8,"ent":3.8,"data": [64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492]},"bins": {"c_to_s": [11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360696066,"flow_dst_last_pkt_time":1581109360695416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":16406,"midstream":0,"thread_ts_usec":1581109360696066,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109360696066}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109360696066}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 41/41
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506159 bytes
-~~ total memory freed........: 5506159 bytes
+~~ total memory allocated....: 5506183 bytes
+~~ total memory freed........: 5506183 bytes
 ~~ total allocations/frees...: 85909/85909
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/4in4tunnel.pcap.out b/test/results/default/4in4tunnel.pcap.out
index 32b822fdd..526bde3ea 100644
--- a/test/results/default/4in4tunnel.pcap.out
+++ b/test/results/default/4in4tunnel.pcap.out
@@ -1,20 +1,20 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1537044271794779}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1537044271794779}
 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537044271794779,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1537058551803081}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1537058551803081}
 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537058551803081,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1537082929816392}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1537082929816392}
 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537082929816392,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1537138237839574}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1537138237839574}
 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537138237839574,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1537165843864842}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1537165843864842}
 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537165843864842,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1537165843864842}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1537165843864842}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/0
 ~~ skipped flows.............: 0
@@ -23,10 +23,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 303 chars
-~~ json message max len.......: 638 chars
-~~ json message avg len.......: 469 chars
+~~ json message max len.......: 636 chars
+~~ json message avg len.......: 468 chars
diff --git a/test/results/default/4in6tunnel.pcap.out b/test/results/default/4in6tunnel.pcap.out
index bf3f7ea7e..bd00e8300 100644
--- a/test/results/default/4in6tunnel.pcap.out
+++ b/test/results/default/4in6tunnel.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1543235434019243}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1543235434019243}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_usec":1543235434019243,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -7,7 +7,7 @@
 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019246,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_usec":1543235434019247,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"thread_ts_usec":1543235434019248,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":1464,"midstream":0,"thread_ts_usec":1543235434019248,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1543235434019248}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1543235434019248}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498089 bytes
-~~ total memory freed........: 5498089 bytes
+~~ total memory allocated....: 5498113 bytes
+~~ total memory freed........: 5498113 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2494 chars
-~~ json message avg len.......: 1434 chars
+~~ json message avg len.......: 1433 chars
diff --git a/test/results/default/6in4tunnel.pcap.out b/test/results/default/6in4tunnel.pcap.out
index f702fb69f..e6ee78610 100644
--- a/test/results/default/6in4tunnel.pcap.out
+++ b/test/results/default/6in4tunnel.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444236893450580}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444236893450580}
 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444236893450580,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893450580,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893555356,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893555356,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
@@ -9,7 +9,7 @@
 02015{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":494998.2,"max":1005120,"stddev":454962.0,"var":206990442496.0,"ent":4.2,"data": [104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539]},"pktlen": {"min":92,"avg":236.4,"max":1897,"stddev":383.0,"var":146712.7,"ent":4.1,"data": [124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145]},"bins": {"c_to_s": [0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0],"entropies": [5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995]}}
 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00882{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":61,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236915478638,"flow_dst_last_pkt_time":1444236915586195,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1470,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":11600,"flow_dst_tot_l4_payload_len":24375,"midstream":0,"thread_ts_usec":1444236915586195,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444236915586195}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444236915586195}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 127/127
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501656 bytes
-~~ total memory freed........: 5501656 bytes
+~~ total memory allocated....: 5501680 bytes
+~~ total memory freed........: 5501680 bytes
 ~~ total allocations/frees...: 85987/85987
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2020 chars
-~~ json message avg len.......: 1256 chars
+~~ json message avg len.......: 1255 chars
diff --git a/test/results/default/6in6tunnel.pcap.out b/test/results/default/6in6tunnel.pcap.out
index cdd60a61f..da2bdfc3e 100644
--- a/test/results/default/6in6tunnel.pcap.out
+++ b/test/results/default/6in6tunnel.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1335197872162188}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1335197872162188}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872162188,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1335197872162188,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="}
 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
@@ -8,7 +8,7 @@
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
 00951{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1335197872164220}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1335197872164220}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500203 bytes
-~~ total memory freed........: 5500203 bytes
+~~ total memory allocated....: 5500243 bytes
+~~ total memory freed........: 5500243 bytes
 ~~ total allocations/frees...: 85873/85873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 998 chars
-~~ json message avg len.......: 781 chars
+~~ json message avg len.......: 780 chars
diff --git a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out
index e9524dfec..e4b7cdbbc 100644
--- a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1445156939131847}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1445156939131847}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939131847,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939131847,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939145123,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
@@ -8,7 +8,7 @@
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939152099,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939165354,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1445156939165354,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156989230918,"flow_dst_last_pkt_time":1445156988877283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":269,"midstream":0,"thread_ts_usec":1445156989230918,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1445156989230918}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1445156989230918}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498379 bytes
-~~ total memory freed........: 5498379 bytes
+~~ total memory allocated....: 5498403 bytes
+~~ total memory freed........: 5498403 bytes
 ~~ total allocations/frees...: 85874/85874
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/BGP_redist.pcap.out b/test/results/default/BGP_redist.pcap.out
index c7b1bf842..16b68b66a 100644
--- a/test/results/default/BGP_redist.pcap.out
+++ b/test/results/default/BGP_redist.pcap.out
@@ -1,12 +1,12 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256636836167156}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256636836167156}
 00296{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1256636836167156,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156}
 00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","pkt_datalink":104,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_usec":1256636836167156,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"pkt_datalink":104,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_usec":1256636836167195,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1256636836167195}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1256636836167195}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/1
 ~~ skipped flows.............: 0
@@ -15,8 +15,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 301 chars
diff --git a/test/results/default/EAQ.pcap.out b/test/results/default/EAQ.pcap.out
index f05a260a3..2c431d688 100644
--- a/test/results/default/EAQ.pcap.out
+++ b/test/results/default/EAQ.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820948562939}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820948562939}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948562939,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948562939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820948562939,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948566510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948566510,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
@@ -266,7 +266,7 @@
 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820966101330,"flow_src_last_pkt_time":1432821030791363,"flow_dst_last_pkt_time":1432820966101330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820954931988,"flow_src_last_pkt_time":1432821041151349,"flow_dst_last_pkt_time":1432820954931988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111371,"flow_src_last_pkt_time":1432821034791791,"flow_dst_last_pkt_time":1432820970111371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1432821045664868}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1432821045664868}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 197/197
 ~~ skipped flows.............: 0
@@ -275,8 +275,8 @@
 ~~ total active/idle flows...: 31/31
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5569055 bytes
-~~ total memory freed........: 5569055 bytes
+~~ total memory allocated....: 5569559 bytes
+~~ total memory freed........: 5569559 bytes
 ~~ total allocations/frees...: 86400/86400
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 525 chars
diff --git a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index 06d9e9d68..d38d2247d 100644
--- a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -1,5 +1,5 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1228468937630923}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1228468937630923}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1228468937630923,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","proto_id":"181","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -49,7 +49,7 @@
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228469042380433,"flow_dst_last_pkt_time":1228469042442455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":833,"flow_src_tot_l4_payload_len":6036,"flow_dst_tot_l4_payload_len":6141,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228469042381601,"flow_dst_last_pkt_time":1228469042445270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":12330,"flow_dst_tot_l4_payload_len":12210,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228469042379188,"flow_dst_last_pkt_time":1228469042444514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":6165,"flow_dst_tot_l4_payload_len":6105,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1552,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1228469046884194}
+00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1552,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1228469046884194}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1552/1552
 ~~ skipped flows.............: 0
@@ -58,10 +58,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5551669 bytes
-~~ total memory freed........: 5551669 bytes
+~~ total memory allocated....: 5551757 bytes
+~~ total memory freed........: 5551757 bytes
 ~~ total allocations/frees...: 87456/87456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 590 chars
+~~ json message min len.......: 588 chars
 ~~ json message max len.......: 2232 chars
-~~ json message avg len.......: 1410 chars
+~~ json message avg len.......: 1409 chars
diff --git a/test/results/default/IEC104.pcap.out b/test/results/default/IEC104.pcap.out
index 7b883007f..98fdb400a 100644
--- a/test/results/default/IEC104.pcap.out
+++ b/test/results/default/IEC104.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317629088495135}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317629088495135}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088495135,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1317629088495135,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088520615,"flow_dst_last_pkt_time":1317629088520615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088520615,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -14,7 +14,7 @@
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1317629089467434,"flow_dst_last_pkt_time":1317629089666296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1317629089666296,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoK+dAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7mFAQAP5RXAAA"}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629090498077,"flow_dst_last_pkt_time":1317629090496349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088536185,"flow_dst_last_pkt_time":1317629088739193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1317629090498077}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1317629090498077}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
 ~~ skipped flows.............: 0
@@ -23,8 +23,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500580 bytes
-~~ total memory freed........: 5500580 bytes
+~~ total memory allocated....: 5500620 bytes
+~~ total memory freed........: 5500620 bytes
 ~~ total allocations/frees...: 85886/85886
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/KakaoTalk_chat.pcap.out b/test/results/default/KakaoTalk_chat.pcap.out
index 6aeaa676d..1acbfc0d3 100644
--- a/test/results/default/KakaoTalk_chat.pcap.out
+++ b/test/results/default/KakaoTalk_chat.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069021959113}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069021959113}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069021959113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="}
 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"auth.kakao.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -264,10 +264,10 @@
 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1430069035967627,"flow_src_last_pkt_time":1430069036831031,"flow_dst_last_pkt_time":1430069036794013,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":843,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":4317,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1430069026012030,"flow_src_last_pkt_time":1430069051671393,"flow_dst_last_pkt_time":1430069051765998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1430069026012030,"flow_src_last_pkt_time":1430069051671393,"flow_dst_last_pkt_time":1430069051765998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
-00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069069274054,"flow_dst_last_pkt_time":1430069069017493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":168,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069069274054,"flow_dst_last_pkt_time":1430069069017493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":168,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069069274054,"flow_dst_last_pkt_time":1430069069017493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":168,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104834,"flow_src_last_pkt_time":1430069022104834,"flow_dst_last_pkt_time":1430069022234626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":270,"global_ts_usec":1430069073299933}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":270,"global_ts_usec":1430069073299933}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 347/347
 ~~ skipped flows.............: 0
@@ -276,9 +276,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5716671 bytes
-~~ total memory freed........: 5716671 bytes
-~~ total allocations/frees...: 86843/86843
+~~ total memory allocated....: 5717300 bytes
+~~ total memory freed........: 5717300 bytes
+~~ total allocations/frees...: 86844/86844
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
 ~~ json message max len.......: 2375 chars
diff --git a/test/results/default/KakaoTalk_talk.pcap.out b/test/results/default/KakaoTalk_talk.pcap.out
index 43ad994aa..7db7cbd2f 100644
--- a/test/results/default/KakaoTalk_talk.pcap.out
+++ b/test/results/default/KakaoTalk_talk.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069140120551}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069140120551}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069140120551,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_usec":1430069140120551,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140453803,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069140453803,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
@@ -139,9 +139,9 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069211640662,"flow_src_last_pkt_time":1430069211640662,"flow_dst_last_pkt_time":1430069211843116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":757,"flow_dst_packets_processed":746,"flow_first_seen":1430069171118750,"flow_src_last_pkt_time":1430069216536414,"flow_dst_last_pkt_time":1430069216447150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":73027,"flow_dst_tot_l4_payload_len":61082,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1430069170892951,"flow_src_last_pkt_time":1430069214736731,"flow_dst_last_pkt_time":1430069214355292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":1058,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","proto_id":"194","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01053{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
-00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1430069216559027}
+00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1430069216559027}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3203/3203
 ~~ skipped flows.............: 0
@@ -150,9 +150,9 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5657319 bytes
-~~ total memory freed........: 5657319 bytes
-~~ total allocations/frees...: 89305/89305
+~~ total memory allocated....: 5657660 bytes
+~~ total memory freed........: 5657660 bytes
+~~ total allocations/frees...: 89306/89306
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
 ~~ json message max len.......: 2713 chars
diff --git a/test/results/default/NTPv2.pcap.out b/test/results/default/NTPv2.pcap.out
index 0ce1bbc4e..523462971 100644
--- a/test/results/default/NTPv2.pcap.out
+++ b/test/results/default/NTPv2.pcap.out
@@ -1,10 +1,10 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865383632810}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865383632810}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1436865383632810,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00957{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":42,"version":42}}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865383632810}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865383632810}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 1005 chars
-~~ json message avg len.......: 771 chars
+~~ json message avg len.......: 770 chars
diff --git a/test/results/default/NTPv3.pcap.out b/test/results/default/NTPv3.pcap.out
index c9cf599f3..a1dd54e34 100644
--- a/test/results/default/NTPv3.pcap.out
+++ b/test/results/default/NTPv3.pcap.out
@@ -1,10 +1,10 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865405371462}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865405371462}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865405371462,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
 00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865405371462}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865405371462}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 959 chars
-~~ json message avg len.......: 744 chars
+~~ json message avg len.......: 743 chars
diff --git a/test/results/default/NTPv4.pcap.out b/test/results/default/NTPv4.pcap.out
index 80d2c5857..ec84f7e6b 100644
--- a/test/results/default/NTPv4.pcap.out
+++ b/test/results/default/NTPv4.pcap.out
@@ -1,10 +1,10 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865396190857}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865396190857}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865396190857,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
 00953{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865396190857}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865396190857}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 959 chars
-~~ json message avg len.......: 744 chars
+~~ json message avg len.......: 743 chars
diff --git a/test/results/default/Oscar.pcap.out b/test/results/default/Oscar.pcap.out
index edd4c0a6a..71d7b1b76 100644
--- a/test/results/default/Oscar.pcap.out
+++ b/test/results/default/Oscar.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434606464176482}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434606464176482}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434606464176482,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434606464176482,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464205135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434606464205135,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
@@ -9,7 +9,7 @@
 01999{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":3883141.0,"max":58215154,"stddev":14267685.0,"var":203566836875264.0,"ent":1.3,"data": [28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580]},"pktlen": {"min":40,"avg":172.5,"max":1400,"stddev":263.3,"var":69345.6,"ent":4.0,"data": [64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76]},"bins": {"c_to_s": [11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0],"entropies": [4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341]}}
 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434606536630487}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434606536630487}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 71/71
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502080 bytes
-~~ total memory freed........: 5502080 bytes
+~~ total memory allocated....: 5502104 bytes
+~~ total memory freed........: 5502104 bytes
 ~~ total allocations/frees...: 85932/85932
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/TivoDVR.pcap.out b/test/results/default/TivoDVR.pcap.out
index 8eab2a80f..317b4a695 100644
--- a/test/results/default/TivoDVR.pcap.out
+++ b/test/results/default/TivoDVR.pcap.out
@@ -1,11 +1,11 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1659655707553802}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1659655707553802}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707553802,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="}
 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","tivoconnect": {"identity_uuid":"4d696e69-444c-164e-9d41-1459c099c043","machine":"R7000P","platform":"pc\/minidlna","services":"TiVoMediaServer:8200\/http"}}}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707554438,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707554438,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1659655707554438}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1659655707554438}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498003 bytes
-~~ total memory freed........: 5498003 bytes
+~~ total memory allocated....: 5498027 bytes
+~~ total memory freed........: 5498027 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 1093 chars
-~~ json message avg len.......: 817 chars
+~~ json message avg len.......: 816 chars
diff --git a/test/results/default/WebattackRCE.pcap.out b/test/results/default/WebattackRCE.pcap.out
index 3223ef614..02612ea07 100644
--- a/test/results/default/WebattackRCE.pcap.out
+++ b/test/results/default/WebattackRCE.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576420276577658}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576420276577658}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276577658,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
 01365{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","http": {"url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)","detected_os":"Nikto\/2.1.6"}}}
@@ -3188,7 +3188,7 @@
 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277890802,"flow_src_last_pkt_time":1576420277890802,"flow_dst_last_pkt_time":1576420277890802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01319{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277892206,"flow_src_last_pkt_time":1576420277892206,"flow_dst_last_pkt_time":1576420277892206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"13": {"risk":"HTTP Susp URL","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01319{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277893798,"flow_src_last_pkt_time":1576420277893798,"flow_dst_last_pkt_time":1576420277893798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"13": {"risk":"HTTP Susp URL","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 797/797
 ~~ skipped flows.............: 0
@@ -3197,10 +3197,10 @@
 ~~ total active/idle flows...: 797/797
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7401129 bytes
-~~ total memory freed........: 7401129 bytes
+~~ total memory allocated....: 7413889 bytes
+~~ total memory freed........: 7413889 bytes
 ~~ total allocations/frees...: 99984/99984
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 574 chars
+~~ json message min len.......: 572 chars
 ~~ json message max len.......: 1782 chars
-~~ json message avg len.......: 1178 chars
+~~ json message avg len.......: 1177 chars
diff --git a/test/results/default/WebattackSQLinj.pcap.out b/test/results/default/WebattackSQLinj.pcap.out
index e2a41b62b..667043730 100644
--- a/test/results/default/WebattackSQLinj.pcap.out
+++ b/test/results/default/WebattackSQLinj.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499348407419016}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499348407419016}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348407419016,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348407419016,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419016,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419147,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
@@ -72,7 +72,7 @@
 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348494345596,"flow_src_last_pkt_time":1499348499355896,"flow_dst_last_pkt_time":1499348499355969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1840,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":1840,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1499348506489087,"flow_src_last_pkt_time":1499348511497289,"flow_dst_last_pkt_time":1499348511496699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":537,"flow_dst_max_l4_payload_len":1881,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":1881,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1499348514064531,"flow_src_last_pkt_time":1499348519077716,"flow_dst_last_pkt_time":1499348519077129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":2701,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":4149,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_usec":1499348519077716}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_usec":1499348519077716}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 94/94
 ~~ skipped flows.............: 0
@@ -81,8 +81,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5521590 bytes
-~~ total memory freed........: 5521590 bytes
+~~ total memory allocated....: 5521742 bytes
+~~ total memory freed........: 5521742 bytes
 ~~ total allocations/frees...: 86125/86125
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 553 chars
diff --git a/test/results/default/WebattackXSS.pcap.out b/test/results/default/WebattackXSS.pcap.out
index 1cfaee509..3d11523ba 100644
--- a/test/results/default/WebattackXSS.pcap.out
+++ b/test/results/default/WebattackXSS.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499346935283859}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499346935283859}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935283859,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283960,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="}
@@ -2515,7 +2515,7 @@
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081002,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_src_last_pkt_time":1499347535081893,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347535081893,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"}
-00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726}
+00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536332683,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332809,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="}
@@ -5302,7 +5302,7 @@
 00957{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01320{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088}
+00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9374/9374
 ~~ skipped flows.............: 0
@@ -5311,8 +5311,8 @@
 ~~ total active/idle flows...: 661/661
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7212190 bytes
-~~ total memory freed........: 7212190 bytes
+~~ total memory allocated....: 7222774 bytes
+~~ total memory freed........: 7222774 bytes
 ~~ total allocations/frees...: 102666/102666
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/activision.pcap.out b/test/results/default/activision.pcap.out
index 2649aa42a..bbe02eb0b 100644
--- a/test/results/default/activision.pcap.out
+++ b/test/results/default/activision.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646323526787000}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646323526787000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646323526787000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5voEAAH8RYsnAqAJkbD3rHwwCgqEAJX0XDQIA093tA5YWaZgaJ69POBvAqAAVAgxsPesfoYI="}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -15,7 +15,7 @@
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1646323628122000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1646323628154000,"pkt":"YDjgxTWgeJS0JASgCABFAAA3hJNAADURYKEtP3A2wKgCZIe1DAIAI0xRKQoAAADOR0ROAAAAAAEAAAAAAAAAAAAAAAAA"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1646323628324000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646323628324000,"pkt":"eJS0JASgYDjgxTWgCABFAAAu0NYAAH8RCmfAqAJkLT9wNgwCh7UAGpZYKLBaR04AAAAAFgAAAAAEGqAA"}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646323628926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1646330186021000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1646330186021000}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646330186021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5ncMAAH8RmPnAqAJklEitogwChgcAJQKmDQIAJQp5Uq9Qqtxv2LxZymHAqAAVAgyUSK2iB4Y="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -25,7 +25,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1646330186436000,"flow_dst_last_pkt_time":1646330186357000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646330186436000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuncUAAH8RmQLAqAJklEitogwChgcAGpHFKNl9LNUBAAAAcgYAAKNJ1wsA"}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323628043000,"flow_src_last_pkt_time":1646323628926000,"flow_dst_last_pkt_time":1646323628858000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"45.63.112.54","src_port":3074,"dst_port":34741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1646331972616000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1646331972616000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646331972616000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5EsQAAH8RdRfAqAJkrcdDBQwCkNkAJZrDDQIAgisORyh+2Z3JjlEt75TAqAAVAgytx0MF2ZA="}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -35,7 +35,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1646331972856000,"flow_dst_last_pkt_time":1646331972816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646331972856000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuEsYAAH8RdSDAqAJkrcdDBQwCkNkAGqUkKMQtpz8CAAAAVggAAAozEzkA"}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330187441000,"flow_dst_last_pkt_time":1646330187364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331973357000,"flow_dst_last_pkt_time":1646331973318000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1646331973357000}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1646331973357000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -44,8 +44,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506229 bytes
-~~ total memory freed........: 5506229 bytes
+~~ total memory allocated....: 5506301 bytes
+~~ total memory freed........: 5506301 bytes
 ~~ total allocations/frees...: 85953/85953
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/adult_content.pcap.out b/test/results/default/adult_content.pcap.out
index 44aface22..6e6f2153f 100644
--- a/test/results/default/adult_content.pcap.out
+++ b/test/results/default/adult_content.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679071239291834}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679071239291834}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1679071239291834,"pkt":"ILAB4IZiPKn0qB\/sCABFAAAwUDlAAEAR7PPAqAHHH9wbRacHAFAAHI2nAAEAACESpEJBM1FjaTROdXJPS0E="}
 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -9,7 +9,7 @@
 01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com"}}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679071239367273,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1679071239367273,"pkt":"ILAB4IZiPKn0qB\/sCABFAACIUEtAAEAR7InAqAHHH9wbRacHAFAAdHxgAAMAWCESpEJ4VHYxS21GNEJWa2kAGQAEEQAAAAAGAAdqb2huZG9lAAAUABNiLWV1MTQuc3RyaXBjZG4uY29tAAAVABBmYzdlNjU3YjkzODY1NGJmAAgAFKX\/EIV4M7nf301az2ompIrGx4iF"}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":14,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239509436,"flow_dst_last_pkt_time":1679071239465594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1204,"flow_dst_max_l4_payload_len":1376,"flow_src_tot_l4_payload_len":3131,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1679071239509436,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":25,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679071239509436}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":25,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679071239509436}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 25/25
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498698 bytes
-~~ total memory freed........: 5498698 bytes
+~~ total memory allocated....: 5498722 bytes
+~~ total memory freed........: 5498722 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
diff --git a/test/results/default/afp.pcap.out b/test/results/default/afp.pcap.out
index 4163145d9..6d8a05680 100644
--- a/test/results/default/afp.pcap.out
+++ b/test/results/default/afp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643275951277370}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643275951277370}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1643275951277370,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
@@ -8,7 +8,7 @@
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643275951277702,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277702,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643275951277715,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277715,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275952364726,"flow_dst_last_pkt_time":1643275952364172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":118,"midstream":1,"thread_ts_usec":1643275952364726,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643275952364726}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643275952364726}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 16/16
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498437 bytes
-~~ total memory freed........: 5498437 bytes
+~~ total memory allocated....: 5498461 bytes
+~~ total memory freed........: 5498461 bytes
 ~~ total allocations/frees...: 85876/85876
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/agora-sd-rtn.pcap.out b/test/results/default/agora-sd-rtn.pcap.out
index ea5159b8b..5f416975d 100644
--- a/test/results/default/agora-sd-rtn.pcap.out
+++ b/test/results/default/agora-sd-rtn.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1649093494350000}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1649093494350000}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649093494350000,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}}
@@ -70,7 +70,7 @@
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093640794000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640826000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1667,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093580792000,"flow_src_last_pkt_time":1649093580849000,"flow_dst_last_pkt_time":1649093580831000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1796,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093640842000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640842000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":1219,"flow_src_tot_l4_payload_len":1546,"flow_dst_tot_l4_payload_len":4876,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649098069656000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649098069656000}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649098069656000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
 00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}}
@@ -122,7 +122,7 @@
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069689000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":818,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2256,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1649098819739000}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1649098819739000}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649098094676000,"flow_src_last_pkt_time":1649098094724000,"flow_dst_last_pkt_time":1649098094756000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1606,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
@@ -163,7 +163,7 @@
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098849713000,"flow_src_last_pkt_time":1649098849898000,"flow_dst_last_pkt_time":1649098849881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":430,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1659,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567000,"flow_src_last_pkt_time":1649098819802000,"flow_dst_last_pkt_time":1649098819775000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":944,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":4213,"flow_dst_tot_l4_payload_len":2952,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098909723000,"flow_src_last_pkt_time":1649098909909000,"flow_dst_last_pkt_time":1649098909895000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1627,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1649336870173000}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1649336870173000}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1649336870173000,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="}
 00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}}
@@ -226,7 +226,7 @@
 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1649336965166000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965166000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFtAAD8RpDPAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFxAAD8RpDLAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1649337802272000}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1649337802272000}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1649336960225000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960225000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":498,"flow_src_tot_l4_payload_len":699,"flow_dst_tot_l4_payload_len":3468,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1649336897978000,"flow_src_last_pkt_time":1649337802273000,"flow_dst_last_pkt_time":1649336897978000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165000,"flow_src_last_pkt_time":1649336968493000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
@@ -235,7 +235,7 @@
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336954948000,"flow_src_last_pkt_time":1649336955151000,"flow_dst_last_pkt_time":1649336955137000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1812,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870432000,"flow_dst_last_pkt_time":1649336870347000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2014,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336879948000,"flow_src_last_pkt_time":1649336881379000,"flow_dst_last_pkt_time":1649336882923000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2808,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1649337802273000}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1649337802273000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 403/403
 ~~ skipped flows.............: 0
@@ -244,10 +244,10 @@
 ~~ total active/idle flows...: 26/26
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5563960 bytes
-~~ total memory freed........: 5563960 bytes
+~~ total memory allocated....: 5564384 bytes
+~~ total memory freed........: 5564384 bytes
 ~~ total allocations/frees...: 86538/86538
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 574 chars
+~~ json message min len.......: 572 chars
 ~~ json message max len.......: 2185 chars
-~~ json message avg len.......: 1379 chars
+~~ json message avg len.......: 1378 chars
diff --git a/test/results/default/ah.pcapng.out b/test/results/default/ah.pcapng.out
index f396a4f4c..2bfe322f7 100644
--- a/test/results/default/ah.pcapng.out
+++ b/test/results/default/ah.pcapng.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587338929051893}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587338929051893}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587338929051893,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="}
 00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -12,7 +12,7 @@
 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587338931051869,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"}
 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929067839,"flow_dst_last_pkt_time":1587338929075761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587338931051372,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587338931051869}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587338931051869}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500319 bytes
-~~ total memory freed........: 5500319 bytes
+~~ total memory allocated....: 5500359 bytes
+~~ total memory freed........: 5500359 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 993 chars
-~~ json message avg len.......: 778 chars
+~~ json message avg len.......: 777 chars
diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out
index fb34197a6..9313010ef 100644
--- a/test/results/default/ajp.pcap.out
+++ b/test/results/default/ajp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505154584447407}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505154584447407}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
@@ -40,7 +40,7 @@
 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1505154584618218}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1505154584618218}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/26
 ~~ skipped flows.............: 0
@@ -49,8 +49,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500899 bytes
-~~ total memory freed........: 5500899 bytes
+~~ total memory allocated....: 5500939 bytes
+~~ total memory freed........: 5500939 bytes
 ~~ total allocations/frees...: 85897/85897
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 313 chars
diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out
index a0d85a3e2..24b3ef094 100644
--- a/test/results/default/alexa-app.pcapng.out
+++ b/test/results/default/alexa-app.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490976022526783}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490976022526783}
 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783}
 00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847}
@@ -1412,7 +1412,7 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3103,"packets-processed":3074,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068}
+00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3103,"packets-processed":3074,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3103/3074
 ~~ skipped flows.............: 0
@@ -1421,8 +1421,8 @@
 ~~ total active/idle flows...: 160/160
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6630891 bytes
-~~ total memory freed........: 6630891 bytes
+~~ total memory allocated....: 6633459 bytes
+~~ total memory freed........: 6633459 bytes
 ~~ total allocations/frees...: 91575/91575
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 300 chars
diff --git a/test/results/default/alicloud.pcap.out b/test/results/default/alicloud.pcap.out
index 24c757389..f01ad5dfd 100644
--- a/test/results/default/alicloud.pcap.out
+++ b/test/results/default/alicloud.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656769158766000}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656769158766000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158766000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158766000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tl4AAD8GkXTAqAJkCNFoDJhqIye4YEtXAAAAAKAC\/\/8HVgAAAgQFtAQCCArIDoVmAAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158786000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD9MI0WgMwKgCZCMnmGqSefYnuGBLWKAScSDxJQAAAgQFrAQCCAovVu0QyA6FZgEDAwc="}
@@ -7,7 +7,7 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158796000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tmAAAD8GkXLAqAJkCNFoDJhqIye4YEtYknn2KIAYAKyCegAAAQEICsgOhYQvVu0Qzvq+uoAAAAA="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158815000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656769158815000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Gw9AADcG9MsI0WgMwKgCZCMnmGqSefYouGBLYIAQAOOP5AAAAQEICi9W7S3IDoWE"}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1656785748891000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1656785748891000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748891000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748891000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8A+kAAD8GYjHAqAJkCNFJxaBgIyc2ZzbYAAAAAKAC\/\/8KpQAAAgQFtAQCCAqCo3RMAAAAAAEDAwk="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748908000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnoGDRcRN1Nmc22aAScSBhTAAAAgQFrAQCCAowVCL2gqN0TAEDAwc="}
@@ -16,7 +16,7 @@
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748943000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656785748943000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0MH9AADgG\/KII0UnFwKgCZCMnoGDRcRN2Nmc24YAQAOP\/\/gAAAQEICjBUIxmCo3Rw"}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769159386000,"flow_dst_last_pkt_time":1656769159345000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1656785749673000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1656850884187000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1656850884187000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656850884187000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z4oAAD8G37XAqAJkCNFon5TOIye5z4t0AAAAAKAC\/\/+NLgAAAgQFtAQCCAosIFz5AAAAAAEDAwk="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884208000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnlM5sykifuc+LdaAScSCykQAAAgQFrAQCCAo0NX\/WLCBc+QEDAwc="}
@@ -39,7 +39,7 @@
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656851188434000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80KEAAD8GdrvAqAJkCNFogqW+IydMgQTQEJsn\/4AYAKwi6wAAAQEICtBzJBM0OpVuzvq+uoAAAAA="}
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656851188434000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656851188451000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0snxAADgGW+gI0WiCwKgCZCMnpb4Qmyf\/TIEE2IAQAOMwVQAAAQEICjQ6lYvQcyQT"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657056857762000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657056857762000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657056857762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wVAAAD8GgvHAqAJkCNFrndi8IycjJbSWAAAAAKAC\/\/+9AAAAAgQFtAQCCAoBLH64AAAAAAEDAwg="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857780000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857780000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGDEII0WudwKgCZCMn2Ly4f2lPIyW0l6AScSD3vQAAAgQFrAQCCApAfPHOASx+uAEDAwc="}
@@ -50,7 +50,7 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884799000,"flow_dst_last_pkt_time":1656850884767000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851189170000,"flow_dst_last_pkt_time":1656851189132000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851053621000,"flow_src_last_pkt_time":1656851054220000,"flow_dst_last_pkt_time":1656851054182000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":45078,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657229888829000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657229888829000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888829000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86Q0AAD8GXjLAqAJkCNFon5zaIycgtHeSAAAAAKAC\/\/9rRwAAAgQFtAQCCAoAMk\/BAAAAAAEDAwg="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888849000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnnNq1jGObILR3k6AScSDvdwAAAgQFrAQCCApKzKayADJPwQEDAwc="}
@@ -59,7 +59,7 @@
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888862000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888881000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657229888881000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0xVVAADcGSfII0WifwKgCZCMnnNq1jGOcILR3m4AQAOOOMQAAAQEICkrMptIAMk\/h"}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056858154000,"flow_dst_last_pkt_time":1657056858171000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1657229889603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657274814319000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657274814319000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814319000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814319000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86\/4AAD8GWmPAqAJkCNFpfaZoIyeRsipKAAAAAKAC\/\/98qAAAAgQFtAQCCAoAUhAeAAAAAAEDAwg="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGDWII0Wl9wKgCZCMnpmjO401pkbIqS6AScSBYmAAAAgQFrAQCCApNekkgAFIQHgEDAwc="}
@@ -68,7 +68,7 @@
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814354000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814372000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657274814372000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BF5AADgGCQwI0Wl9wKgCZCMnpmjO401qkbIqU4AQAOP3SwAAAQEICk16SUMAUhBB"}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229889603000,"flow_dst_last_pkt_time":1657229889562000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657274815086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1657329378461000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1657329378461000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378461000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hBoAAD8G4f\/AqAJkCNFJxcniIyfoxHdxAAAAAKAC\/\/8ZaAAAAgQFtAQCCAoBmMocAAAAAAEDAwg="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGLhoI0UnFwKgCZCMnyeKXKjiN6MR3cqAScSBD1wAAAgQFrAQCCApQu0P1AZjKHAEDAwc="}
@@ -77,7 +77,7 @@
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378492000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378511000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657329378511000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fIRAADcGsZ0I0UnFwKgCZCMnyeKXKjiO6MR3eoAQAOPikwAAAQEIClC7RBMBmMo7"}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274815086000,"flow_dst_last_pkt_time":1657274815046000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657329379426000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1657330328504000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1657330328504000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TVAAAD8GGMrAqAJkCNFJxcwEIye\/AMGAAAAAAKAC\/\/931AAAAgQFtAQCCAoBp0k0AAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328523000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnzATz8sp6vwDBgaAScSA0ZAAAAgQFrAQCCApQycMQAadJNAEDAwc="}
@@ -85,7 +85,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328654000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TWEAAD8GGLnAqAJkCNFJxcwEIye\/AMGB8\/LKe4AYAVfE4gAAAQEICgGnSX1QycMQzvq+uoAAAAA="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328673000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657330328673000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0CV1AADgGI8UI0UnFwKgCZCMnzATz8sp7vwDBiYAQAOPSfgAAAQEIClDJw6YBp0l9"}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1657555354428000}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1657555354428000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657555354428000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA813sAAD8GbObAqAJkCNFrfa1kIyfBBINEAAAAAKAC\/\/\/L2gAAAgQFtAQCCAoA8S8EAAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354448000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354448000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnrWQ5YTvVwQSDRaAScSCGhwAAAgQFrAQCCApeMwDBAPEvBAEDAwc="}
@@ -95,7 +95,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1657555354460000,"flow_dst_last_pkt_time":1657555354480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657555354480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Ow5AADgG0FsI0Wt9wKgCZCMnrWQ5YTvWwQSDTYAQAOMlQAAAAQEICl4zAOEA8S8l"}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330329394000,"flow_dst_last_pkt_time":1657330329352000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378618000,"flow_dst_last_pkt_time":1657329379426000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1657574851663000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1657574851663000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851663000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851663000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8jBEAAD8GuFDAqAJkCNFrfZEoIyeSIbrzAAAAAKAC\/\/\/yXwAAAgQFtAQCCAoBZht6AAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851693000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnkSgti4VgkiG69KAScSDtEQAAAgQFrAQCCApfXIHdAWYbegEDAwc="}
@@ -104,7 +104,7 @@
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851730000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657574851773000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BJxAADgGBs4I0Wt9wKgCZCMnkSgti4VhkiG6\/IAQAOOLhQAAAQEICl9cgiABZhu9"}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555355094000,"flow_dst_last_pkt_time":1657555355050000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657574852156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1658234723934000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1658234723934000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723934000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8iRwAAD8G2gDAqAJkCNFMwrAmIycJ+x4TAAAAAKAC\/\/8EwAAAAgQFtAQCCAoAyS57AAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723954000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKh0I0UzCwKgCZCMnsCanYywGCfseFKAScSAQYgAAAgQFrAQCCAqGsSkaAMkuewEDAwc="}
@@ -113,7 +113,7 @@
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723991000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658234723991000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BTdAADgGJO4I0UzCwKgCZCMnsCanYywHCfseHIAQAOOvEQAAAQEICoaxKT8AyS6g"}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574852138000,"flow_dst_last_pkt_time":1657574852156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1658234724424000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1658356775079000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1658356775079000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775079000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775079000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8w68AAD8GgLXAqAJkCNFret\/qIye+qJRXAAAAAKAC\/\/\/CvgAAAgQFtAQCCAoBJPayAAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775100000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2UI0Wt6wKgCZCMn3+oQtAE7vqiUWKAScSC9tgAAAgQFrAQCCAqN7vQBAST2sgEDAwc="}
@@ -122,7 +122,7 @@
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775133000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658356775133000,"pkt":"YDjgxTWgeJS0JASgCABFAAA09SVAADgGFkcI0Wt6wKgCZCMn3+oQtAE8vqiUYIAQAONcbgAAAQEICo3u9CIBJPbT"}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234724082000,"flow_dst_last_pkt_time":1658234724424000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658356775409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1658358259423000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1658358259423000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658358259423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88QkAAD8GcbHAqAJkCNFNJMo+IyebGrUIAAAAAKAC\/\/+dzAAAAgQFtAQCCAoBM1J1AAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259440000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259440000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKbsI0U0kwKgCZCMnyj73vxTWmxq1CaAScSDP+wAAAgQFrAQCCAqODsIDATNSdQEDAwc="}
@@ -132,7 +132,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1658358259451000,"flow_dst_last_pkt_time":1658358259468000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658358259468000,"pkt":"YDjgxTWgeJS0JASgCABFAAA01sBAADgGUwII0U0kwKgCZCMnyj73vxTXmxq1EYAQAONuvQAAAQEICo4OwiABM1KQ"}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775222000,"flow_dst_last_pkt_time":1658356775409000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259551000,"flow_dst_last_pkt_time":1658358259887000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":225,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1658358259887000}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":225,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1658358259887000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 225/225
 ~~ skipped flows.............: 0
@@ -141,8 +141,8 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5565626 bytes
-~~ total memory freed........: 5565626 bytes
+~~ total memory allocated....: 5565874 bytes
+~~ total memory freed........: 5565874 bytes
 ~~ total allocations/frees...: 86254/86254
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/among_us.pcap.out b/test/results/default/among_us.pcap.out
index 628ef9dcb..bf17f368f 100644
--- a/test/results/default/among_us.pcap.out
+++ b/test/results/default/among_us.pcap.out
@@ -1,10 +1,10 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":946681200000000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/amqp.pcap.out b/test/results/default/amqp.pcap.out
index 8d07b4646..7641dcef1 100644
--- a/test/results/default/amqp.pcap.out
+++ b/test/results/default/amqp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490904166118902}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490904166118902}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1490904166118902,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -25,7 +25,7 @@
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490904166119482,"flow_src_last_pkt_time":1490904170242659,"flow_dst_last_pkt_time":1490904170206101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":3469,"flow_dst_tot_l4_payload_len":105,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904170243601,"flow_dst_last_pkt_time":1490904170243630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7295,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1490904169152163,"flow_src_last_pkt_time":1490904170195756,"flow_dst_last_pkt_time":1490904170195765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2085,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1490904170243630}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1490904170243630}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 160/160
 ~~ skipped flows.............: 0
@@ -34,8 +34,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513101 bytes
-~~ total memory freed........: 5513101 bytes
+~~ total memory allocated....: 5513157 bytes
+~~ total memory freed........: 5513157 bytes
 ~~ total allocations/frees...: 86045/86045
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out
index 8874ebe19..89d67d24c 100644
--- a/test/results/default/android.pcap.out
+++ b/test/results/default/android.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1582454769772338,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
 00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -434,7 +434,7 @@
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871061577,"flow_src_last_pkt_time":1582454871061577,"flow_dst_last_pkt_time":1582454871100485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600718,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":45,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":437,"global_ts_usec":1582454872047699}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":45,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":437,"global_ts_usec":1582454872047699}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 500/475
 ~~ skipped flows.............: 0
@@ -443,8 +443,8 @@
 ~~ total active/idle flows...: 63/63
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5888771 bytes
-~~ total memory freed........: 5888771 bytes
+~~ total memory allocated....: 5889787 bytes
+~~ total memory freed........: 5889787 bytes
 ~~ total allocations/frees...: 87302/87302
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/anyconnect-vpn.pcap.out b/test/results/default/anyconnect-vpn.pcap.out
index fd2640f0c..d8955a868 100644
--- a/test/results/default/anyconnect-vpn.pcap.out
+++ b/test/results/default/anyconnect-vpn.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569687240992580}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569687240992580}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687240992580,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687240992580,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687241009657,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
@@ -454,7 +454,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267481295,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267500594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476020,"flow_src_last_pkt_time":1569687242476020,"flow_dst_last_pkt_time":1569687242476020,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271196,"flow_src_last_pkt_time":1569687242271196,"flow_dst_last_pkt_time":1569687242271196,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":589,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":457,"global_ts_usec":1569687288923007}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":589,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":457,"global_ts_usec":1569687288923007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 589/585
 ~~ skipped flows.............: 0
@@ -463,8 +463,8 @@
 ~~ total active/idle flows...: 69/69
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5757534 bytes
-~~ total memory freed........: 5757534 bytes
+~~ total memory allocated....: 5758646 bytes
+~~ total memory freed........: 5758646 bytes
 ~~ total allocations/frees...: 87275/87275
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/anydesk.pcapng.out b/test/results/default/anydesk.pcapng.out
index 4fb69ce21..149dbea6b 100644
--- a/test/results/default/anydesk.pcapng.out
+++ b/test/results/default/anydesk.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591342198821353}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591342198821353}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -17,7 +17,7 @@
 01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199366725,"flow_dst_last_pkt_time":1591342199532111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1591342199532111,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}}
 01880{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}}
 02666{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1613977585247036}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1613977585247036}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
 01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -47,7 +47,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"}
 01895{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","ja4":"t12d640500_9197985d2161_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}}
 02672{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1663090549161771}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1663090549161771}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="}
@@ -63,7 +63,7 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":174,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1663090607968067}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":174,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1663090607968067}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 174/174
 ~~ skipped flows.............: 0
@@ -72,8 +72,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5562538 bytes
-~~ total memory freed........: 5562538 bytes
+~~ total memory allocated....: 5562658 bytes
+~~ total memory freed........: 5562658 bytes
 ~~ total allocations/frees...: 86136/86136
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/avast.pcap.out b/test/results/default/avast.pcap.out
index 11a1b50d4..05b865caf 100644
--- a/test/results/default/avast.pcap.out
+++ b/test/results/default/avast.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655043322443000}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655043322443000}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043322443000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0JKZAAH8G2LbAqAJkBT42HftlAFDFZGAiAAAAAIAC+vBUewAAAgQFtAEDAwgBAQQC"}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655043322469000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ+2UJYJxaxWRgI3ASBbS5AQAAAgQFrAEDAwI="}
@@ -7,8 +7,8 @@
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655043322473000,"pkt":"eJS0JASgYDjgxTWgCABFAACIJKhAAH8G2GDAqAJkBT42HftlAFDFZGAjCWCcW1AYAgRIXAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"}
 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322499000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043322499000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6BxAADcGXUwFPjYdwKgCZABQ+2UJYJxbxWRgg1AQAW3opgAAAAAAAAAA"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655044071816000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655048600873000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655044071816000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655048600873000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655048600873000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0K+lAAH8G0lvAqAJkBT41Nfy9AFA6S0u1AAAAAIAC+vDzkQAAAgQFtAEDAwgBAQQC"}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655048600897000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/L3TPGfsOktLtnASBbTCqQAAAgQFrAEDAwI="}
@@ -16,8 +16,8 @@
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655048600901000,"pkt":"eJS0JASgYDjgxTWgCABFAACIK+tAAH8G0gXAqAJkBT41Nfy9AFA6S0u20zxn7VAYAgRSBAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"}
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600901000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655048600926000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoaUhAADcG3QgFPjU1wKgCZABQ\/L3TPGftOktMFlAQAW3yTgAAAAAAAAAA"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1655049392908000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655053076804000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1655049392908000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655053076804000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076804000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053076804000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0LApAAH8G0jrAqAJkBT41Nf2HAFDeGR0wAAAAAIAC+vB9fgAAAgQFtAEDAwgBAQQC"}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655053076831000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/Yfi7KGu3hkdMXASBbQDJAAAAgQFrAEDAwI="}
@@ -26,9 +26,9 @@
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076836000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076863000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655053076863000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+2lAADcGSucFPjU1wKgCZABQ\/Yfi7KGv3hkdkVAQAW0yyQAAAAAAAAAA"}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655044071816000,"flow_dst_last_pkt_time":1655044071842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655053076921000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1655053790549000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1655054462572000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1655072558567000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1655053790549000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1655054462572000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1655072558567000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655072558567000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655072558567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SOJAAH8GtD7AqAJkBT42WeKuAFDHdiAUAAAAAIAC+vCq8gAAAgQFtAEDAwgBAQQC"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558593000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655072558593000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQ4q5sq8EMx3YgFXASBbSHewAAAgQFrAEDAwI="}
@@ -38,8 +38,8 @@
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655072558598000,"flow_dst_last_pkt_time":1655072558624000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655072558624000,"pkt":"YDjgxTWgeJS0JASgCABFAAAof7ZAADcGxXYFPjZZwKgCZABQ4q5sq8ENx3YgdVAQAW23IAAAAAAAAAAA"}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655049392908000,"flow_dst_last_pkt_time":1655049392932000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655054462572000,"flow_dst_last_pkt_time":1655054462599000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655073305718000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657055010698000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655073305718000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657055010698000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010698000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657055010698000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aRtAAH8GlSnAqAJkBT41NcJeAFAUkygfAAAAAIAC+vB3PwAAAgQFtAEDAwgBAQQC"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657055010725000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQwl7SZ2G3FJMoIHASBbRNYQAAAgQFrAEDAwI="}
@@ -48,9 +48,9 @@
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010734000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657055010762000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCZAADcGqioFPjU1wKgCZABQwl7SZ2G4FJMogFAQAW19BgAAAAAAAAAA"}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655073554764000,"flow_dst_last_pkt_time":1655073554790000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657055010934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1657055653080000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657056295590000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657203798816000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1657055653080000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657056295590000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657203798816000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657203798816000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ngdAAH8GXxnAqAJkBT42WcF8AFBgG1unAAAAAIAC+vD37AAAAgQFtAEDAwgBAQQC"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657203798842000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQwXwE4IZnYBtbqHASBbR25gAAAgQFrAEDAwI="}
@@ -59,8 +59,8 @@
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798845000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798871000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657203798871000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6YhAADcGW6QFPjZZwKgCZABQwXwE4IZoYBtcCFAQAW2miwAAAAAAAAAA"}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657056295590000,"flow_dst_last_pkt_time":1657056295616000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657203798932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657204596088000}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1657475015947000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657204596088000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1657475015947000}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475015947000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657475015947000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0NRdAAH8GyEXAqAJkBT42HeQsAFCc4xvZAAAAAIAC+vDYfgAAAgQFtAEDAwgBAQQC"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015975000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657475015975000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ5CxO2JJPnOMb2nASBbQBmAAAAgQFrAEDAwI="}
@@ -76,9 +76,9 @@
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1657475603758000,"pkt":"eJS0JASgYDjgxTWgCABFAACINWNAAH8Gx2nAqAJkBT42WdSFAFBlBx5gDIVhMlAYAgRUGwAATk9TQQBgAQEAAAMB8zwJGkJSRRQAAAAABYiCpXRH+WmBnnTxsTaTNZqejhNMSUMUljUok9KFl0dRXc72tHtQFwKSnYJAcpIFTFVOEALhpIIAlg+MdKN9FpVUWsmF\/QhQ"}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475603758000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657475603758000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoYdxAADcG41AFPjZZwKgCZABQ1IUMhWEyZQcewFAQAW3pbwAAAAAAAAAA"}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":110,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1657475721074000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":110,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1657475721074000}
 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475203218000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657475735090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1657612856239000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1657612856239000}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856239000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657612856239000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DwdAAH8G7lXAqAJkBT42HeF\/AFBeZJgBAAAAAIAC+vCdggAAAgQFtAEDAwgBAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657612856269000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ4X\/x2q1EXmSYAnASBbQIpAAAAgQFrAEDAwI="}
@@ -87,8 +87,8 @@
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856321000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657612856321000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo9wtAADcGTl0FPjYdwKgCZABQ4X\/x2q1FXmSYYlAQAW04SQAAAAAAAAAA"}
 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475749106000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657612856413000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1657613496559000}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657715755306000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1657613496559000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657715755306000}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657715755306000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657715755306000,"pkt":"eJS0JASgYDjgxTWgCABFAAA07PtAAH8GEPvAqAJkBT41g\/UVAFBENDSQAAAAAIAC+vAIKAAAAgQFtAEDAwgBAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755336000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657715755336000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRfsFPjWDwKgCZABQ9RVBYkV5RDQ0kXASBbSLjQAAAgQFrAEDAwI="}
@@ -98,7 +98,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657715755343000,"flow_dst_last_pkt_time":1657715755373000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657715755373000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+DZAADcGTcwFPjWDwKgCZABQ9RVBYkV6RDQ08VAQAW27MgAAAAAAAAAA"}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657613709852000,"flow_dst_last_pkt_time":1657613709881000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657715755532000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657716324963000,"flow_dst_last_pkt_time":1657716324992000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1657716324992000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1657716324992000}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1657716324992000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 142/142
 ~~ skipped flows.............: 0
@@ -107,8 +107,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5542119 bytes
-~~ total memory freed........: 5542119 bytes
+~~ total memory allocated....: 5542287 bytes
+~~ total memory freed........: 5542287 bytes
 ~~ total allocations/frees...: 86111/86111
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/avast_securedns.pcapng.out b/test/results/default/avast_securedns.pcapng.out
index 61a76bf7a..cfeb185f3 100644
--- a/test/results/default/avast_securedns.pcapng.out
+++ b/test/results/default/avast_securedns.pcapng.out
@@ -1,10 +1,10 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625215624443704}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625215624443704}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625215624443704,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624563615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625215624563615,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625241699450886}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625241699450886}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241699450886,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -18,7 +18,7 @@
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241714666452,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241714666452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625241714787539,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1625320207133036}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1625320207133036}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625320207133036,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -30,7 +30,7 @@
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699572209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241701462154,"flow_src_last_pkt_time":1625241701462154,"flow_dst_last_pkt_time":1625241701583055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1625321673727184}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1625321673727184}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625321673727184,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"}
 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -41,7 +41,7 @@
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625321675403948,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207252515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320209063685,"flow_src_last_pkt_time":1625320209063685,"flow_dst_last_pkt_time":1625320209184034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1625395217252548}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1625395217252548}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625395217252548,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"}
 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -52,7 +52,7 @@
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625395217373676,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673848204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321675283046,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1625401091063741}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1625401091063741}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625401091063741,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -63,14 +63,14 @@
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625401093443763,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217373676,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1625413810414650}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1625413810414650}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625413810414650,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810531155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625413810531155,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091190472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401093323098,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1625477697370410}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1625477697370410}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477697370410,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -92,7 +92,7 @@
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477739836341,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836341,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477739836341,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739952878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625477739952878,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1625482316411404}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1625482316411404}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482316411404,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -137,7 +137,7 @@
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482401089959,"flow_src_last_pkt_time":1625482401089959,"flow_dst_last_pkt_time":1625482401211672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482399044158,"flow_src_last_pkt_time":1625482399044158,"flow_dst_last_pkt_time":1625482399165298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316532446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":140,"global_ts_usec":1625482998213179}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":140,"global_ts_usec":1625482998213179}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482998213179,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -168,7 +168,7 @@
 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625483073457882,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":171,"global_ts_usec":1625511643408589}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":171,"global_ts_usec":1625511643408589}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625511643408589,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -182,7 +182,7 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073457882,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073336987,"flow_src_last_pkt_time":1625483073336987,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":185,"global_ts_usec":1625556065479179}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":185,"global_ts_usec":1625556065479179}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556065479179,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -200,7 +200,7 @@
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556102196787,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556102196787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625556102314591,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1625558730271025}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1625558730271025}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625558730271025,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -215,7 +215,7 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556100118860,"flow_src_last_pkt_time":1625556100118860,"flow_dst_last_pkt_time":1625556100236729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730389235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1625558735164269}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1625558735164269}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 77/77
 ~~ skipped flows.............: 0
@@ -224,8 +224,8 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5582742 bytes
-~~ total memory freed........: 5582742 bytes
+~~ total memory allocated....: 5583374 bytes
+~~ total memory freed........: 5583374 bytes
 ~~ total allocations/frees...: 86355/86355
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 574 chars
diff --git a/test/results/default/bacnet.pcap.out b/test/results/default/bacnet.pcap.out
index 20c032afe..fb6e867c7 100644
--- a/test/results/default/bacnet.pcap.out
+++ b/test/results/default/bacnet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268949991615}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268949991615}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680268949991615,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPMR\/YxBMRRiWpNF28\/yusAAGQAAgQoAEQEEAAWpDAwCP\/\/\/GUsA"}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
@@ -14,24 +14,24 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680269481013331,"pkt":"bpHurUgdPJTVQTiBCABFAAAt1DEAAPMRTUFAPsWmWpNF1Y84usAAGQAAgQoAEQEEAAXcDAwCP\/\/\/GUsA"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1680270793239173}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1680270793239173}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680270793239173,"pkt":"AAwp30Y4PJTVQTiBCABFAAAt1DEAAPoRbRbG6xgnWpNF0tU7usAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269473899742,"flow_src_last_pkt_time":1680269473899742,"flow_dst_last_pkt_time":1680269473899742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.26","dst_ip":"90.147.69.221","src_port":36992,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271991867802}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271991867802}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680271991867802,"pkt":"ipffLU2SPJTVQTiBCABFCAAtP98AACQRhKSnXopvWpNF1GmhusAAGe\/YgQoAEQEEAAUBDAwCP\/\/\/GUsA"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680273941879740}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680273941879740}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680273941879740,"pkt":"moT+\/Ph8PJTVQTiBCABFAAAt\/WwAACcR1cyijn2MWpNF2flsusAAGXG7gQoAEQEEAAUBDAwCP\/\/\/GUsA"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1680278570937544}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1680278570937544}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278570937544,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPoRbQfG6xgtWpNF28rSusAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
@@ -40,7 +40,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278735577357,"pkt":"bs1PogZtPJTVQTiBCABFAAAt7PQAACcR5kqijn2EWpNF23RWusAAGfbXgQoAEQEEAAUBDAwCP\/\/\/GUsA"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278735577357,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"162.142.125.132","dst_ip":"90.147.69.219","src_port":29782,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1681133167315255}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1681133167315255}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1681133167315255,"pkt":"AQIDBAUGABorPE1eCABFAAAoq9VAAEARkffMrLH\/zKyxn7rAusAAFPoNgQsADAEg\/\/8A\/xAI"}
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
@@ -54,7 +54,7 @@
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133274409641,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133274409641,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133345185904,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133345185904,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133388520203,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133388520203,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1681133388520203}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1681133388520203}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 23/23
 ~~ skipped flows.............: 0
@@ -63,8 +63,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518188 bytes
-~~ total memory freed........: 5518188 bytes
+~~ total memory allocated....: 5518356 bytes
+~~ total memory freed........: 5518356 bytes
 ~~ total allocations/frees...: 85982/85982
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/bad-dns-traffic.pcap.out b/test/results/default/bad-dns-traffic.pcap.out
index b637e2528..d5bbe7b9f 100644
--- a/test/results/default/bad-dns-traffic.pcap.out
+++ b/test/results/default/bad-dns-traffic.pcap.out
@@ -1,42 +1,42 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486012623234684}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486012623234684}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012623234684,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012624242985,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012624242985,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012624242985,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1486012624325522,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
-01469{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012624325522,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}}
+01471{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012624325522,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1486012624325823,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012624325823,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR8\/FAAEARVKHAqCtbBAICBIx+ADUAPZ97lHsBAAABAAAAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1486012624325823,"flow_dst_last_pkt_time":1486012624382053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1486012624382053,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFjwlHuBgAABAAEAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSOTZiMjAxYTYyMTAxMGFjMzYy"}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012635073060,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01349{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012636079520,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012636079520,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012636079520,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012637085359,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012637085359,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012637085359,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012638093433,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/K5AAEARS77AqCtbBAICBNwiADUAY1PDy0gBAAABAAAAAAAAODQ2YjEwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012638093433,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012638093433,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012639101974,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ZNAAEARStnAqCtbBAICBNwiADUAY\/RRFrgBAAABAAAAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAQ=="}
-01466{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012639101974,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012639174914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1486012639174914,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}}
-02595{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012651592518,"flow_dst_last_pkt_time":1486012651846910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1397,"midstream":0,"thread_ts_usec":1486012651846910,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":63089,"avg":1073977.6,"max":4101854,"stddev":689094.3,"var":474850951168.0,"ent":4.7,"data": [1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851]},"pktlen": {"min":81,"avg":115.2,"max":309,"stddev":50.6,"var":2560.6,"ent":4.9,"data": [119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309]},"bins": {"c_to_s": [0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012676167582,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01318{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":89,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012686228125,"flow_dst_last_pkt_time":1486012686227663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":26440,"flow_dst_tot_l4_payload_len":22745,"midstream":0,"thread_ts_usec":1486012686228125,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012726429073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01468{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012639101974,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012639174914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1486012639174914,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}}
+02597{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012651592518,"flow_dst_last_pkt_time":1486012651846910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1397,"midstream":0,"thread_ts_usec":1486012651846910,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":63089,"avg":1073977.6,"max":4101854,"stddev":689094.3,"var":474850951168.0,"ent":4.7,"data": [1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851]},"pktlen": {"min":81,"avg":115.2,"max":309,"stddev":50.6,"var":2560.6,"ent":4.9,"data": [119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309]},"bins": {"c_to_s": [0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01314{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012676167582,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":89,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012686228125,"flow_dst_last_pkt_time":1486012686227663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":26440,"flow_dst_tot_l4_payload_len":22745,"midstream":0,"thread_ts_usec":1486012686228125,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01314{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012726429073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012730177697,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-01348{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1486012730381593,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
-01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012730381593,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}}
+01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012730381593,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1486012730381905,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012730381905,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1486012730381905,"flow_dst_last_pkt_time":1486012730437815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1486012730437815,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYGtAeT+BgAABAAEAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1YzRmMDFlNmRhNmVhMjgzNTHAHw=="}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1486012731395086,"flow_dst_last_pkt_time":1486012730437815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012731395086,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL1lAAEARGTrAqCtbBAICBLdxADUAPbE6V7kBAAABAAAAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
-01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01317{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01310{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1486012733669835}
+01311{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01319{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01312{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1486012733669835}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 382/382
 ~~ skipped flows.............: 0
@@ -45,10 +45,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513832 bytes
-~~ total memory freed........: 5513832 bytes
+~~ total memory allocated....: 5513888 bytes
+~~ total memory freed........: 5513888 bytes
 ~~ total allocations/frees...: 86275/86275
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
-~~ json message max len.......: 2600 chars
+~~ json message min len.......: 575 chars
+~~ json message max len.......: 2602 chars
 ~~ json message avg len.......: 1587 chars
diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out
index 7c78fc4ec..1ae2f732a 100644
--- a/test/results/default/badpackets.pcap.out
+++ b/test/results/default/badpackets.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495451029466717}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495451029466717}
 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451029466717,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717}
 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451030401327,"packet_id":2,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327}
@@ -122,7 +122,7 @@
 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987}
 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1495451632004127}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1495451632004127}
 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451632004127,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127}
 01151{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"}
 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636457182,"packet_id":61,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182}
@@ -191,7 +191,7 @@
 00949{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"}
 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451915752227,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227}
 00664{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_usec":1495451915752227}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_usec":1495451915752227}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 93/0
 ~~ skipped flows.............: 0
@@ -200,8 +200,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 320 chars
diff --git a/test/results/default/beckhoff_ads.pcapng.out b/test/results/default/beckhoff_ads.pcapng.out
index 42a952c28..48fdc2644 100644
--- a/test/results/default/beckhoff_ads.pcapng.out
+++ b/test/results/default/beckhoff_ads.pcapng.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464342183296235}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464342183296235}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1464342183296235,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296235,"pkt":"AAEFDXVguK7tfhtMCABFAAAwApZAAIAGAADAqAFjwKgBCMAxvwIE4+LLAAAAAHAC\/\/+D3gAAAgQFtAEBBAI="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1464342183296235,"flow_dst_last_pkt_time":1464342183296582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1464342183296582,"pkt":"uK7tfhtMAAEFDXVgCABFAAAwACFAAIAGduvAqAEIwKgBY78CwDEAX9wABOPizHASgyw44wAAAgQFtAEBBAI="}
@@ -9,7 +9,7 @@
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1464342183297046,"flow_dst_last_pkt_time":1464342183297751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1464342183297751,"pkt":"uK7tfhtMAAEFDXVgCABFAABWACJAAIAGdsTAqAEIwKgBY78CwDEAX9wBBOPi8lAYgwbOTgAAAAAoAAAAwKgBYwEBA4AFDXVgAQEQJwQABQAIAAAAAAAAAAUAAAAAAAAABQACAA=="}
 02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209208136,"flow_dst_last_pkt_time":1464342209208822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1464342209208822,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":347,"avg":1671757.6,"max":25812409,"stddev":6313651.0,"var":39862191259648.0,"ent":1.1,"data": [347,423,388,1169,198854,25613267,25812409,3967,3716,23996,23596,50986,50986,3994,4006,2129,2480,1881,1867,1982,1982,1999,1993,2000,1998,2015,2016,2024,2026,1996,1996]},"pktlen": {"min":40,"avg":100.4,"max":318,"stddev":47.8,"var":2284.8,"ent":4.9,"data": [48,48,40,78,86,40,90,90,90,318,118,86,78,86,82,82,118,86,136,87,133,86,134,87,135,86,134,87,136,87,134,86]},"bins": {"c_to_s": [3,5,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,13,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.102187157,4.537780762,4.334184647,4.058208466,4.054616928,4.453056335,3.858134031,3.871968746,3.874475002,3.622990608,3.363279343,3.975625038,4.113958359,4.077686787,3.958570004,4.088738441,3.346330643,4.026189327,4.928956985,4.066451550,4.906247616,4.092061996,4.933094978,4.057775021,4.965210915,4.115317822,4.918169498,4.066451550,4.982229233,4.089439869,4.933094501,4.147351265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1464342183296235,"flow_src_last_pkt_time":1464342209589146,"flow_dst_last_pkt_time":1464342209589545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":708,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":1934,"midstream":0,"thread_ts_usec":1464342209589545,"l3_proto":"ip4","src_ip":"192.168.1.99","dst_ip":"192.168.1.8","src_port":49201,"dst_port":48898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BeckhoffADS","proto_id":"365","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1464342209589545}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/beckhoff_ads.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":3310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1464342209589545}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499423 bytes
-~~ total memory freed........: 5499423 bytes
+~~ total memory allocated....: 5499447 bytes
+~~ total memory freed........: 5499447 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/bets.pcapng.out b/test/results/default/bets.pcapng.out
index c2043c64d..d54ff3958 100644
--- a/test/results/default/bets.pcapng.out
+++ b/test/results/default/bets.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1693252376328241}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1693252376328241}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376328241,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1693252376328241,"pkt":"RQAAQAAAQABABvsXwKgKAg3gZxbqwwG7A+7xFgAAAACwAv\/\/lHwAAAIEBWQBAwMGAQEICjEzUHgAAAAABAIAAA=="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1693252376373304,"pkt":"RQAAPAAAQAD1BkYbDeBnFsCoCgIBu+rDfMJDrwPu8RegEv\/\/nUwAAAIEBaAEAggKSjv9NzEzUHgBAwMJ"}
@@ -10,7 +10,7 @@
 01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d4907h2_0d8feac7bc37_7395dae3b2f3","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10758.4,"max":46532,"stddev":18210.4,"var":331618016.0,"ent":3.2,"data": [45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747]},"pktlen": {"min":52,"avg":286.8,"max":1420,"stddev":477.2,"var":227739.3,"ent":3.6,"data": [64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1],"entropies": [4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376516972,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516972,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1693252376516972}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1693252376516972}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514861 bytes
-~~ total memory freed........: 5514861 bytes
+~~ total memory allocated....: 5514885 bytes
+~~ total memory freed........: 5514885 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/bfd.pcap.out b/test/results/default/bfd.pcap.out
index 85b498421..14f590c59 100644
--- a/test/results/default/bfd.pcap.out
+++ b/test/results/default/bfd.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1407756994998897}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1407756994998897}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1407756994998897,"pkt":"qrvMAAMQqrvMAAEQgQAADQgARcAANAABAAD\/EWrxmwENAZsBDQPAAA7IACCXvyBAAxgAAAABAAAAAAAPQkAAD0JAAAehIA=="}
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994998897,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756994998897,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -23,7 +23,7 @@
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756994998897,"flow_src_last_pkt_time":1407756994999521,"flow_dst_last_pkt_time":1407756994998897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1407756995493239,"flow_src_last_pkt_time":1407756995493316,"flow_dst_last_pkt_time":1407756995493239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.3","dst_ip":"155.1.13.3","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1407756995403541,"flow_src_last_pkt_time":1407756995862322,"flow_dst_last_pkt_time":1407756995403541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1407756995862322,"l3_proto":"ip4","src_ip":"155.1.13.1","dst_ip":"155.1.13.1","src_port":49152,"dst_port":3785,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BFD","proto_id":"401","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1407756995862322}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/bfd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":192,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1407756995862322}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -32,8 +32,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504808 bytes
-~~ total memory freed........: 5504808 bytes
+~~ total memory allocated....: 5504880 bytes
+~~ total memory freed........: 5504880 bytes
 ~~ total allocations/frees...: 85904/85904
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/bitcoin.pcap.out b/test/results/default/bitcoin.pcap.out
index 0736968fa..4d2c3af3b 100644
--- a/test/results/default/bitcoin.pcap.out
+++ b/test/results/default/bitcoin.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1301327937725033}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1301327937725033}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301327937725033,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
@@ -29,7 +29,7 @@
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328473077893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1301328473077893,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328487120277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328487120277,"pkt":"ACNshovhACPrIpS0CABFAABxMvRAAG8GgQJCRFMWwKgBjiCN2Ff1mJ4OLY+1yIAY\/5YyzAAAAQEICgBK7fonMvBH+b602WludgAAAAAAAAAAACUAAAAXvAGWAQEAAAAYqnCtA4JeCfSWUZFYsh6sAyMBtBHVR6Y5dbVZJO1sMQ=="}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328526763444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328526763444,"pkt":"ACNshovhACPrIpS0CABFAABxM2VAAG8GgJFCRFMWwKgBjiCN2Ff1mJ5LLY+1yIAY\/5bHMAAAAQEICgBK74cnMvDT+b602WludgAAAAAAAAAAACUAAAAOAWk4AQEAAACmU2ocFfjbk6bwRfCWT0dV1t0G5OkxndgzFqeVZZtzHw=="}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1301328538215424}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":112864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1301328538215424}
 02266{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301328607711436,"flow_dst_last_pkt_time":1301328616076718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9102,"flow_dst_tot_l4_payload_len":23653,"midstream":1,"thread_ts_usec":1301328616076718,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":8965742.0,"max":134322478,"stddev":25481870.0,"var":649325705166848.0,"ent":2.2,"data": [62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753]},"pktlen": {"min":72,"avg":1075.6,"max":1500,"stddev":630.5,"var":397582.1,"ent":4.7,"data": [157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0],"s_to_c": [1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301328699728375,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301328699728375,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
@@ -39,7 +39,7 @@
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328717164944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328717164944,"pkt":"ACNshovhACPrIpS0CABFAABrBgZAAHUGaMTD2hCywKgBjiCN2GjjI7OQQQ13l4AYAQQrZwAAAQEICgAAKOAnMvki+b602WFkZHIAAAAAAAAAAB8AAABr2MyYATqzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/1XJqP0gjQ=="}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328728615715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328728615715,"pkt":"ACNshovhACPrIpS0CABFAABrByNAAHUGZ6fD2hCywKgBjiCN2GjjI7PHQQ13l4AYAQSkaAAAAQEICgAALVknMvnN+b602WFkZHIAAAAAAAAAAB8AAAATXr9rAUCzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/4FhwkwgjQ=="}
 02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328741904043,"flow_dst_last_pkt_time":1301328743741542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5826,"flow_dst_tot_l4_payload_len":27918,"midstream":1,"thread_ts_usec":1301328743741542,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":2780285.0,"max":41186439,"stddev":7975567.0,"var":63609669419008.0,"ent":2.2,"data": [128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074]},"pktlen": {"min":72,"avg":1106.5,"max":1500,"stddev":621.5,"var":386298.0,"ent":4.7,"data": [157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0],"s_to_c": [1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120]},"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":387,"packets-processed":386,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1301329138452825}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":387,"packets-processed":386,"total-skipped-flows":0,"total-l4-payload-len":372733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1301329138452825}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301329304767401,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
@@ -47,14 +47,14 @@
 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1301329305005443,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1301329305005443,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1301329309391663,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329309391663,"pkt":"ACPrIpS0ACNshovhCABFAABxpRVAAEAGdYnAqAGOuDqld9i\/II0stRd5NDMFdYAY\/\/\/QMQAAAQEICiczEOgAVd0S+b602WludgAAAAAAAAAAACUAAAAM+O86AQEAAABjYqN6+8l5NV5ILuoyGWmRHhZ4vrImNA17xLD+35pOKQ=="}
 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1301329331545459,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329331545459,"pkt":"ACPrIpS0ACNshovhCABFAABx5FNAAEAGNkvAqAGOuDqld9i\/II0stRe2NDMFdYAY\/\/+YyAAAAQEICiczEcYAVd7J+b602WludgAAAAAAAAAAACUAAACKqR5BAQEAAADko5gKOXTkTY\/EAL+Sv3gEjdoxRRE7Qf9xD2E6EXEwBA=="}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1301329743430837}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":390162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1301329743430837}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":117,"flow_first_seen":1301328319392147,"flow_src_last_pkt_time":1301329810648952,"flow_dst_last_pkt_time":1301328837883797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":25033,"flow_dst_tot_l4_payload_len":127108,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":72,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301329743430837,"flow_dst_last_pkt_time":1301329807659230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23722,"flow_dst_tot_l4_payload_len":51175,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":3,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329810839993,"flow_dst_last_pkt_time":1301329452712485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1061,"flow_src_tot_l4_payload_len":1498,"flow_dst_tot_l4_payload_len":1186,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":96,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301329809784023,"flow_dst_last_pkt_time":1301329809936278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":40981,"flow_dst_tot_l4_payload_len":64003,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":3,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327939000921,"flow_dst_last_pkt_time":1301327938227159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20617,"flow_dst_tot_l4_payload_len":1573,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":29,"flow_first_seen":1301328089970465,"flow_src_last_pkt_time":1301328231627793,"flow_dst_last_pkt_time":1301328234467725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":34585,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":529,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1301329810839993}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":529,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":391630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1301329810839993}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 529/529
 ~~ skipped flows.............: 0
@@ -63,10 +63,10 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5524174 bytes
-~~ total memory freed........: 5524174 bytes
+~~ total memory allocated....: 5524278 bytes
+~~ total memory freed........: 5524278 bytes
 ~~ total allocations/frees...: 86444/86444
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2493 chars
-~~ json message avg len.......: 1530 chars
+~~ json message avg len.......: 1529 chars
diff --git a/test/results/default/bittorrent.pcap.out b/test/results/default/bittorrent.pcap.out
index f8d41be6b..14ab957a4 100644
--- a/test/results/default/bittorrent.pcap.out
+++ b/test/results/default/bittorrent.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
 01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}}
@@ -161,7 +161,7 @@
 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1455469974358684,"flow_src_last_pkt_time":1455469975341953,"flow_dst_last_pkt_time":1455469976244642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":639,"flow_src_tot_l4_payload_len":451,"flow_dst_tot_l4_payload_len":686,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441488,"flow_src_last_pkt_time":1455469969441488,"flow_dst_last_pkt_time":1455469969441488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407300,"flow_src_last_pkt_time":1455469975407300,"flow_dst_last_pkt_time":1455469975407300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 299/299
 ~~ skipped flows.............: 0
@@ -170,8 +170,8 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5601656 bytes
-~~ total memory freed........: 5601656 bytes
+~~ total memory allocated....: 5602048 bytes
+~~ total memory freed........: 5602048 bytes
 ~~ total allocations/frees...: 86434/86434
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 569 chars
diff --git a/test/results/default/bittorrent_tcp_miss.pcapng.out b/test/results/default/bittorrent_tcp_miss.pcapng.out
index 7f4cf8cb5..edd678fe4 100644
--- a/test/results/default/bittorrent_tcp_miss.pcapng.out
+++ b/test/results/default/bittorrent_tcp_miss.pcapng.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673446123917965}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673446123917965}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673446123917965,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1673446123917965,"pkt":"UlQARf4hvGGTecRkCABFAAA8AbRAAEAGffTAqHoiskfOAb9bGuH76ArUAAAAAKAC\/\/\/tPAAAAgQFtAQCCAqT2yrZAAAAAAEDAwg="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123936638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1673446123936638,"pkt":"vGGTecRkUlQARf4hCABFAAA0vJhAAHgGixeyR84BwKh6Ihrhv1taDkQc++gK1YAS\/\/802wAAAgQFoAEDAwgBAQQC"}
@@ -9,7 +9,7 @@
 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124058520,"flow_dst_last_pkt_time":1673446124076131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":424,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":1043,"midstream":0,"thread_ts_usec":1673446124076131,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"0f6b9cd2b7da4de9b6c846203920e3da49cdb795"}}}
 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124132868,"flow_dst_last_pkt_time":1673446124132335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1025,"flow_dst_tot_l4_payload_len":22693,"midstream":0,"thread_ts_usec":1673446124132868,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":13847.5,"max":64959,"stddev":17166.0,"var":294672928.0,"ent":3.8,"data": [18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8]},"pktlen": {"min":40,"avg":782.2,"max":1480,"stddev":666.4,"var":444053.7,"ent":4.4,"data": [60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]},"bins": {"c_to_s": [8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0],"entropies": [4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124222811,"flow_dst_last_pkt_time":1673446124229821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":90373,"midstream":0,"thread_ts_usec":1673446124229821,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1673446124229821}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1673446124229821}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502921 bytes
-~~ total memory freed........: 5502921 bytes
+~~ total memory allocated....: 5502945 bytes
+~~ total memory freed........: 5502945 bytes
 ~~ total allocations/frees...: 85961/85961
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/bittorrent_utp.pcap.out b/test/results/default/bittorrent_utp.pcap.out
index 34d3b04e1..25a3935b6 100644
--- a/test/results/default/bittorrent_utp.pcap.out
+++ b/test/results/default/bittorrent_utp.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1456385034843882}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1456385034843882}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1456385034843882,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
@@ -10,7 +10,7 @@
 01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385040274000,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1456385040274157,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1456385040390819,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1456385040390819,"pkt":"xCwDBkn+LFbcjDU0CABFCADuPhxAAHARRg9S83ErwKgBBf3Jn\/8A2oQHAQBTAxDwaHYJ8SkXABAAAOf2ScYTQml0VG9ycmVudCBwcm90b2NvbAAAAAAAGAAFDKTI5\/smo1Sxp6oVuuryYGfGaBEtTFQxMTAwLTFGYTUzMVJ0THV2dwAAAHEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/ff\/+\/\/\/\/v++\/7\/\/f\/f\/\/\/t\/+5gAAAAAEB"}
 02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385041276103,"flow_dst_last_pkt_time":1456385041181191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":14142,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1456385041276103,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":959,"avg":411920.3,"max":5430275,"stddev":1202360.0,"var":1445669502976.0,"ent":2.4,"data": [4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540]},"pktlen": {"min":48,"avg":497.2,"max":1500,"stddev":600.8,"var":360942.7,"ent":4.0,"data": [132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037]},"bins": {"c_to_s": [3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0],"s_to_c": [11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0],"entropies": [5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1704898946338043}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1704898946338043}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1704898946338043,"pkt":"AAAAAAAAAAAAAAAACABFAAAwp8NAALARJPd\/AAABfwAAAcLFgjUAHP4vQQBFZ+1jkpYAAAAAABAAACPGAAA="}
 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898946338043,"flow_dst_last_pkt_time":1704898946338043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704898946338043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
@@ -20,7 +20,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898947830917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1704898949036574,"pkt":"AAAAAAAAAAAAAAAACABFAAA1qOdAALARI85\/AAABfwAAAcLFgjUAIf40AQBFaO2Mv60AAACFABAAACPIRWZ0ZXN0Cg=="}
 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":39,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385044298958,"flow_dst_last_pkt_time":1456385054059812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":34679,"flow_dst_tot_l4_payload_len":3198,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704898946338043,"flow_src_last_pkt_time":1704898949036574,"flow_dst_last_pkt_time":1704898949036733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1704898949036733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49861,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1704898949036733}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":38006,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1704898949036733}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 92/92
 ~~ skipped flows.............: 0
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502841 bytes
-~~ total memory freed........: 5502841 bytes
+~~ total memory allocated....: 5502881 bytes
+~~ total memory freed........: 5502881 bytes
 ~~ total allocations/frees...: 85964/85964
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/bjnp.pcap.out b/test/results/default/bjnp.pcap.out
index ea51a1883..4790ae8bb 100644
--- a/test/results/default/bjnp.pcap.out
+++ b/test/results/default/bjnp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467725378685790}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467725378685790}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_usec":1467725378685790,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -40,7 +40,7 @@
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113794,"flow_src_last_pkt_time":1467725384113794,"flow_dst_last_pkt_time":1467725384113794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909788,"flow_src_last_pkt_time":1467725383909788,"flow_dst_last_pkt_time":1467725383909788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705789,"flow_src_last_pkt_time":1467725383705789,"flow_dst_last_pkt_time":1467725383705789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1467725385329792}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1467725385329792}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -49,8 +49,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517811 bytes
-~~ total memory freed........: 5517811 bytes
+~~ total memory allocated....: 5517979 bytes
+~~ total memory freed........: 5517979 bytes
 ~~ total allocations/frees...: 85969/85969
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 517 chars
diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out
index 15173b923..f4cff9431 100644
--- a/test/results/default/bot.pcap.out
+++ b/test/results/default/bot.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645108240233170}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645108240233170}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"}
@@ -9,7 +9,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="}
 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01081{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1645108245896491}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1645108245896491}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 402/402
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509860 bytes
-~~ total memory freed........: 5509860 bytes
+~~ total memory allocated....: 5509884 bytes
+~~ total memory freed........: 5509884 bytes
 ~~ total allocations/frees...: 86268/86268
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/bt-dns.pcap.out b/test/results/default/bt-dns.pcap.out
index 27dad6a9d..d71492b22 100644
--- a/test/results/default/bt-dns.pcap.out
+++ b/test/results/default/bt-dns.pcap.out
@@ -1,11 +1,11 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00733{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":78726493,"pkt":"UlQAEjUDCAAn5uVZCABFAAA6fBwAAIARpoUKAAIPCgACA+lnADUAJvPGb\/EBAAABAAAAAAAACHV0b3JyZW50A2NvbQAAAQAB"}
 01025{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":78730365,"pkt":"CAAn5uVZUlQAEjUCCABFAABKEKAAAEARUfIKAAIDCgACDwA16WcANruUb\/GBgAABAAEAAAAACHV0b3JyZW50A2NvbQAAAQABwAwAAQABAAAC5wAEYo+SBw=="}
 01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"98.143.146.7"}}}
 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00621{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":78730365}
+00619{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":78730365}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/bt-http.pcapng.out b/test/results/default/bt-http.pcapng.out
index e61301405..680ef1f9f 100644
--- a/test/results/default/bt-http.pcapng.out
+++ b/test/results/default/bt-http.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631962352376282}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631962352376282}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352376282,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631962352376282,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8rHZAAEAGOofAqAGAsB\/hdrciAFDsRCPNAAAAAKACC2gBUwAAAgQFtAQCCApMENP4AAAAAAEDAwA="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631962352393006,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAsAABAADMG9A2wH+F2wKgBgABQtyLpFLp77EQjzmASRHCYbQAAAgQCGAAA"}
@@ -8,7 +8,7 @@
 01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352393146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com","http": {"url":"tracker.trackerfix.com\/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started","code":0,"content_type":"","user_agent":"Transmission\/2.94"}}}
 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_usec":1631962352417837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAF8AABAADMG8r2wH+F2wKgBgABQtyLpFLp87EQlQFAZRHAAXAAASFRUUC8xLjEgMzA3IFRlbXBvcmFyeSBSZWRpcmVjdA0KQ29ubmVjdGlvbjogY2xvc2UNClByYWdtYTogbm8tY2FjaGUNCmNhY2hlLWNvbnRyb2w6IG5vLWNhY2hlDQpMb2NhdGlvbjogL2Fubm91bmNlP2luZm9faGFzaD0lYWE3aSVjNFMlMGQlZGUlMDYlMjQlMThzJWRhJWQ0JTNhJWI1JWNjJWVjJTJjJWU2JTIyJnBlZXJfaWQ9LVRSMjk0MC1jaGhvOTJjNTZwdWwmcG9ydD01MTQxMyZ1cGxvYWRlZD0wJmRvd25sb2FkZWQ9MCZsZWZ0PTI4MjA1MDU2MCZudW13YW50PTgwJmtleT0zYjU1MDJjYyZjb21wYWN0PTEmc3VwcG9ydGNyeXB0bz0xJnJlcXVpcmVjcnlwdG89MSZldmVudD1zdGFydGVkDQoNCg=="}
 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962409934151,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1631962409934151,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631962409934151}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631962409934151}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498993 bytes
-~~ total memory freed........: 5498993 bytes
+~~ total memory allocated....: 5499017 bytes
+~~ total memory freed........: 5499017 bytes
 ~~ total allocations/frees...: 85889/85889
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/bt_search.pcap.out b/test/results/default/bt_search.pcap.out
index e7001d6d8..2a7a0d29f 100644
--- a/test/results/default/bt_search.pcap.out
+++ b/test/results/default/bt_search.pcap.out
@@ -1,11 +1,11 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430752225251619}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430752225251619}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752225251619,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
 00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752525284866,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752525284866,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1430752525284866}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1430752525284866}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498003 bytes
-~~ total memory freed........: 5498003 bytes
+~~ total memory allocated....: 5498027 bytes
+~~ total memory freed........: 5498027 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 978 chars
-~~ json message avg len.......: 763 chars
+~~ json message avg len.......: 762 chars
diff --git a/test/results/default/c1222.pcapng.out b/test/results/default/c1222.pcapng.out
index 64300bf51..198d4a2c9 100644
--- a/test/results/default/c1222.pcapng.out
+++ b/test/results/default/c1222.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1367373585690512}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1367373585690512}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1367373585690512,"pkt":"ABEiM0RVAAWaPHoACABFAABOA4sAAIARHrcKCQN8CtAACdc0BIEAOgrWYDCiDwYNYHyG91QBFgABAUDOEaYOBgxgfIb3VAEWAAEBQCGoBAICD4m+BygFgQOAASA="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373585690512,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373585690512,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -10,7 +10,7 @@
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1367373604761735,"pkt":"AB87hnijAAxB9XvLCABFAACjBPIAAH8GTzHAqGR8wKgBZQSBBikBodABAMCADYAYFoeRHgAACAoMHiITABbwdwEBYG2iCgYIKwYBBAGChWOkBgIEE+gUIaYRBg8rBgEEAYKFY45\/hfHCTgCoAwIBLKwPog2gC6EJgAEAgQRMl\/SJvi4oLIEqiOaXa+kgYVnM6gzTmUHz8kQJ4pSh+YRjhl6LlsXldgOakOTnD6E4otmY"}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1367373604761735,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373604761735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":111,"midstream":1,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"192.168.1.101","dst_ip":"192.168.100.124","src_port":1577,"dst_port":1153,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1367373585690512,"flow_src_last_pkt_time":1367373604761735,"flow_dst_last_pkt_time":1367373585690512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1367373604761735,"l3_proto":"ip4","src_ip":"10.9.3.124","dst_ip":"10.208.0.9","src_port":55092,"dst_port":1153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ANSI_C1222","proto_id":"397","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1367373604761735}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/c1222.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1367373604761735}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500261 bytes
-~~ total memory freed........: 5500261 bytes
+~~ total memory allocated....: 5500301 bytes
+~~ total memory freed........: 5500301 bytes
 ~~ total allocations/frees...: 85875/85875
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 985 chars
-~~ json message avg len.......: 773 chars
+~~ json message avg len.......: 772 chars
diff --git a/test/results/default/cachefly.pcapng.out b/test/results/default/cachefly.pcapng.out
index 81b800dea..2267d1956 100644
--- a/test/results/default/cachefly.pcapng.out
+++ b/test/results/default/cachefly.pcapng.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053996915968}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053996915968}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053996915968,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639053996915968,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="}
 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1639053997244536,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -10,7 +10,7 @@
 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053997267562,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267562,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QlAADgGk8IKCgoBwKgAAQG7qvYcGrqaC\/dh9oAQAB\/vzwAAAQEICvhYqLjxoK5sqdvCyNy5nJl8pz8yig1\/0ToWo4n9G1+jQBkpHuvmq3mui3JaLfaWEYzTozJ2lSjwdmADNIQmGCVoo94GYNcxHUw+jfmGsG3KkH41Yf7PGpFbZe91rp+mBxc2VnnNt\/WxNR7dl4m8J1f4MhQYldwt9akxZAnON84h2ZASWPhsdS8bH6k8KebX8pwcPYKtvKQUwxNRMSLJJqTTpzIw85wYyhANgqvE838DGLsCL8jxxhy5+0fKuXi4mwFbgmqDattP32RRoTk1s8zPgwN00cv2z\/4ylTPyDqwpuCc8mgAEUjCCBE4wggM2oAMCAQICDQHuXyId\/GI71DM6hVcwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTgxMTIxMDAwMDAwWhcNMjgxMTIxMDAwMDAwWjBQMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEmMCQGA1UEAxMdR2xvYmFsU2lnbiBSU0EgT1YgU1NMIENBIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnWsnVDBghACPVlw\/rrt1caGtrj1BgE3qBy5fujophlEsmefYEpyr7pNpWu+6gpPB7in9VH0eTYQ1ucVE6JSQIL4zh94nWks+vs6c\/MO213yGu\/vVEF\/3YY9kv04Faa1\/TR7Cs8qs7JHlPH8cu6rkVOnwYTGmztSBZCV4pw2PmLkZbqpSQSQ658PVKoQkvfDRN0LwAxQZVeQbOotAQ8UhD6LlatZVVvTHSGz2GvqHsDRLbLJkkrUfCbwPmenC1cMzNJyyljI7CGDySyS5zbwYQVpNAqqPFUvvlxQXWaWhcBrnuUYnhig5BTZuSkAqJ6RZr7+91vnpGuONHih0cLqdPAgMBAAGjggEpMIIBJTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQU+O9\/8s14Z6jeb48kjYjxhwMCs+swHwYDVR0jBBgwFoAUj\/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCZkMgtX0KK1Atm25gDcxHUiIZSKFOK+63f\/XOOOmcE28NTFHAUCXzD4PjXHJgaosQ+2+kA48pwsvEiMCFW29OteV6BWAttFIA19W9dHeuaRwX\/WY0AsUDakJiWGrpsbX+M9bOA34xkczaWeXlpdOq\/+J4Bj6CVaY3phLrp5dSIONt4O5jQNnspsNJSGJDeUkMArmonyBSehpWs4YAxMH6aJbuLrAQjppkA6PHSJuwPfjuKK5I4Ex2Phs2GUkfmNHxbpAI+imF8InZTWpRTM4a4kqhyr6H5UocfMaX8sIFXL830ztz2JM+n4jSQaJ3+qvGpmhLMm8DGw6ilsCF+3kj2AANjMIIDXzCCAkegAwIBAgILBA=="}
 02747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","tls": {"version":"TLSv1.2","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA"}}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639053997267567}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639053997267567}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5547641 bytes
-~~ total memory freed........: 5547641 bytes
+~~ total memory allocated....: 5547665 bytes
+~~ total memory freed........: 5547665 bytes
 ~~ total allocations/frees...: 85931/85931
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 561 chars
diff --git a/test/results/default/can.pcap.out b/test/results/default/can.pcap.out
index 00abda099..d50159d53 100644
--- a/test/results/default/can.pcap.out
+++ b/test/results/default/can.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1682849329089168}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1682849329089168}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849329089168,"pkt":"mgwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSvPhkBZMNzgTo2bLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
@@ -33,7 +33,7 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"156.187.243.113","dst_ip":"211.116.172.72","src_port":52611,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1682849417335803}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1682849417335803}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -42,10 +42,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513409 bytes
-~~ total memory freed........: 5513409 bytes
+~~ total memory allocated....: 5513545 bytes
+~~ total memory freed........: 5513545 bytes
 ~~ total allocations/frees...: 85945/85945
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 565 chars
+~~ json message min len.......: 563 chars
 ~~ json message max len.......: 983 chars
-~~ json message avg len.......: 773 chars
+~~ json message avg len.......: 772 chars
diff --git a/test/results/default/capwap.pcap.out b/test/results/default/capwap.pcap.out
index 8747a3b56..58cfdbfda 100644
--- a/test/results/default/capwap.pcap.out
+++ b/test/results/default/capwap.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1422328949167396}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1422328949167396}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1422328949167396,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -67,7 +67,7 @@
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329136181810,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":492,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":111,"flow_first_seen":1422329005767224,"flow_src_last_pkt_time":1422329174862523,"flow_dst_last_pkt_time":1422329174862030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1457,"flow_dst_max_l4_payload_len":1457,"flow_src_tot_l4_payload_len":21692,"flow_dst_tot_l4_payload_len":32868,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":3,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329175528388,"flow_dst_last_pkt_time":1422329139638529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":26325,"flow_dst_tot_l4_payload_len":311,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1422329175528388}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1422329175528388}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 422/397
 ~~ skipped flows.............: 0
@@ -76,8 +76,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518118 bytes
-~~ total memory freed........: 5518118 bytes
+~~ total memory allocated....: 5518206 bytes
+~~ total memory freed........: 5518206 bytes
 ~~ total allocations/frees...: 86299/86299
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 297 chars
diff --git a/test/results/default/capwap_data.pcapng.out b/test/results/default/capwap_data.pcapng.out
index 0abd0981d..c1f32e206 100644
--- a/test/results/default/capwap_data.pcapng.out
+++ b/test/results/default/capwap_data.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517901568789948}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517901568789948}
 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948}
 00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":158,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQCAXoEAgAMIAEUAAIhUOUAA\/hEG9qwyZJusEGRXoTAUfwB0AAAAIAMgAAAAAAS\/IwAAAAAAEQgsAISALStFkFTyAeGymRDzEeruwXYwqqoDAAAACABFAAA8ISJAAEAGPxwKAQNESn2CvLexAbsLIWFuAAAAAKAC\/\/8HGAAAAgQFtAQCCAoAIUBMAAAAAAEDAwg="}
 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":2,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948}
@@ -28,7 +28,7 @@
 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggA0AA\/RE8PKwQZFesMmSbFH+hMABkAAAAEAMA4D0AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZKQABABun7Sn2CvAoBA0QBu7ex0fR0XgshYhuAEABnUOoAAAEBCAqbZQIUACFAVw=="}
 00303{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568910933,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568910933}
 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggBEAA\/RE8O6wQZFesMmSbFH+hMABkAAAAEAMA4D4AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZLQABABun6Sn2CvAoBA0QBu7ex0fR0XgshYhuAEQBnUOkAAAEBCAqbZQIUACFAVw=="}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1517901568910933}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1517901568910933}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/0
 ~~ skipped flows.............: 0
@@ -37,8 +37,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 306 chars
diff --git a/test/results/default/cassandra.pcap.out b/test/results/default/cassandra.pcap.out
index bc7b7132f..66d435560 100644
--- a/test/results/default/cassandra.pcap.out
+++ b/test/results/default/cassandra.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1450889498032587}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1450889498032587}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498032587,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032587,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032598,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
@@ -23,7 +23,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.2","dst_ip":"198.18.0.3","src_port":37184,"dst_port":7000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1450889498038774,"flow_src_last_pkt_time":1450889498038774,"flow_dst_last_pkt_time":1450889498038774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":111,"midstream":0,"thread_ts_usec":1450889498038774,"l3_proto":"ip4","src_ip":"198.18.0.3","dst_ip":"198.18.0.2","src_port":37892,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1450889498038774}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1450889498038774}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -32,8 +32,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506993 bytes
-~~ total memory freed........: 5506993 bytes
+~~ total memory allocated....: 5507049 bytes
+~~ total memory freed........: 5507049 bytes
 ~~ total allocations/frees...: 85904/85904
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/ceph.pcap.out b/test/results/default/ceph.pcap.out
index 489c9fc88..a2c4d63cf 100644
--- a/test/results/default/ceph.pcap.out
+++ b/test/results/default/ceph.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444254926293773}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444254926293773}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444254926293773,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293773,"pkt":"ABY+Yk9kABY+ORkpCABFAAA8JRpAAEAG+mYKAAP5CgADQ4rkGoX3CVGxAAAAAKACchAbagAAAgQFtAQCCAoABnSrAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444254926293773,"flow_dst_last_pkt_time":1444254926293826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444254926293826,"pkt":"ABY+ORkpABY+Yk9kCABFAAA8AABAAEAGH4EKAANDCgAD+RqFiuSMzekF9wlRsqAScSAbagAAAgQFtAQCCAoABnSrAAZ0qwEDAwc="}
@@ -9,7 +9,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1444254926294107,"flow_dst_last_pkt_time":1444254926294066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1444254926294107,"pkt":"ABY+Yk9kABY+ORkpCABFAAA0JRxAAEAG+mwKAAP5CgADQ4rkGoX3CVGyjM3pD4AQAOUbYgAAAQEICgAGdKsABnSr"}
 02103{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926296112,"flow_dst_last_pkt_time":1444254926296142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1115,"flow_dst_tot_l4_payload_len":6094,"midstream":0,"thread_ts_usec":1444254926296142,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":151.9,"max":411,"stddev":119.2,"var":14214.2,"ent":4.5,"data": [53,81,240,253,16,84,8,105,31,134,52,139,36,95,126,151,45,237,411,352,352,337,227,33,140,286,44,383,70,131,56]},"pktlen": {"min":52,"avg":277.8,"max":3519,"stddev":606.3,"var":367642.9,"ent":3.6,"data": [60,60,52,61,52,61,52,324,188,85,52,78,61,187,61,675,52,160,207,342,331,529,159,675,147,52,187,169,52,3519,52,147]},"bins": {"c_to_s": [8,1,0,2,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,2,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,0,1,1,0,1],"entropies": [4.415062904,4.780834198,4.585552692,5.013127804,4.686420441,5.066326618,4.686420441,1.480767250,2.119496346,3.943692684,4.686420441,4.274820805,4.955590725,3.217613459,4.955590248,2.337368011,4.647958755,3.441700935,3.464580774,5.300559044,5.232830048,6.238731384,3.562841177,2.348599672,3.969928980,4.685171604,3.406629562,3.573093653,4.685171604,2.285975933,4.633441925,3.913353920]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1444254926293773,"flow_src_last_pkt_time":1444254926392223,"flow_dst_last_pkt_time":1444254926392200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":3467,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":9638,"midstream":0,"thread_ts_usec":1444254926392223,"l3_proto":"ip4","src_ip":"10.0.3.249","dst_ip":"10.0.3.67","src_port":35556,"dst_port":6789,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ceph","proto_id":"381","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444254926392223}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ceph.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":10789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444254926392223}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 39/39
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499104 bytes
-~~ total memory freed........: 5499104 bytes
+~~ total memory allocated....: 5499128 bytes
+~~ total memory freed........: 5499128 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/check_mk_new.pcap.out b/test/results/default/check_mk_new.pcap.out
index 9126a4ca1..4ce1eca07 100644
--- a/test/results/default/check_mk_new.pcap.out
+++ b/test/results/default/check_mk_new.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512031663734797}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512031663734797}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512031663734797,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734797,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734824,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
@@ -9,7 +9,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1512031663737046,"flow_dst_last_pkt_time":1512031663736952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1512031663737046,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"}
 02128{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663748376,"flow_dst_last_pkt_time":1512031663748413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":502,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1376,"midstream":0,"thread_ts_usec":1512031663748413,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":27,"avg":877.3,"max":2128,"stddev":812.2,"var":659616.6,"ent":4.3,"data": [27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119]},"pktlen": {"min":52,"avg":95.5,"max":554,"stddev":116.8,"var":13650.4,"ent":4.4,"data": [60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168]},"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663775626,"flow_dst_last_pkt_time":1512031663775645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":13758,"midstream":0,"thread_ts_usec":1512031663775645,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1512031663775645}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1512031663775645}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 98/98
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500815 bytes
-~~ total memory freed........: 5500815 bytes
+~~ total memory allocated....: 5500839 bytes
+~~ total memory freed........: 5500839 bytes
 ~~ total allocations/frees...: 85958/85958
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/chrome.pcap.out b/test/results/default/chrome.pcap.out
index 33468aacf..9357d5a94 100644
--- a/test/results/default/chrome.pcap.out
+++ b/test/results/default/chrome.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620902507870345}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620902507870345}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507870345,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902507870345,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902507899110,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
@@ -54,7 +54,7 @@
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509367004,"flow_dst_last_pkt_time":1620902509367096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":13523,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509373854,"flow_dst_last_pkt_time":1620902509373839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":14272,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509367151,"flow_dst_last_pkt_time":1620902509367101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620902509373854}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620902509373854}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 127/127
 ~~ skipped flows.............: 0
@@ -63,8 +63,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5699290 bytes
-~~ total memory freed........: 5699290 bytes
+~~ total memory allocated....: 5699394 bytes
+~~ total memory freed........: 5699394 bytes
 ~~ total allocations/frees...: 86092/86092
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/cip_io.pcap.out b/test/results/default/cip_io.pcap.out
index 34f231cb1..509471e23 100644
--- a/test/results/default/cip_io.pcap.out
+++ b/test/results/default/cip_io.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1706518964090521}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1706518964090521}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964090521,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+gAAA8RU07AqAU+wKgFMgiuCK4AJp64AgACgAgAeHs6AOjLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964090521,"flow_dst_last_pkt_time":1706518964090521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706518964090521,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -7,7 +7,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964093700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1706518964100530,"pkt":"9FQzmBs\/5JBpqywUCABFvAA6y+kAAA8RU03AqAU+wKgFMgiuCK4AJp24AgACgAgAeHs6AOnLXgSxAAwAAwD9\/\/\/\/\/\/\/\/\/wAA"}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1706518964103687,"pkt":"5JBpqywU9FQzmBs\/CABFvAA+cu4AAEARe0TAqAUywKgFPgiuCK4AKmkbAgACgAgA67SRdlXMXgSxABAA++QBAAAA\/f\/\/\/\/\/\/\/\/8AAA=="}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1706518964090521,"flow_src_last_pkt_time":1706518964100530,"flow_dst_last_pkt_time":1706518964103687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1706518964103687,"l3_proto":"ip4","src_ip":"192.168.5.62","dst_ip":"192.168.5.50","src_port":2222,"dst_port":2222,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CIP","proto_id":"393","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1706518964103687}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cip_io.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1706518964103687}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498089 bytes
-~~ total memory freed........: 5498089 bytes
+~~ total memory allocated....: 5498113 bytes
+~~ total memory freed........: 5498113 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 561 chars
diff --git a/test/results/default/citrix.pcap.out b/test/results/default/citrix.pcap.out
index a2aef4dbc..2ab166758 100644
--- a/test/results/default/citrix.pcap.out
+++ b/test/results/default/citrix.pcap.out
@@ -1,4 +1,4 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":0,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":2099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":2099,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="}
@@ -8,7 +8,7 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":8200,"flow_dst_last_pkt_time":8192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":26,"thread_ts_usec":8200,"pkt":"4F+5aekiABUXp3WjCABFAAAurYUAAIAGYjYVAAAIFgAAB7CpBdYP1me5D9ZxbFAYgABLowAAf39JQ0EA5qZLtQ=="}
 02051{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":0,"flow_src_last_pkt_time":72692,"flow_dst_last_pkt_time":72684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":343,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1670,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":72692,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":4689.5,"max":56256,"stddev":12448.2,"var":154958800.0,"ent":2.6,"data": [2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114]},"pktlen": {"min":50,"avg":100.3,"max":387,"stddev":63.6,"var":4041.6,"ent":4.8,"data": [50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50]},"bins": {"c_to_s": [5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0],"entropies": [4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":25,"flow_first_seen":0,"flow_src_last_pkt_time":1581384,"flow_dst_last_pkt_time":1605466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":3874,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1605466,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1605466}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1605466}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500873 bytes
-~~ total memory freed........: 5500873 bytes
+~~ total memory allocated....: 5500897 bytes
+~~ total memory freed........: 5500897 bytes
 ~~ total allocations/frees...: 85960/85960
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 500 chars
diff --git a/test/results/default/cloudflare-warp.pcap.out b/test/results/default/cloudflare-warp.pcap.out
index 4438d65fd..f25bccdc5 100644
--- a/test/results/default/cloudflare-warp.pcap.out
+++ b/test/results/default/cloudflare-warp.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656230932729365}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656230932729365}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230932729365,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230932729365,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230932996308,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -60,7 +60,7 @@
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939818921,"flow_dst_last_pkt_time":1656230939818981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":301,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939819619,"flow_dst_last_pkt_time":1656230939819684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":2838,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934969472,"flow_dst_last_pkt_time":1656230934919257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":439,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1656230939819684}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1656230939819684}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 63/63
 ~~ skipped flows.............: 0
@@ -69,8 +69,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5537503 bytes
-~~ total memory freed........: 5537503 bytes
+~~ total memory allocated....: 5537639 bytes
+~~ total memory freed........: 5537639 bytes
 ~~ total allocations/frees...: 86025/86025
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/coap_mqtt.pcap.out b/test/results/default/coap_mqtt.pcap.out
index 07b0343cd..9a1b687ac 100644
--- a/test/results/default/coap_mqtt.pcap.out
+++ b/test/results/default/coap_mqtt.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1333957710293035}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1333957710293035}
 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957710293035,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
@@ -15,7 +15,7 @@
 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1333957720773953,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1375090528017876}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1375090528017876}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_usec":1375090528017876,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
 00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
@@ -43,7 +43,7 @@
 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1375091022221897,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375091022221897,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1455907243976582}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1455907243976582}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907243976582,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -118,7 +118,7 @@
 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907272399051,"flow_dst_last_pkt_time":1455907272398939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":808,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":26,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907272398966,"flow_dst_last_pkt_time":1455907272399057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":576,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":41,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907272399063,"flow_dst_last_pkt_time":1455907272398989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":907,"midstream":0,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1082,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":1455907286608960}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1082,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":1455907286608960}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1082/1080
 ~~ skipped flows.............: 0
@@ -127,8 +127,8 @@
 ~~ total active/idle flows...: 16/16
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5570065 bytes
-~~ total memory freed........: 5570065 bytes
+~~ total memory allocated....: 5570329 bytes
+~~ total memory freed........: 5570329 bytes
 ~~ total allocations/frees...: 87109/87109
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/collectd.pcap.out b/test/results/default/collectd.pcap.out
index c02321662..42c9aac17 100644
--- a/test/results/default/collectd.pcap.out
+++ b/test/results/default/collectd.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946742154132991}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946742154132991}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02283{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742154132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
 00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}}
@@ -8,7 +8,7 @@
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742156132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"}
 00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":946746151465954}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":946746151465954}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_usec":946746151465954,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -17,13 +17,13 @@
 00984{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}}
 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655315218479780}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655315218479780}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_usec":1655315218479780,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"}
 00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}}
-00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}}
+01112{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}}
+01112{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02262{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655315228479958,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1350,"pkt_l4_len":1316,"thread_ts_usec":1655315228479958,"pkt":"AAAAAAAAAAAAAAAACABFAAU4MI9AAEARByR\/AAABfwAAAdN6ZOIFJAM4AAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsSesw2LAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqGxJ6zFBoAAwAGMQAABQAJaWRsZQAABgAPAAECAAAAAABH5cwACAAMGKqGxJ6zCV4ABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSesxcVAAMABjIAAAUACWlkbGUAAAYADwABAgAAAAAASbf6AAgADBiqhsSesz\/FAAMABjMAAAYADwABAgAAAAAASH+uAAgADBiqhsSeswMiAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADpnAAgADBiqhsSesumvAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDmMACAAMGKqGxJ6zEJkABQAJaWRsZQAABgAPAAECAAAAAABGPJwACAAMGKqGxJ68MtkAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAACgm7UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA1JdBAAUACWZyZWUAAAYADwABAQAAAACQh79BAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAODuqEEABQALY2FjaGVkAAAGAA8AAQEAAAAAJH7mQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACyyetBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAgF3AQQAIAAwYqobHHrIAtAACAAhjcHUAAAMABjAAAAQACGNwdQAABQAJdXNlcgAABgAPAAECAAAAAAAWmGUACAAMGKqGxx6yc88AAwAGMgAABgAPAAECAAAAAAAUAeoACAAMGKqGxx6y30YAAwAGMwAABgAPAAECAAAAAAAV4bkACAAMGKqGxx6zAhoAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASihAAIAAwYqobHHrJGeQADAAYxAAAFAAl1c2VyAAAGAA8AAQIAAAAAABXguwAIAAwYqobHHrN9FwADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJdqAAgADBiqhsces3G\/AAMABjEAAAYADwABAgAAAAAABKF6AAgADBiqhsces5viAAUACXdhaXQAAAYADwABAgAAAAAAAENHAAgADBiqhsces6+dAAMABjMAAAYADwABAgAAAAAAAD4RAAgADBiqhsces6bAAAMABjIAAAYADwABAgAAAAAAAEYxAAgADBiqhsces4cUAAMABjMAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEhMoACAAMGKqGxx6zvbEAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqGxx6zxf4AAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqGxx6ztqkAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqGxx60DwgABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAAEOaQAIAAwYqobHHrOS2gAFAAl3YWl0AAAGAA8AAQIAAAAAAABDTgAIAAwYqobHHrQljAADAAYyAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/sAAgADBiqhscetDpkAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOn9"}
 02290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1655315238479860,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1370,"pkt_l4_len":1336,"thread_ts_usec":1655315238479860,"pkt":"AAAAAAAAAAAAAAAACABFAAVMObJAAEAR\/ex\/AAABfwAAAdN6ZOIFOANMAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhscetBqdAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKNkAAgADBiqhscetF03AAMABjMAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADppAAgADBiqhscetFN7AAMABjIAAAYADwABAgAAAAAAAFKyAAgADBiqhsces99LAAMABjMAAAUACW5pY2UAAAYADwABAgAAAAAAAAAwAAgADBiqhscetHcUAAMABjIAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSGmwADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSVUgADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEY\/oQAIAAwYqobHHrSeKQADAAYxAAAGAA8AAQIAAAAAAEfo0wAIAAwYqobHHrSp9QADAAYyAAAGAA8AAQIAAAAAAEm7CwAIAAwYqobHHrSzJwADAAYzAAAGAA8AAQIAAAAAAEiCvgAIAAwYqobHHrz4NAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAnhPtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAPBdwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAgoHmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQP+\/QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAA83OtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAgM6XQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAACA8KhBAAgADBiqhscetEZwAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABzFgAIAAwYqobHHrQwpgADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG1PAAgADBiqhscetGYpAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrRulgADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobJnrHCtwADAAYwAAAFAAl1c2VyAAAGAA8AAQIAAAAAABaZBAAIAAwYqobJnrInDwADAAYyAAAGAA8AAQIAAAAAABQCXAAIAAwYqobJnrIEPAADAAYxAAAGAA8AAQIAAAAAABXhOQAIAAwYqobJnrJKgAADAAYzAAAGAA8AAQIAAAAAABXiOQAIAAwYqobJnrLEAgADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJeYAAgADBiqhsmessoeAAMABjMAAAYADwABAgAAAAAABIT4AAgADBiqhsmestlJAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENRAAgADBiqhsmesunZAAMABjMAAAYADwABAgAAAAAAAD4SAAgADBiqhsmest6UAAMABjEAAAYADwABAgAAAAAAAENMAAgADBiqhsmesvFnAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhsmesvgHAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhsmesxIGAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhsmeszJGAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDpI="}
@@ -58,7 +58,7 @@
 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655315774132712,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1655315774132712,"pkt":"AAAAAAAAAAAAAAAACABFAAVEkBxAAEARp4p\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh00IfHOfAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAl3YWl0AAAGAA8AAQIAAAAAAAA+hgAIAAwYqodNCHx3BQADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodNCHx4iwADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqodNCHx6GAADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodNCHx+YwADAAYwAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAARAEAAgADBiqh00IfIBJAAMABjEAAAYADwABAgAAAAAAAKTtAAgADBiqh00IfIIYAAMABjIAAAYADwABAgAAAAAAAND4AAgADBiqh00IfIQ5AAMABjMAAAYADwABAgAAAAAAAG48AAgADBiqh00IfIc5AAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOv6AAgADBiqh00IfImlAAMABjEAAAYADwABAgAAAAAAAHQyAAgADBiqh00IfIuXAAMABjIAAAYADwABAgAAAAAAAFNGAAgADBiqh00IfI3qAAMABjMAAAYADwABAgAAAAAAADrxAAgADBiqh00IfJJ8AAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHyUxQADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzGWgADAAYyAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzI6AADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzNbwADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEbooAAIAAwYqodNCHzQVwADAAYxAAAGAA8AAQIAAAAAAEiSpwAIAAwYqodNCHzSjwADAAYyAAAGAA8AAQIAAAAAAEpmKAAIAAwYqodNCHzffgADAAYzAAAGAA8AAQIAAAAAAEkuRwAIAAwYqodNCHxvHAADAAYwAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABD8QAIAAwYqodNCHxw\/QADAAYxAAAGAA8AAQIAAAAAAABDwgAIAAwYqodNCHx1BQADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqodNCHxoDgADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABI3eAAgADBiqh00Igvk5AAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUACXVzZWQAAAYADwABAQAAAAAkwe1BAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAsH7AQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACUIetBAAUAC2NhY2hlZAAABgAPAAEBAAAAADpG50EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAAAA35dBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAOBOqUEABQAJZnJlZQAABgAPAAEBAAAAAKD8s0EACAAMGKqHT4h9FSwAAgAIY3B1AAADAAYwAAAEAAhjcHUAAAUACXVzZXIAAAYADwABAgAAAAAAFrKDAAgADBiqh0+IfXU9AAMABjIAAAYADwABAgAAAAAAFBusAAgADBiqh0+IfY6xAAMABjMAAAYADwABAgAAAAAAFfvCAAgADBiqh0+IfUlfAAMABjEAAAYADwABAgAAAAAAFftv"}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315784133517,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9255,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315784133517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315804133071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1655315824133020}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1655315824133020}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315834133390,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315834133390,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315854133128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316151465954,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -71,7 +71,7 @@
 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655316181464412,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1655316181464412,"pkt":"AAAAAAAAAAAAAAAACABFAAV8xlhAAAERAUrAqLIj78BKQpqYZOIFaLJIAhAFYAAEdXNlcvgFFMcC7YLnXJdq6iy8vLKCzAlatvrBwkJrE96Ca8hAiNz7UuTaNB2VAQDjZhwW8It9Bw6C5dOcFYI7dtaUsqoM3W+UcjrrT3TlmYGZdLqeSCurY+PxhiyPEjq83Kx+9cfb79V6QQOle6UCpNHC5cTbJxieSFgnAJf5U9l1Wb2Zfo1KITT5S1JLK2mB2AhZBzMiAmW7nDv1DYwK1E3Ja+k+cy\/02WZLSF\/4MBU6ElL5un4wRJoLZFKsiRQoRARw+w\/tYjnuompfoCUOnxEAbNO\/ScH8GQMAqxRKubol4sJ34rEuem1hVbus9EhIVHVsndZrfW\/t5p0Ymc5PzzUJQhytc9t0mG8bp8PtBJoOuuKTjAIjgsK6HRvDbBosq8UVWLvRCpGzUMDmhXWm3M3Af\/19vdeNFYDrdeKZl4\/Tiot7Jk4SGJUVLdwRLYXJKVNSDLc+\/2NLSCP3hRgGgkJTram0IrQaOBKTrnVgzs9JG1xVsFY3JAvYZrm2EEmpxYtYVR8eAIattMv0OJ3RVFlsmMqg2eeGd75jusMSQqGOYY1i5+3CJ6pT6\/OSbK6qzW2BKd9B3UtkkBxo5RqaHboxPGcWFP9ceXeIXdp\/k9R+0PKCuHshX4\/ZHPPCpR0XFfXp9ONx\/WS97lCYY1KkrhKcbgcrld\/cVsBWi3ZVWyfgaaD6tDUL73yYB\/HDjD60VIkxHTkOgzHXADKncbnDzeOxTs5w0AyZB8\/y7yXDLHrObGSiP544LREjSMwjQLBMcUwvJSy66lkhW\/720bRu7\/Z8J3zhwUEPu76N0yVimaSbZvDSdiQmOesMZp1xdVC+R5mnJ73b9P1BiCPtcZkSaeIxzVphD0E4FDMO7n639Sb3etUlxEH994EWaUuWyatwWzuPuI6aHd5gs7\/5k9edMeE7INONDor97aMkxNjH45LA7FQQWLxlNG82ECskPeh9eRHEhD01c4OjHspfBLQoWdPKm+FuT9rOuIsOyJjB0CB7yyo2\/sBwQOapu2nKKop3WGOhCekvJa8bGT\/fwtNBu6y9lvflXlB4w+cUn9LHVPd8c55suJBYjaTEjGtpJPPQr5FwLCPb0VQ+d76LnIgPOOqrAXHe8nl5hlL4FQA7x5adn04mFDCeAPZXtv3rDB6BTBpZsMjvH4YfYynU9GuxvQYioQ9CNBjF0HVnHlzElnx8hwrjTUPNs7ClrDa96mzZfFyVb5Nj4ECxJ7iPAuWcneVIn7uPEC1z\/zkMfgUIsDmTIKqAQvLZN5NLHlkeqdFQcGQp+m5b0LZKFsewnwU5Wom6dY70EU47NKObNczXhUieeY9QRG8ZpIRK+A4vdFu4A8IN3hwZbEZfdhEMiiCqXyoGEygAKQQfCZfxj5XXH9P2FkFQR8fFVjJU18UTLX6PfK\/7x1yL3qTxAbbviPoXAsfqh5waRw9YMEb08B\/WYQmyFCYElXrknFcIHnXPqkU6DC7RINGNFZLWpq\/U3L1Isb6\/W1gOsLiDJnMWmPhnseLBCoBKrB1KOZjMd5s+mfB4dnHLTtT5sF2scQr93OceGFLqdFl0POX\/v3abJ4ZP2yYha2NExOMtruFRBbxZ4HF\/wdGc+VkB4AzCn99BfYbV5VwNloBfugi\/5X5G1iqiqGAVZiDPU+u0nZUCeYsB1q9K1\/NmpGiEgNdo81WcEYmMARdF9xmvcOnLMmdOcMlv63fln5KBSKO4HZPzLvwD0pI0AUYlGah1oa9\/zk4QeMBIubH+v1XKARl5SmOXRRBqDat7eVIysKApBnDoFsDxGDTZUVDOsGf4TgfdFNvZu6lJeMPeugL+z+wgF+k="}
 02189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1655316182371478,"pkt":"AAAAAAAAAAAAAAAACABFAATsxv9AAAERATPAqLIj78BKQpqYZOIE2LG4AhAE0AAEdXNlcnP\/uCtk9UXV2KF4JOzP1M1v7q6jawqniLWeIANnL2\/k3sSyHPr3tqTLnAuukLSfxlpixnPsEPx0Zo4Oww1TgylacBsRLCY9L9BPZIhwPUd9+1cDwsYbIA++HJQi+hVC4mgKe4VGv0zjBGe7+ifIIww2jGaTY1Blgv9t7vC9d7ndAN0HBkDs8O\/zvgWZaJvfq4fGvb\/5XmfhyyZ4qLYRdYtSabVScBoObPSfn5ouUsYUF07PMfBvtxV\/apbRdODDfM8eEU3cHVtvDHVfPNHmDKMgO4Z8IosjUrwCc0maYz2m53Uumq1aZqaehZvpt7lahc85fSLehC5NpUixm0Lx+h\/ujjdNrvcaMhw1JlCmSJTwtM\/EgbZpDVag1G5bvmZXLcmg0VE5QVODMtPUOiFVnxHuZ7em8M5APoD2YV5OJuwO1S203xtd9p5GwaU\/p7xn+Vad6uNBMssyRZd1DFsDqNec\/2mUnEeYzQ0y65upIZH9vGNerHd5wExkz7FsIMx3S13uUvn4wDqBrafmQ+FDkktQOlPQKQCp\/7L2mGfKxv\/eoKvpMWMnLuCqjwfSk4fidgiUs\/m4w95YyqeonfzSrcqoqHJ3fyWyw+5xgHEDZacDV4Ns+TmWUKkOgyvJwE+b\/SQWMv\/jfPynda2l0vcIL+hkEpUrZFILSjN89wKmjBSCYPHxh5mXQE6zJIA1\/lm42Ws2JT2S+ySIj5lF+j3LavgWzu6LgcWm3kC80BQusAMGRm5HX7lv+eo7wfeyjF9kwzkXfUzjp8u6PpnZjLLYU0KH9cwFxoJy3O1cDLvkBRdM3BZq9ulTYUekIh71M7sgzqXVnK69LZBSDnT0gFbc8EVuq\/baI30HbLnm6v4phtxorZGfNfwUKiOVg1+m92hZ33VoHullyAzE63i5HEz23N63w1OMMidtcwnQQNv5nLpw3\/rGyhBPakrtlZMqHYa7IKPmIEnvypW5odQzFUn+ewMgVF7IheAe5ktL5eVlqRIBuwuHWex66FM8PsAJ+0GFiVQDT90ORRBulv\/nwrzAF73B2UEjuT7o1XSdo2yzYV+fg0tuAFh+J7b40tEzGMHkSNLR1nFhaO5GaNm72JV6B4GV3KcI7XYFIsQkCMlVJFvhtZvlEEzzKyBObmFid+xH1F+FLuVe\/sawgjTtvxhAeoMv0XwePMnlzUAkaHBI+ToVrXG9TuIYXHfng\/Zvydp8Rup0i1kr6nlU0SjI9FoU7GEx3Af9YoSVdhTuAuvx9gAyHT0\/40EQiUpaScFUKZZzI3+kiAckU5y6lSp2C2D\/KFh\/8TiJ0y\/DQMZrU7s8eIlBc0ciTshw9ABtMfOmuuAgqDx\/GJnXt2TA1+EOW+NMitt+822JWDfRDzWsygrDddbT8Fzr6C7F7UlvifDEWmgAE\/nt78d+PtDMW1S9lGNvzBeXE\/+a22PprpuD7c9xntPU\/aEWUALWBlFO1SgekTxdJK57eae6wWZtWku9YoU7jyqN5MGxMWGFbfQAvQJ3TqPi7FKY+5b3645lan5PFGzus6rBQOo4ZZj5QGYP9SPBCyLQ15ugjV+nlLKc3PQZGgTgCS\/O9M4yjl3lOf2xkK+f0evs7+kT1\/NYdqtOmB5psJPQhvhx32w="}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6745,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316182371478,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1655316182371478}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1655316182371478}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 81/81
 ~~ skipped flows.............: 0
@@ -80,10 +80,10 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517614 bytes
-~~ total memory freed........: 5517614 bytes
-~~ total allocations/frees...: 86026/86026
+~~ total memory allocated....: 5517792 bytes
+~~ total memory freed........: 5517792 bytes
+~~ total allocations/frees...: 86028/86028
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2401 chars
-~~ json message avg len.......: 1484 chars
+~~ json message avg len.......: 1483 chars
diff --git a/test/results/default/corba.pcap.out b/test/results/default/corba.pcap.out
index 009d11b3f..1c82952cb 100644
--- a/test/results/default/corba.pcap.out
+++ b/test/results/default/corba.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1234165929809181}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1234165929809181}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234165929809181,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809181,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pBtAAEAGlp5\/AAEBfwABAabd3kOQX9RSAAAAAKACgBgzXQAAAgRADAQCCAoAE3BJAAAAAAEDAwc="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1234165929809181,"flow_dst_last_pkt_time":1234165929809206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1234165929809206,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGOrp\/AAEBfwABAd5Dpt2Q23rIkF\/UU6ASgAC3YwAAAgRADAQCCAoAE3BJABNwSQEDAwc="}
@@ -16,7 +16,7 @@
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1234166104151416,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":302,"pkt_l4_len":268,"thread_ts_usec":1234166104151416,"pkt":"AAAAAAAAAAAAAAAACABFAAEgAABAAEAR7LMKXxwuCl8cLoatPnABDE43TUlPUBAD5AAAAAAAAQAAAAwAAAAEAAAAAAAAAAAAAABHSU9QAQIBANgAAAAEAAAAAAAAAAEAAAADAAAASAAAAAEBAAAMAAAAMTAuOTUuMjguNDYAcD4AAAEAAAAnAAAAJAAAAAEBAAAJAAAAQ29uc3VtZXIAAAAAAAAAAAEAAAAAAAAAAAAAABQAAAByZWNlaXZlUmVsaWFibGVEYXRhAAAAAAAAAAAAMTIAAMgAAAAEAAAAWOGPSYFOAgBAAAAAQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQAAAAA="}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1234166104096487,"flow_src_last_pkt_time":1234166104156023,"flow_dst_last_pkt_time":1234166104096487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"10.95.28.46","dst_ip":"10.95.28.46","src_port":34477,"dst_port":15984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1234165929809181,"flow_src_last_pkt_time":1234165932080045,"flow_dst_last_pkt_time":1234165932071907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4096,"flow_dst_max_l4_payload_len":4029,"flow_src_tot_l4_payload_len":18310,"flow_dst_tot_l4_payload_len":4122,"midstream":0,"thread_ts_usec":1234166104156023,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.1.1","src_port":42717,"dst_port":56899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1234166104156023}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":25032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1234166104156023}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 28/28
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503005 bytes
-~~ total memory freed........: 5503005 bytes
+~~ total memory allocated....: 5503045 bytes
+~~ total memory freed........: 5503045 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out
index 17a61ce22..88d8c3262 100644
--- a/test/results/default/cpha.pcap.out
+++ b/test/results/default/cpha.pcap.out
@@ -1,10 +1,10 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603354463286532}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603354463286532}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"}
 00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1603354463286532}
+00625{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1603354463286532}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5497974 bytes
-~~ total memory freed........: 5497974 bytes
+~~ total memory allocated....: 5497998 bytes
+~~ total memory freed........: 5497998 bytes
 ~~ total allocations/frees...: 85860/85860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 950 chars
-~~ json message avg len.......: 737 chars
+~~ json message avg len.......: 736 chars
diff --git a/test/results/default/crawler_false_positive.pcapng.out b/test/results/default/crawler_false_positive.pcapng.out
index 66d1d662e..5840d94ea 100644
--- a/test/results/default/crawler_false_positive.pcapng.out
+++ b/test/results/default/crawler_false_positive.pcapng.out
@@ -1,5 +1,5 @@
-00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892509284373}
+00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892509284373}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509284373,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509284373,"pkt":"CL6sCxduJjb1W8R1CABFAAA8KY5AAEAGChTAqAycXbjcHZWTAFBs+j0RAAAAAKAC\/\/\/HSwAAAgQFtAQCCArcRF1kAAAAAAEDAwk="}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509292073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509292073,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8tqIAADgGxP9duNwdwKgMnABQlZO39n5kbPo9EqAS\/\/9z+AAAAgQFtAQCCApFkddV3ERdZAEDAwk="}
@@ -9,7 +9,7 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892509294998,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666892509302404,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0tqMAADgGxQZduNwdwKgMnABQlZO39n5lbPo9I4AQAICiHwAAAQEICkWR12DcRF1v"}
 01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509303435,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509303435,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.digicert.com","http": {"request_content_type":"application\/ocsp-request"}}}
 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509319173,"flow_dst_last_pkt_time":1666892509318297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1666892509319173,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1666892509319173}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1666892509319173}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498426 bytes
-~~ total memory freed........: 5498426 bytes
+~~ total memory allocated....: 5498450 bytes
+~~ total memory freed........: 5498450 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/crynet.pcap.out b/test/results/default/crynet.pcap.out
index dfad734ff..fd6097556 100644
--- a/test/results/default/crynet.pcap.out
+++ b/test/results/default/crynet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663053319315000}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663053319315000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663053319315000,"pkt":"eJS0JASgYDjgxTWgCABFAABiTCIAAH8RZ1zAqAJkTp92YfGNYycATjhrPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARHZiPEYhJ98Ekv15rJNB070HsYAjtelIOS7\/FaGTcNxA=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -7,7 +7,7 @@
 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1663053319427000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1663053319427000,"pkt":"eJS0JASgYDjgxTWgCABFAAENTCMAAH8RZrDAqAJkTp92YfGNYycA+dc4twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKALLez3wAN7++JPrzMT38iX1WAjfTctCz5DQW2Gr52YR6j8NlMBYhOJtQoUHxWCr79vIUajpzWXoiTJxxi4wkpAsXoa6o3PGme6\/1vAonPYaENBaP83tcQBWM5F7CctUortxGxwNJCzC9Ng4j6g\/M10VJx\/+uWwf2XNZu+YTz0cFhVKD8b3EyMN0OKFLxjveSPCFnaIrDkrsYSHksMYnidzTlDmbVkI\/TwEtMTUGYmv\/K8tH5HZVgkUeK3w2NFKXJmMwkHObFIIO9Wtu40KY6w=="}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1663053319451000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663053319451000,"pkt":"eJS0JASgYDjgxTWgCABFAABeTCQAAH8RZ17AqAJkTp92YfGNYycASqIEu1TNMFI7KjNcy30zZh7kTKyCtibj5Ew6S3L3XbNweck02v9yC85o1\/QG3mAVSF2v178BxRBCueTrL00RuPSJPkfw"}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1663053319456000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663053319456000,"pkt":"eJS0JASgYDjgxTWgCABFAABOTCUAAH8RZ23AqAJkTp92YfGNYycAOmtU9A4B7\/sy9rQJaZpS1ZjPxtRWqt1UsEDlsdYvzNiHXlYQ36yJt6tP5zK6OP2iIuXDoH0="}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1663054340264000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1663054340264000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663054340264000,"pkt":"eJS0JASgYDjgxTWgCABFAABi6scAAH8RL4jAqAJkJTo49dwNTxoATkBTPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAIAAAAAAAAAAjxLoziqJeNB3TOIAvp1HVUPwwhoEa8nhYPd5MbnCISkw=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -16,7 +16,7 @@
 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663054340492000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663054340492000,"pkt":"eJS0JASgYDjgxTWgCABFAAD96skAAH8RLuvAqAJkJTo49dwNTxoA6Ti1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh3drXUfBsymjYclKxpc0nfGK4TXfQ\/ZSFodhwO7TchiHrNe49me58e8bAAF0I5F+veDMTcPaTIoyhzRIr6m6Z+CQOrG3Nvv5hothMloBht44k3gby0eyZA8TY4qdQtt6AYi3PRm5uclYvCq7ZM0GzREHOCsM\/h3pJ8dIne0rl8Yv9UgWddpCFQWkiWUe8V0eVdRqpF4eAMBu6EaVBsGFq1obTzwAbq+Z\/AwxrK1Xtv1qLyBe4BTjjP7SPqWmHWyI"}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663054340511000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663054340511000,"pkt":"eJS0JASgYDjgxTWgCABFAABe6soAAH8RL4nAqAJkJTo49dwNTxoASie1u6Um18UiAc6pJXjjl\/HaNSDy6KAZaciEAaWBHHD0wMybHHlIRagmxlljIDbFX86yQQAXEeT6hI04WN7LK1Fbtr9a"}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319756000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663054340750000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1663085644364000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1663085644364000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663085644364000,"pkt":"eJS0JASgYDjgxTWgCABFAABiEW8AAH8RLCHAqAJkVBDm3t6Kb\/kATnW6PAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAMAAAAAAAAAAxNRIfGTwR+QCEti3EMpFVQUjpXNe1F8lY80rv42uT7UA=="}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -25,7 +25,7 @@
 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663085644862000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663085644862000,"pkt":"eJS0JASgYDjgxTWgCABFAAD9EXEAAH8RK4TAqAJkVBDm3t6Kb\/kA6Sf1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7h+WQPdzYtRujvIv99Gk4jK5CTYtKMcC8UdvPHTkwMgv+CqSO\/LPaCHfKYn\/qLUXKya\/WMk8UEbZcOxwqjti+zv7dA6vrTWc2C\/bio3R8dE2bVVZbga+3ONnGrLsbTsX0xoj2QaGBCLAdRWxgab3ISN7Kk+HGnPTiKc7GqjMvt66EEvs79X9BPSniUDFUWQ7OB3ZrrH+fG8WChwJChWKyc1UHcxBPrsbIkc7Zz+aZYp63dfaXDBKUO5TM6wJXKs5"}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663085644878000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663085644878000,"pkt":"eJS0JASgYDjgxTWgCABFAABeEXIAAH8RLCLAqAJkVBDm3t6Kb\/kASp3Du8hOJwkzpDMeJIiqYysbahdAbCneww7mPP0qdlopQndRNSW4Hvz1o7Z0XzePGFOyamSlKQFqSXW59rtF9f1o0hC2"}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340750000,"flow_dst_last_pkt_time":1663054340651000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1663085645134000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1663087012386000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1663087012386000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663087012386000,"pkt":"eJS0JASgYDjgxTWgCABFAABiWwwAAH8RbHXAqAJkTp9iXtldbtcATsvtPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARP2yVOOppoNSzHVb7aVJGzvGqD\/2urmHg+Q2g7KegnkQ=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -34,7 +34,7 @@
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663087012600000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663087012600000,"pkt":"eJS0JASgYDjgxTWgCABFAABeWw4AAH8RbHfAqAJkTp9iXtldbtcASiuhu7hTlkLWJMqukwgQRylK5qgiLSt9XVj0u0sQ8ebeC3F2lAmzaT1fMxkq7a+2soe7OxLP59ZLK7oofqm79eExsFje"}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663087012606000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663087012606000,"pkt":"eJS0JASgYDjgxTWgCABFAABOWw8AAH8RbIbAqAJkTp9iXtldbtcAOmEb9J0pHkeKMvM7Xkxdv+3E0sy5KB0kANOKPFc0\/VebRRnb5+QoZ3Mrtf9BC\/abuZwnrKw="}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085645134000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1313,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1690748853317402}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1690748853317402}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690748853317402,"pkt":"eJS0JASgYDjgxTWgCABFAABiGQIAAH8REt3AqAJkVBD4j+1PdZIATnKmPAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAJAAAAAAAAAAkdjp3RMzFPjpS+Wr+8IHfk2zWlV90jwStZ3EBEfsVDkg=="}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -51,7 +51,7 @@
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1690749276056149,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1690749276056149,"pkt":"eJS0JASgYDjgxTWgCABFAAENI8IAAH8RmufAqAJkTp9qi+tAbrcA+U1QtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAug8yp8Qv8TeWfHQtc3YYH0QzMa6rPBBh7r86MQSgH+LNvWKGO1aam6d5zesL+sUrF6Ua+4CYT4UxlWoLk8it1sGIVwsHw8kPIqURbyn87lSjBx+EtL3kcCJd9kbwqoHNYYl8vr8h\/pQyPDY\/ybl6Qwn\/XMkSLUm2ozx+ocAL3SGobGPEaWQ9OWNjOTl7uDiKpBrygQ3id7tOI36I6GmEl\/Tp54jwr5vadXwcWL1EaB7bvcFBmu9\/MyRxHuzsWY\/Iy1vmeVBmRgJ+QgzZSkyjLg=="}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1690749276072688,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1690749276072688,"pkt":"eJS0JASgYDjgxTWgCABFAABuI8MAAH8Rm4XAqAJkTp9qi+tAbrcAWmUpu3tPZAeQ46M6mABOvfTiLmhjk5Eo7IVF5El0OH9Oalhsd6e845+k7R3mRhdmSAjukoEpvToeTF5uw4+ZNVffp2IhCQbEzT+aUmfmbrcP3OMEDg=="}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853790269,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1150,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1690749276312337,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1690750256496605}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1690750256496605}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750256496605,"pkt":"eJS0JASgYDjgxTWgCABFAABivOoAAH8R9mXAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -61,7 +61,7 @@
 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1690750257223299,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1690750257223299,"pkt":"eJS0JASgYDjgxTWgCABFAAD9vO0AAH8R9cfAqAJkTp92j9ikVasA6U89twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJayDQss1yqjCVCoRYctWeyPGeh+rCqtfCAIezh5tfYD49Oxy7cP6xgAn1J2UkUSha0Yjsn7UHAsO+lM\/OP0MxdkHqrKyWhPVzyEGXJI+V1GZ5uZtKBSxmQ2LpU\/fF1GAhhx4zkZTb6htgJ9EmSVdNHDsFhdFkst7D5VTXje47jWx68FCg42Rr02\/Qmpgfh4mPfHHczsTnssYMMZB0Psd4i03cSDcEnIP2kzIf0IYx8G8rXQ3qhVAEUIr1uuv2oqp"}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749276312337,"flow_dst_last_pkt_time":1690749276197934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1136,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750257417113,"flow_dst_last_pkt_time":1690750257436073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":399,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":105,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1690750257436073}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":105,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1690750257436073}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 105/105
 ~~ skipped flows.............: 0
@@ -70,10 +70,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514050 bytes
-~~ total memory freed........: 5514050 bytes
+~~ total memory allocated....: 5514170 bytes
+~~ total memory freed........: 5514170 bytes
 ~~ total allocations/frees...: 86031/86031
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 977 chars
-~~ json message avg len.......: 771 chars
+~~ json message avg len.......: 770 chars
diff --git a/test/results/default/custom_categories.pcapng.out b/test/results/default/custom_categories.pcapng.out
index 7ac27dd69..393e0370c 100644
--- a/test/results/default/custom_categories.pcapng.out
+++ b/test/results/default/custom_categories.pcapng.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159918266121}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159918266121}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159918266121,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918266121,"pkt":"AGCXrkniAACGApxRht1gAAAAACgGQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yEAAAAAoAIgAOtZAAACBAWgAQMDAAEBCAoACMpXAAAAAA=="}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918323110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918323110,"pkt":"AACGApxRAGCXrkniht1gAAAAACgGPSABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABUYT80Ax6BePWdvMioBIhXG9FAAACBATEAQMDAAEBCAoAAWklAAjKVw=="}
@@ -10,7 +10,7 @@
 01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":921159918404039,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}}
 01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918542802,"flow_dst_last_pkt_time":921159918745464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":921159918745464,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}}
 02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159920416135,"flow_dst_last_pkt_time":921159920477444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":1335,"midstream":0,"thread_ts_usec":921159920477444,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":56989,"avg":140688.3,"max":385938,"stddev":76774.1,"var":5894261248.0,"ent":4.8,"data": [56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444]},"pktlen": {"min":72,"avg":135.7,"max":640,"stddev":113.0,"var":12766.0,"ent":4.7,"data": [80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116]},"bins": {"c_to_s": [12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1372147721244685}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1372147721244685}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1372147721244685,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244685,"pkt":"AA4M4kUbACNaf3GXCABFAAA87cpAAEAG1CSsGtssrB5FZ+UPABbU06naAAAAAKACOQjEsQAAAgQFtAQCCAoplUQQAAAAAAEDAwc="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244833,"pkt":"ACNaf3GXAA4M4kUbCABFAAA8AABAAEAGwe+sHkVnrBrbLAAW5Q9l97pw1NOp26ASFqC2AgAAAgQFtAQCCAoIsgfsKZVEEAEDAwc="}
@@ -23,11 +23,11 @@
 01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721255988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721256013,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":""}}}
 01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721258988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1372147721258988,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":"500033A73A293E7C36743693D0D4596B"}}}
 01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159923590712,"flow_dst_last_pkt_time":921159923604621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":879,"flow_dst_tot_l4_payload_len":3747,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1536820136171967}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1536820136171967}
 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536820136171967,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536820136171967}
 00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":346,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":346,"pkt_l4_len":0,"thread_ts_usec":1372147721351034,"pkt":"AAAAEABx1JToDq3KgQABHYEAAHmIZBEAIXUBPgBXYA+EAwEUMjIqAQ40729DQJS+XazCCtKgIAEWcAAIQKagjjMrqmkY3CxYL7oAAAAB9z4M1SEeGqQ7VD\/8uYulUwNGJm\/OK8amyLr31U5ficc+rCHRtb\/T3cgFN7Omq98Xcc2KqKObdmG5QJsjAR6nscPvKVK5EQQ2CtXgQ2ekli85AWg\/\/9hDrwzDTYQCdc04v178i1vzDmCn1E6C0ltXFPME9jPS9nyo6OU4GZzL4WKFeXnOWd820KgwjMMCcUzamtrkQtu\/aKLDIzQKRkoT5GPfQKPWU5curqG35\/fVuD6MuVU49VS296Pb0Kuy+euctUZkgyPAOdaQzWXn8dfRYDWVRLmvOnjyARednGx7v5AEEw0GOFVD4kR8htGuevYonoWDIkWmw5\/cutFIs5NF1fWRfG6VNRiBgVSHZg=="}
 01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721351034,"flow_dst_last_pkt_time":1372147721311475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1536820136171967}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1536820136171967}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 85/84
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506657 bytes
-~~ total memory freed........: 5506657 bytes
+~~ total memory allocated....: 5506697 bytes
+~~ total memory freed........: 5506697 bytes
 ~~ total allocations/frees...: 85962/85962
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 313 chars
diff --git a/test/results/default/custom_risk_mask.pcapng.out b/test/results/default/custom_risk_mask.pcapng.out
index 87fffbf12..9b63f5021 100644
--- a/test/results/default/custom_risk_mask.pcapng.out
+++ b/test/results/default/custom_risk_mask.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104378045695}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104378045695}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMANk5E\/PiuTCJLht1gAAAAACYRAf6AAAAAAAAAB8DnTofDXZP\/AgAAAAAAAAAAAAAAAQADGlUU6wAmkyP2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1470104378045695}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1470104378045695}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500147 bytes
-~~ total memory freed........: 5500147 bytes
+~~ total memory allocated....: 5500187 bytes
+~~ total memory freed........: 5500187 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 580 chars
+~~ json message min len.......: 578 chars
 ~~ json message max len.......: 1132 chars
-~~ json message avg len.......: 851 chars
+~~ json message avg len.......: 850 chars
diff --git a/test/results/default/custom_rules_ipv6.pcapng.out b/test/results/default/custom_rules_ipv6.pcapng.out
index 501e67abf..478f34fb9 100644
--- a/test/results/default/custom_rules_ipv6.pcapng.out
+++ b/test/results/default/custom_rules_ipv6.pcapng.out
@@ -1,9 +1,9 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159902141757}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159902141757}
 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159902141757,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":921159902141757,"pkt":"AGCXun1\/AACGUYYrht1gAAAAACQRQD\/+BQcAAAABAgCG\/\/4FgNo\/\/gUBSBkAAAAAAAAAAABCVDIU1QAkkJMABgEAAAEAAAAAAAAGaXRvanVuA29yZwAA\/wAB"}
 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":510,"pkt_l4_len":456,"thread_ts_usec":921159902215272,"pkt":"AACGUYYrAGCXun1\/ht1gAAAAAcgR5j\/+BQFIGQAAAAAAAAAAAEI\/\/gUHAAAAAQIAhv\/+BYDaFNVUMgHInvQABoWAAAEABgACAAUGaXRvanVuA29yZwAA\/wABwAwAAgABAAAOEAAUB2NvY29udXQGaXRvanVuA29yZwDADAACAAEAAA4QABoFdGlnZXIFaGlyb28Ib3Nob2t1amkDb3JnAMAMAA8AAQAADhAAFgAKB2NvY29udXQGaXRvanVuA29yZwDADAAPAAEAAA4QABMAFARraXdpBml0b2p1bgNvcmcAwAwAAQABAAAOEAAE0qBfYcAMAAYAAQAADhAAMQZpdG9qdW4Db3JnAARyb290Bml0b2p1bgNvcmcAC+pHaAAADhAAAAEsADbugAAADhDADAACAAEAAA4QABQHY29jb251dAZpdG9qdW4Db3JnAMAMAAIAAQAADhAAGgV0aWdlcgVoaXJvbwhvc2hva3VqaQNvcmcAB2NvY29udXTADAABAAEAAA4QAATSoF9hBXRpZ2VyBWhpcm9vCG9zaG9rdWppwBMAAQABAAAOEAAE0pEh8gRraXdpwAwAHAABAAAOEAAQP\/4FAQQQAAACwN\/\/\/kcDPsFzABwAAQAADhAAED\/+BQEEEAEAUlQA\/\/7aSL\/BcwABAAEAAA4QAATSoF9j"}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1639052947771491}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1639052947771491}
 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1287,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1287,"pkt_l4_len":1233,"thread_ts_usec":1639052947771491,"pkt":"AAAAAAAAAAIAMzxWht1gAAAABNERPyR\/hVteFjyvPyxBNJWSZhshvLJzf2iI13eoBYU5kJJ7AGQHxwTRtFQX\/v0AAQAAAAAaDQS8AAEAAAAAGg3ty6JKrYU18U2SnV6TZ4GWPTkMaTeI9UivesrOAyLeyxCH9Ett98n\/BUnyUWlx5VOsHuSnNHK30aiWa0bQql\/OXO+\/gsGi9Vb3WsWwYwBW0pVyHQ0B46+DlfcYN9qmkFlJh9kPJ0YDdosoedP6B1hATFaaYqjsVizwYv4HbXzokGD8PNwSlO3kQDrYIDtSZtpx53PdVwuoZxmUt2\/suWUGs8IBjSst\/7lN9W\/tNGh8FPVXN62L5CDnpEZkkIUsEaeXQROB99R7U\/ALAM\/PILPWGKHcK40NY0zdzRDoPZgcslPBdXAvOL0SyOsktYL4LsfNMroozoQrT1QygQh\/o+MoyM33fxWmZDikDkltMfPc33LY24DbMLEUJSzHfiOjIRCt2AqzjcvSCQ38yEO+w9IlHTAlWBz5qVIMz7e1qCh3VJZC2Uk5DzFw28f9kldm3DfO9X7n7ddcO7HPXGEKSAl\/dwOtNCSxzRyxVMkINXT1F8R3Kr1X0P79jeYNVsXDuoN440ZxqXaTe3v0EasLalE31omPrKPox8OjFKowZ\/SB2G59InZnkarkjdu7hofmRIpcf1D0LJ3M2t8stXvQJI6nUBwyqpp5ngwHNvz79ijs5osivjMa3ty3XsPR+UNx8lznc42OZ1sGTXR0GLXtbRRqi7Z+4UroQBOGMmj+qZ8+nmZa1QVZaDNzAO8RnvnWLVhMuivh1V4phVCw91Xn3+UI\/Yq\/HuRtkiiI4kcN+I7R7A0JaMt0M2QaUHpH\/RO\/Z5WhuDGAMKrjoa7iJZvXMIIyECgYOrb7SOnPE2s3lSzDu7L3oxtwwlAylIXUQaomQnBMvB3FgbB6sUeYuhXFnMNy372f9keLastrb\/zBNJ51N\/OVuA6B8wsbBsXGn8cGnWZR2no5OrWHInzQk69yG731TtvqCHK0cXkmZv8FcaBZBELVB9ipqEVcSZkd+jnn\/t8Abzkn7pB+sMPEXMqIs5QJ7XJPl0ndMGtuhy6yPPoXAW+ICkWKMXbgJRWDbCXvYXNR4+vU\/VosznWRONI5l3QbtVvN+cDigIswYX29jz4xZcn6V4kBfpRMLOAzyovu9Kqb4CMRAAZG3cC2PKlxE5a1Le13Q1hKVJKJpAITen73s\/tG1LSh8h0ljZQqCT9vsB418MDr50io5+X4sUm3wUHzm6zfNYpxQupY1pT1JptaHZiDxZjS3ZXx6kha2vcHtmQyYyxdoRL9hcTVRT8MNr4FV7Wcl6hfgek7k1qWbCCdZejjISGI+kEtgx0Q6LVKF6ecXJ3rg4aQXVd2dslKHzHPrIAHtxUnnqmjZyXIQ2ftOFVgObSb+gEi\/MesMAdhLiYHOOuP+UEVRIAuAkdvrQn+T4E6jQ\/y2JFluy8pQnPkoLwOumUrd5SpyEaqoCaTiXWXj4KqbJyqqSa5WR\/Tqdr8FovyWg3dT0gR6zCv6HfHWt1gY7rHuLyUJN3p3vhJlqMR6cesxmaJwoXuqhhOLnvYjvUbc\/hIxS8Bbqpi4atOXiC6GVEtb4bWUS\/ux9Fq2ZwJ4B\/5D0UfjHbWiETDrnG4dRBdY8Qzx3a3pDvzONf1PZ1KOdnkPMqzglGKxtgmCYP53\/TX"}
 00982{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -12,7 +12,7 @@
 00985{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00899{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1697468695606215}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1697468695606215}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":318,"pkt_l4_len":264,"thread_ts_usec":1697468695606215,"pkt":"MzMAAAABdKy5BVOoht1gCiQKAQgRAf6AAAAAAAAAdqy5\/\/5swST\/AgAAAAAAAAAAAAAAAAABMa9pcQEICAgCBgD8NQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAACAAp0rLlswSTAqAGKNQAEAAAAAAEABnSsuWzBJAoABAAaK9ALAApVQVAtQUMtUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNS4yOCsxNDQ5MS4yMzAxMjcuMTYxMhYADDYuNS4yOC4xNDQ5MRUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAGwbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGywAAQA4AAEA"}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fedd:a1e2","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -31,7 +31,7 @@
 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12719,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1697468695606215}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":3950,"total-not-detected-flows":5,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1697468695606215}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -40,10 +40,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511125 bytes
-~~ total memory freed........: 5511125 bytes
+~~ total memory allocated....: 5511245 bytes
+~~ total memory freed........: 5511245 bytes
 ~~ total allocations/frees...: 85930/85930
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 581 chars
+~~ json message min len.......: 579 chars
 ~~ json message max len.......: 2220 chars
-~~ json message avg len.......: 1399 chars
+~~ json message avg len.......: 1398 chars
diff --git a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out
index 0c78ca133..df0af757b 100644
--- a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -1,5 +1,5 @@
-00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680119132471406}
+00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680119132471406}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119132471406,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119132471406,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3NAAEAGvqXAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4ViAAAAAAEDAwc="}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1680119133500058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119133500058,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3RAAEAGvqTAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4lnAAAAAAEDAwc="}
@@ -7,7 +7,7 @@
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119137435431,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119137435431,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LchAAEAGRFHAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5jGAAAAAAEDAwc="}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119138460059,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LclAAEAGRFDAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5zHAAAAAAEDAwc="}
-00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1690371375710832}
+00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1690371375710832}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371375710832,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371375710832,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o61AAEAGzmvAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTfYAAAAAAEDAwc="}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1690371376732151,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371376732151,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o65AAEAGzmrAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTvVAAAAAAEDAwc="}
@@ -18,7 +18,7 @@
 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119135516058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01011{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1690371378748110}
+00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1690371378748110}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502689 bytes
-~~ total memory freed........: 5502689 bytes
+~~ total memory allocated....: 5502745 bytes
+~~ total memory freed........: 5502745 bytes
 ~~ total allocations/frees...: 85895/85895
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 587 chars
diff --git a/test/results/default/dazn.pcapng.out b/test/results/default/dazn.pcapng.out
index 7f1b56d31..19afaf6a4 100644
--- a/test/results/default/dazn.pcapng.out
+++ b/test/results/default/dazn.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1653830614885814}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1653830614885814}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614885814,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614885814,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614902501,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="}
@@ -24,7 +24,7 @@
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","proto_id":"91.292","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1653830641520526}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1653830641520526}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -33,8 +33,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5515037 bytes
-~~ total memory freed........: 5515037 bytes
+~~ total memory allocated....: 5515093 bytes
+~~ total memory freed........: 5515093 bytes
 ~~ total allocations/frees...: 85906/85906
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 557 chars
diff --git a/test/results/default/dcerpc.pcap.out b/test/results/default/dcerpc.pcap.out
index 321bf1fe5..cb1a87d33 100644
--- a/test/results/default/dcerpc.pcap.out
+++ b/test/results/default/dcerpc.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1602860709979607}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1602860709979607}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_usec":1602860709979607,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -26,7 +26,7 @@
 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993940,"flow_src_last_pkt_time":1602860710062922,"flow_dst_last_pkt_time":1602860709993940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860710032496,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":953,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3454,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063382,"flow_src_last_pkt_time":1602860710063386,"flow_dst_last_pkt_time":1602860710063382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1602860710071385}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1602860710071385}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 16/16
 ~~ skipped flows.............: 0
@@ -35,10 +35,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504953 bytes
-~~ total memory freed........: 5504953 bytes
+~~ total memory allocated....: 5505025 bytes
+~~ total memory freed........: 5505025 bytes
 ~~ total allocations/frees...: 85909/85909
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 1808 chars
-~~ json message avg len.......: 1187 chars
+~~ json message avg len.......: 1186 chars
diff --git a/test/results/default/dhcp-fuzz.pcapng.out b/test/results/default/dhcp-fuzz.pcapng.out
index 56f329404..0bc2cef6b 100644
--- a/test/results/default/dhcp-fuzz.pcapng.out
+++ b/test/results/default/dhcp-fuzz.pcapng.out
@@ -1,10 +1,10 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1268519154926217}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1268519154926217}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1268519154926217,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"}
 00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1268519154926217}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1268519154926217}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5497974 bytes
-~~ total memory freed........: 5497974 bytes
+~~ total memory allocated....: 5497998 bytes
+~~ total memory freed........: 5497998 bytes
 ~~ total allocations/frees...: 85860/85860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 1004 chars
-~~ json message avg len.......: 771 chars
+~~ json message avg len.......: 770 chars
diff --git a/test/results/default/diameter.pcap.out b/test/results/default/diameter.pcap.out
index 813cbf0a0..b4743dad4 100644
--- a/test/results/default/diameter.pcap.out
+++ b/test/results/default/diameter.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1263278878271686}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1263278878271686}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_usec":1263278878271686,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1263278878336701,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1263278878344805,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_usec":1263278878350601,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878357703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":308,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":644,"midstream":1,"thread_ts_usec":1263278878357703,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1263278878357703}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1263278878357703}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498147 bytes
-~~ total memory freed........: 5498147 bytes
+~~ total memory allocated....: 5498171 bytes
+~~ total memory freed........: 5498171 bytes
 ~~ total allocations/frees...: 85866/85866
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 1014 chars
-~~ json message avg len.......: 790 chars
+~~ json message avg len.......: 789 chars
diff --git a/test/results/default/discord.pcap.out b/test/results/default/discord.pcap.out
index b97895422..061cef5cc 100644
--- a/test/results/default/discord.pcap.out
+++ b/test/results/default/discord.pcap.out
@@ -1,4 +1,4 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42193200,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42193200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":42193200,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":42208691,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="}
@@ -8,7 +8,7 @@
 01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":42225002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2"}}}
 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1312,"pkt_l4_len":1278,"thread_ts_usec":42225262,"pkt":"CAAnW\/mGUlQAEjUCCABFAAUSAYsAAEAGRMSin4DpCgACDwG7p1IAKQmuhl3zuVAY\/\/\/akgAAFw0yMDAxMjcxMjQ4MDhaFw0yNDEyMzEyMzU5NTlaMEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBFQ0MgQ0EtMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmtTWaZFAtG7B+B0SpQHp0DFS80En0tlriIOJuFX4+\/u03vYUbEyXPUJE\/g7hzObLNRcS9q7kwFCXfTcmKkm9ejggFoMIIBZDAdBgNVHQ4EFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8wHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMG0GA1UdIARmMGQwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCwYJYIZIAYb9bAECMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQAFJB3dG7Aq65jWheM5TV5rV52CV\/zr6DGiV5BlBb4WRDhadwK5zxBCxuGSpONFJ\/gARyxoqFaZU1SPrZ5AwdAPttcNCzhIbFAsSZAGW2Qdi8xIMC7eCOKbSSLAkgwRXpaSlNX8INxWbOWSk796HMA344VJFfor4XQ5GA+32vOiV1hgT8yOlAD8Rns0MT5NR4KBOsv0iV0O700NbpwbgiTdMiVdEXhRED2gNSMEL2VvnMHRQ9fQHvMxZ1kn3WvSdQmTESQkFM8pvuYjw7iPcj\/pB8gkRFN6s7lhZaFMDsZIAMl1YwWHcEVSg9OVnUXq8OgxHX4JHwr+Pt2qPF500qyxFgMDAR8WAAEbAQABFzCCARMKAQCgggEMMIIBCAYJKwYBBQUHMAEBBIH6MIH3MIGeohYEFKXON+rrsHUOlGeItEX62SQQh5YfGA8yMDIxMDYwNDE2NTQ1OVowczBxMEkwCQYFKw4DAhoFAAQUEteLQCw1Ygb6gn+O2JIkEbSs9QQEFKXON+rrsHUOlGeItEX62SQQh5YfAhAH3YJIZrz5uC05EWraPqhcgAAYDzIwMjEwNjA0MTYzOTAyWqARGA8yMDIxMDYxMTE1NTQwMlowCgYIKoZIzj0EAwIDSAAwRQIhAMXROKXZ7Jt8Zi554DB7quPCK\/IZFlmTaZZnz0VZFHNpAiACcSV+13HWn1ohsEui9BTB3RCy2aPuehedNO\/\/FOrpQBYDAwBzDAAAbwMAHSCkniGEc6D0P0\/zc1ti1h5Xij6mTf1b+LwAXyazuTPOIQQDAEcwRQIgFOasmmQ0Pr7QbXb\/XK1MLPUyhzbInReveIgZXB8OeaoCIQC4F4W16GCAbAzpDvdw8iubNMQsnWU0ZKVkBEftiyeqwhYDAwAEDgAAAA=="}
 01644{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":2710,"midstream":0,"thread_ts_usec":42225262,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","tls": {"version":"TLSv1.2","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1209h2_d34a8e72043a_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1656934210298000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1656934210298000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1656934210298000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkfNMAAH8RxTjAqAJkQhb0mtvPw1QAEHq2EzfK\/g4AAAA="}
 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}}
@@ -34,7 +34,7 @@
 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210363000,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.237.11","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1656934210363000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkjuxAADcRwq5CFu0LwKgCZMNU288AEItFEzfK\/gUAAAAAAAAAAAAAAAAA"}
 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":42193200,"flow_src_last_pkt_time":42233199,"flow_dst_last_pkt_time":42247831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":3037,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1657223719868000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1657223719868000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657223719868000,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657223719868000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":57955,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719868000,"pkt":"eJS0JASgYDjgxTWgCABFAABmlIAAAH8R3TbAqAJkQhbEreJjw1QAUnMiAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb3Q="}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719895000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719895000,"pkt":"YDjgxTWgeJS0JASgCABFAABmFK9AADoRYghCFsStwKgCZMNU4mMAUpwIAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mM="}
@@ -155,7 +155,7 @@
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1657224199898000,"flow_src_last_pkt_time":1657224200131000,"flow_dst_last_pkt_time":1657224200128000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":2845,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63362,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224139897000,"flow_src_last_pkt_time":1657224140295000,"flow_dst_last_pkt_time":1657224140441000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61392,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1657224079896000,"flow_src_last_pkt_time":1657224081830000,"flow_dst_last_pkt_time":1657224081824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":1206,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":58322,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_usec":1657224319898000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_usec":1657224319898000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224319898000,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224319898000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62379,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319898000,"pkt":"eJS0JASgYDjgxTWgCABFAABmywMAAH8RprPAqAJkQhbErfOrw1QAUprMAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoI="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319945000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319945000,"pkt":"YDjgxTWgeJS0JASgCABFAABmaGhAADoRDk9CFsStwKgCZMNU86sAUnl4AAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA86s="}
@@ -260,7 +260,7 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1657224679899000,"flow_src_last_pkt_time":1657224680269000,"flow_dst_last_pkt_time":1657224680139000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61060,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657224739899000,"flow_src_last_pkt_time":1657224740128000,"flow_dst_last_pkt_time":1657224739929000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":299,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":3296,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63893,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224799899000,"flow_src_last_pkt_time":1657224800581000,"flow_dst_last_pkt_time":1657224800795000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":2902,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":52323,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":263,"global_ts_usec":1657224919900000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":263,"global_ts_usec":1657224919900000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224919900000,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224919900000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":65053,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919900000,"pkt":"eJS0JASgYDjgxTWgCABFAABm+q8AAH8RdwfAqAJkQhbErf4dw1QAUjxpAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAinM="}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919927000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919927000,"pkt":"YDjgxTWgeJS0JASgCABFAABmvT9AADoRuXdCFsStwKgCZMNU\/h0AUmSUAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/h0="}
@@ -313,7 +313,7 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225099902000,"flow_src_last_pkt_time":1657225101391000,"flow_dst_last_pkt_time":1657225101610000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":59240,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657224979900000,"flow_src_last_pkt_time":1657224980585000,"flow_dst_last_pkt_time":1657224980595000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1122,"flow_dst_tot_l4_payload_len":1292,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":49648,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657225159904000,"flow_src_last_pkt_time":1657225160168000,"flow_dst_last_pkt_time":1657225159930000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":1771,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62481,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":411,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_usec":1657225160168000}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":411,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_usec":1657225160168000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 411/411
 ~~ skipped flows.............: 0
@@ -322,8 +322,8 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5588571 bytes
-~~ total memory freed........: 5588571 bytes
+~~ total memory allocated....: 5589123 bytes
+~~ total memory freed........: 5589123 bytes
 ~~ total allocations/frees...: 86645/86645
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 516 chars
diff --git a/test/results/default/discord_mid_flow.pcap.out b/test/results/default/discord_mid_flow.pcap.out
index d31c2d813..10d2a1ab5 100644
--- a/test/results/default/discord_mid_flow.pcap.out
+++ b/test/results/default/discord_mid_flow.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444902267546}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444902267546}
 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902267546,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902267546}
 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDmyQAA2EUNIQhbyhAUkjeTDUdaXADysR4HJAAcAFi\/9U3EJWSzwZdVy25rBGVhGPGQBRx\/4s1vL+mbg\/hL8rWooq\/qDozlbBiYhAAA="}
 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444903267716,"packet_id":2,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444903267716}
@@ -32,7 +32,7 @@
 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AWgAhRQAAWERnAAB\/ES+LBSSN5EIW8oTWl8NRAETgQYDIAAYAFi\/9+yCCO3My0Tvo+T4AtA5exBK1zkrGAV0k2VqCPuVJGZMMW3h3lrKvNPY5LxBLvqs9ywEAgA=="}
 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444911267758,"packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444911267758}
 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDzIQAA2EUAyQhbyhAUkjeTDUdaXADx1CoHJAAcAFi\/9SPerYXcFME3U81PRyMrjJiWKLfADxN490f944PcsGQYO71EGes1sJS8hAAA="}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1673444926267852}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1673444926267852}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 40/0
 ~~ skipped flows.............: 0
@@ -41,10 +41,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 309 chars
-~~ json message max len.......: 646 chars
-~~ json message avg len.......: 475 chars
+~~ json message max len.......: 644 chars
+~~ json message avg len.......: 474 chars
diff --git a/test/results/default/dlep.pcapng.out b/test/results/default/dlep.pcapng.out
index c2a21f6a6..bf5dd24c8 100644
--- a/test/results/default/dlep.pcapng.out
+++ b/test/results/default/dlep.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1565709120718355}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1565709120718355}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1565709120718355,"pkt":"AQBeAAB1AAAAqgAACABFAAA4CyxAAP8RhhIKAAAB4AAAdd7kA1YAJOqrRExFUAABABQABAAQAGVtdWxhdGVkLXJvdXRlcg=="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120718355,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -13,7 +13,7 @@
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120720050,"flow_src_last_pkt_time":1565709120720050,"flow_dst_last_pkt_time":1565709120720050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.0.0.1","src_port":44515,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1565709120718355,"flow_src_last_pkt_time":1565709120718355,"flow_dst_last_pkt_time":1565709120718355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.117","src_port":57060,"dst_port":854,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1565709120723425,"flow_src_last_pkt_time":1565709120723425,"flow_dst_last_pkt_time":1565709120726405,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1565709120726405,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":51762,"dst_port":854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DLEP","proto_id":"400","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1565709120726405}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlep.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1565709120726405}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -22,8 +22,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502405 bytes
-~~ total memory freed........: 5502405 bytes
+~~ total memory allocated....: 5502461 bytes
+~~ total memory freed........: 5502461 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/dlms.pcap.out b/test/results/default/dlms.pcap.out
index 191a607fa..0f5936c8f 100644
--- a/test/results/default/dlms.pcap.out
+++ b/test/results/default/dlms.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1520780595035623}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1520780595035623}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595035623,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1520780595035623,"pkt":"lDnlrnyR3KkEgvOKCABFAABAAABAAEAGppXAqIkUwKiJve19D9yvhVkrAAAAALAC\/\/+DkQAAAgQFtAEDAwUBAQgKBgITPAAAAAAEAgAA"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1520780595035623,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1520780595035701,"pkt":"3KkEgvOKlDnlrnyRCABFAAA8AABAAEAGppnAqIm9wKiJFA\/c7X0R5x5nr4VZLKAScSAumQAAAgQFtAQCCAptmVbiBgITPAEDAwc="}
@@ -7,7 +7,7 @@
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1520780595041619,"pkt":"lDnlrnyR3KkEgvOKCABFAAA9AABAAEAGppjAqIkUwKiJve19D9yvhVksEeceaIAYEBWKJQAAAQEICgYCEz5tmVbifqAHAyGTDwF+"}
 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595035701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1520780595041619,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1520780595041619,"flow_dst_last_pkt_time":1520780595041656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1520780595041656,"pkt":"3KkEgvOKlDnlrnyRCABFAAA0+YlAAEAGrRfAqIm9wKiJFA\/c7X0R5x5or4VZNYAQAOPNkQAAAQEICm2ZVugGAhM+"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1522419490000000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":2302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1522419490000000}
 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":17,"thread_ts_usec":1522419490000000,"pkt":"CgICAgICCgEBAQEBCABFAAAlEjQAAP8Rko4KAQEBCgICAgAAD9sAEUWjfqAHAwOTjBF+AAAAAAAAAAAA"}
 00901{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000000,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000000,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -17,7 +17,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1522419490000004,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1522419490000004,"pkt":"CgICAgICCgEBAQEBCABFAAA3EjQAAP8RknwKAQEBCgICAgAAD9sAIz7OfqAZAyHcH9bm5gDAAcEADwAAKAAA\/wcAKS1+"}
 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1522419490000000,"flow_src_last_pkt_time":1522419490000008,"flow_dst_last_pkt_time":1522419490000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"10.1.1.1","dst_ip":"10.2.2.2","dst_port":4059,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 01111{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1520780595035623,"flow_src_last_pkt_time":1520780595062222,"flow_dst_last_pkt_time":1520780595062256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":2270,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1522419490000008,"l3_proto":"ip4","src_ip":"192.168.137.20","dst_ip":"192.168.137.189","src_port":60797,"dst_port":4060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"IEC62056","proto_id":"379","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1522419490000008}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dlms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":2691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1522419490000008}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502976 bytes
-~~ total memory freed........: 5502976 bytes
+~~ total memory allocated....: 5503016 bytes
+~~ total memory freed........: 5503016 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/dlt_ppp.pcap.out b/test/results/default/dlt_ppp.pcap.out
index 65f95abb2..6dc6ad30e 100644
--- a/test/results/default/dlt_ppp.pcap.out
+++ b/test/results/default/dlt_ppp.pcap.out
@@ -1,7 +1,7 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00272{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031048,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048}
 01950{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","pkt_datalink":9,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_usec":1031048,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
-00620{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_usec":1031048}
+00618{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_usec":1031048}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/0
 ~~ skipped flows.............: 0
@@ -10,8 +10,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 277 chars
diff --git a/test/results/default/dnp3.pcap.out b/test/results/default/dnp3.pcap.out
index 3aaa26163..2ce4c7e24 100644
--- a/test/results/default/dnp3.pcap.out
+++ b/test/results/default/dnp3.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1097501938503079}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1097501938503079}
 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097501938503079,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
@@ -8,7 +8,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503280,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503280,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkmJAAIAGVFsKAAADCgAACE4gCuVSxjiFVRwa03AS\/\/8axQAAAgQFtAEBBAI="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503490,"flow_dst_last_pkt_time":1097501938504844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097501938504844,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02090{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502061905496,"flow_dst_last_pkt_time":1097501941569134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097502061905496,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4079628.2,"max":120145678,"stddev":21203112.0,"var":449571977166848.0,"ent":0.4,"data": [0,0,201,0,0,411,0,0,1564,0,0,151649,0,0,2891882,0,0,795,0,0,3043080,0,0,21210,0,0,212002,0,0,120145678,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.259637833,4.259637833,4.259637833,4.683206558,4.683206558,4.683206558,4.102729797,4.102729797,4.102729797,4.867636204,4.867636204,4.867636204,4.146208286,4.146208286,4.146208286,4.803641796,4.803641796,4.803641796,5.091148376,5.091148376,5.091148376,4.146208286,4.146208286,4.146208286,4.750165939,4.750165939,4.750165939,4.146208286,4.146208286,4.146208286,4.932524681,4.932524681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1097502623045756}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1097502623045756}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097502623045756,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
@@ -17,7 +17,7 @@
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045930,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045930,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkrlAAIAGVAQKAAADCgAACE4gCvNc+rZHZuVtCnAS\/\/8uwAAAAgQFtAEBBAI="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623046134,"flow_dst_last_pkt_time":1097502623047417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097502623047417,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02093{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648521527,"flow_dst_last_pkt_time":1097502648521681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097502648521681,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1643603.1,"max":17487311,"stddev":4346023.5,"var":18887919796224.0,"ent":2.2,"data": [0,0,174,0,0,378,0,0,1487,0,0,181225,0,0,17203302,0,0,17487311,0,0,4814054,0,0,4907006,0,0,3276812,0,0,3079947,0]},"pktlen": {"min":46,"avg":50.8,"max":64,"stddev":7.1,"var":50.0,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1],"entropies": [4.259637833,4.259637833,4.259637833,4.599873543,4.599873543,4.599873543,4.032184124,4.032184124,4.032184124,4.588809967,4.588809967,4.588809967,4.075662136,4.075662136,4.075662136,4.807524681,4.807524681,4.807524681,4.075662136,4.075662136,4.075662136,4.889479637,4.889479637,4.889479637,4.102729797,4.102729797,4.102729797,4.146208286,4.146208286,4.146208286,4.146208286,4.146208286]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1097504102255746}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1097504102255746}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097504102255746,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
@@ -27,7 +27,7 @@
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102256118,"flow_dst_last_pkt_time":1097504102257400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097504102257400,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648678187,"flow_dst_last_pkt_time":1097502648677871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097504103602860,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504186592304,"flow_dst_last_pkt_time":1097504103409070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097504186592304,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2757738.0,"max":82989444,"stddev":14650606.0,"var":214640269197312.0,"ent":0.2,"data": [0,0,167,0,0,372,0,0,1487,0,0,144969,0,0,996855,0,0,774,0,0,1141407,0,0,10263,0,0,204144,0,0,82989444,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.233697891,4.233697891,4.233697891,4.698933601,4.698933601,4.698933601,4.075662136,4.075662136,4.075662136,4.854392529,4.854392529,4.854392529,4.119140625,4.119140625,4.119140625,4.817366600,4.817366600,4.817366600,5.114375591,5.114375591,5.114375591,4.162618637,4.162618637,4.162618637,4.765161514,4.765161514,4.765161514,4.075662136,4.075662136,4.075662136,4.901274681,4.901274681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1097505644006837}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1097505644006837}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505644006837,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
@@ -36,7 +36,7 @@
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644007009,"pkt":"AFAEk3BnAAKzznBRCABFAAAwxfhAAIAGIMQKAAADCgAACU4gBDiWbHn2GWoYHXAS\/\/\/awQAAAgQFtAEBBAI="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505719035890,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505719035890,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02091{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505754575976,"flow_dst_last_pkt_time":1097505754654239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1097505754654239,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7136017.5,"max":75076356,"stddev":19839044.0,"var":393587648888832.0,"ent":1.9,"data": [0,0,172,0,0,422,0,0,75028631,0,0,75076356,0,0,533,0,0,48219,0,0,553,0,0,153041,0,0,35338826,0,0,35569788,0]},"pktlen": {"min":46,"avg":52.7,"max":63,"stddev":5.9,"var":34.5,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.162618637,4.162618637,4.162618637,4.907654285,4.907654285,4.907654285,4.659897804,4.659897804,4.659897804,4.765161991,4.765161991,4.765161991,4.162618637,4.162618637,4.162618637,4.927980900,4.927980900,4.927980900,4.162619114,4.162619114,4.162619114,4.909368515,4.909368515,4.909368515,4.673142433,4.673142433]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1097507785883614}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1097507785883614}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097507785883614,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
@@ -45,7 +45,7 @@
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883753,"pkt":"AFAEk3BnAAKzznBRCABFAAAwx49AAIAGHy4KAAADCgAACE4gBD62X0jyDC0Sy3AS\/\/\/+XAAAAgQFtAEBBAI="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883944,"flow_dst_last_pkt_time":1097507785885063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097507785885063,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02079{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507788771853,"flow_dst_last_pkt_time":1097507788624309,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097507788771853,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":181578.5,"max":2639445,"stddev":625878.8,"var":391724269568.0,"ent":1.5,"data": [0,0,139,0,0,330,0,0,1310,0,0,168563,0,0,2471106,0,0,796,0,0,2639445,0,0,99801,0,0,232167,0,0,15277,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.1,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.119140148,4.119140148,4.119140148,4.854392529,4.854392529,4.854392529,4.162619114,4.162619114,4.162619114,4.767277718,4.767277718,4.767277718,4.850569725,4.850569725,4.850569725,4.119140625,4.119140625,4.119140625,4.806060791,4.806060791,4.806060791,4.206097126,4.206097126,4.206097126,5.071992874,5.071992874]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1097510947092701}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1097510947092701}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097510947092701,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
@@ -54,7 +54,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092859,"pkt":"AFAEk3BnAAKzznBRCABFAAAwyZlAAIAGHSQKAAADCgAACE4gBIfliDTWmKbHVHAS\/\/+iAwAAAgQFtAEBBAI="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947093064,"flow_dst_last_pkt_time":1097510947094289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097510947094289,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":15,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502062040142,"flow_dst_last_pkt_time":1097502061912093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097510950374117,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1097512255234470}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1097512255234470}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097512255234470,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
@@ -64,7 +64,7 @@
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234830,"flow_dst_last_pkt_time":1097512255236054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097512255236054,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":78,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504224083555,"flow_dst_last_pkt_time":1097504223905294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":2730,"midstream":0,"thread_ts_usec":1097512264841740,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097512267645965,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":797257.9,"max":9487840,"stddev":2344670.8,"var":5497481068544.0,"ent":1.9,"data": [0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0]},"pktlen": {"min":46,"avg":52.8,"max":64,"stddev":7.0,"var":48.7,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0],"entropies": [4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1097513177295531}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1097513177295531}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097513177295531,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097513177295531,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
@@ -78,7 +78,7 @@
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":36,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507856257809,"flow_dst_last_pkt_time":1097507856091024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":93,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":774,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510959359091,"flow_dst_last_pkt_time":1097510959487180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1097513185107737}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1097513185107737}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 543/543
 ~~ skipped flows.............: 0
@@ -87,8 +87,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529372 bytes
-~~ total memory freed........: 5529372 bytes
+~~ total memory allocated....: 5529508 bytes
+~~ total memory freed........: 5529508 bytes
 ~~ total allocations/frees...: 86496/86496
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/dns-exf.pcap.out b/test/results/default/dns-exf.pcap.out
index 5bb501cc0..0c986009e 100644
--- a/test/results/default/dns-exf.pcap.out
+++ b/test/results/default/dns-exf.pcap.out
@@ -1,12 +1,12 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694185912616950}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694185912616950}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1694185912616950,"pkt":"rB9rrWosDMR6zE5uCABFAACVxO0AAEARLrPAqALhwKgChrDqADUAgRda\/9UBIAABAAAAAAABOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RQ=="}
-01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+01372{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1694185912617037,"pkt":"DMR6zE5urB9rrWosCABFAACl4RtAAEAR0nTAqAKGwKgC4QA1sOoAkYda\/9WBgAABAAEAAAAAOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RcAMAAEAAQAAADwABMCoAoY="}
-01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":41,"rsp_addr":"0.0.0.0"}}}
-01316{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1694185912617037}
+01486{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":41,"rsp_addr":"0.0.0.0"}}}
+01318{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1694185912617037}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498075 bytes
-~~ total memory freed........: 5498075 bytes
+~~ total memory allocated....: 5498099 bytes
+~~ total memory freed........: 5498099 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
-~~ json message max len.......: 1489 chars
+~~ json message min len.......: 567 chars
+~~ json message max len.......: 1491 chars
 ~~ json message avg len.......: 1010 chars
diff --git a/test/results/default/dns-google-nsid.pcapng.out b/test/results/default/dns-google-nsid.pcapng.out
index be121e753..baeaca0ae 100644
--- a/test/results/default/dns-google-nsid.pcapng.out
+++ b/test/results/default/dns-google-nsid.pcapng.out
@@ -1,11 +1,11 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690622872644843}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690622872644843}
 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1690622872644843,"pkt":"ILAB4IZiNObXAhsnht1gAfZ6ADQRQCABCwcKPcESszICDYmrEF4gAUhgSGAAAAAAAAAAAIhEopgANQA0fuyRUQEgAAEAAAAAAAEAAAIAAQAAKRAAAAAAAAAQAAMAAAAKAAjr5ips77+Grg=="}
 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":314,"pkt_l4_len":260,"thread_ts_usec":1690622872652124,"pkt":"NObXAhsnILAB4IZiht1oBYXDAQQReyABSGBIYAAAAAAAAAAAiEQgAQsHCj3BErMyAg2JqxBeADWimAEE5j2RUYGgAAEADQAAAAEAAAIAAQAAAgABAACPzQAUAWEMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAj80ABAFiwB4AAAIAAQAAj80ABAFjwB4AAAIAAQAAj80ABAFkwB4AAAIAAQAAj80ABAFlwB4AAAIAAQAAj80ABAFmwB4AAAIAAQAAj80ABAFnwB4AAAIAAQAAj80ABAFowB4AAAIAAQAAj80ABAFpwB4AAAIAAQAAj80ABAFqwB4AAAIAAQAAj80ABAFrwB4AAAIAAQAAj80ABAFswB4AAAIAAQAAj80ABAFtwB4AACkCAAAAAAAADQADAAlncGRucy1taWw="}
 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690622872652124,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":2,"rsp_type":2,"rsp_addr":"0.0.0.0"}}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1690735119384155}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1690735119384155}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1690735119384155,"pkt":"EBMx8Tl2nFg8p+7MCABFAABJMKYAAEARAADAqAEdCAgEBOTUADUANc4XTRUBIAABAAAAAAABA3d3dwRudG9wA29yZwAAAQABAAApEAAAAAAAAAQAAwAA"}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -43,7 +43,7 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735122813182,"flow_src_last_pkt_time":1690735122813182,"flow_dst_last_pkt_time":1690735123083988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":62500,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119412632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":107,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":107,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1690735295654626}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1690735295654626}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -52,10 +52,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511411 bytes
-~~ total memory freed........: 5511411 bytes
+~~ total memory allocated....: 5511531 bytes
+~~ total memory freed........: 5511531 bytes
 ~~ total allocations/frees...: 85940/85940
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 579 chars
+~~ json message min len.......: 577 chars
 ~~ json message max len.......: 1116 chars
-~~ json message avg len.......: 846 chars
+~~ json message avg len.......: 845 chars
diff --git a/test/results/default/dns-invalid-chars.pcap.out b/test/results/default/dns-invalid-chars.pcap.out
index ea5373b11..dd64cc713 100644
--- a/test/results/default/dns-invalid-chars.pcap.out
+++ b/test/results/default/dns-invalid-chars.pcap.out
@@ -1,12 +1,12 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946734886956538}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946734886956538}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":946734886956538,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"}
 01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourba???arebelongto.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":946734886957011,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="}
 01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":946734886957011}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":946734886957011}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 579 chars
+~~ json message min len.......: 577 chars
 ~~ json message max len.......: 1232 chars
-~~ json message avg len.......: 895 chars
+~~ json message avg len.......: 894 chars
diff --git a/test/results/default/dns-tunnel-iodine.pcap.out b/test/results/default/dns-tunnel-iodine.pcap.out
index c699166c9..19be3c374 100644
--- a/test/results/default/dns-tunnel-iodine.pcap.out
+++ b/test/results/default/dns-tunnel-iodine.pcap.out
@@ -1,16 +1,16 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1282356640051082}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1282356640051082}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1282356640051082,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051175,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1282356640051175,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
-01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":1282356640051175,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}}
+01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":1282356640051175,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1282356640051979,"flow_dst_last_pkt_time":1282356640051175,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1282356640051979,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1282356640051979,"flow_dst_last_pkt_time":1282356640052258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1282356640052258,"pkt":"CAAnnOC0CAAnx266CABFAACCAABAAEARIjoKAAIUCgACHgA1rl8Abm4wMN+EAAABAAEAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAAHTEwLjIwLjMwLjEtMTAuMjAuMzAuMy0xMTMwLTI0"}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1282356640057774,"flow_dst_last_pkt_time":1282356640052258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1282356640057774,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="}
-02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356645071860,"flow_dst_last_pkt_time":1282356640060900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1434,"flow_src_tot_l4_payload_len":2968,"flow_dst_tot_l4_payload_len":3580,"midstream":0,"thread_ts_usec":1282356645071860,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":93,"avg":162277.3,"max":1002966,"stddev":368318.9,"var":135658823680.0,"ent":2.4,"data": [93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454]},"pktlen": {"min":68,"avg":232.6,"max":1462,"stddev":286.6,"var":82112.7,"ent":4.4,"data": [68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309]},"bins": {"c_to_s": [0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0],"entropies": [4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920]},"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356664538177,"flow_dst_last_pkt_time":1282356664538369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1470,"flow_src_tot_l4_payload_len":16812,"flow_dst_tot_l4_payload_len":35212,"midstream":0,"thread_ts_usec":1282356664538369,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1282356664538369}
+02391{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356645071860,"flow_dst_last_pkt_time":1282356640060900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1434,"flow_src_tot_l4_payload_len":2968,"flow_dst_tot_l4_payload_len":3580,"midstream":0,"thread_ts_usec":1282356645071860,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":93,"avg":162277.3,"max":1002966,"stddev":368318.9,"var":135658823680.0,"ent":2.4,"data": [93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454]},"pktlen": {"min":68,"avg":232.6,"max":1462,"stddev":286.6,"var":82112.7,"ent":4.4,"data": [68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309]},"bins": {"c_to_s": [0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0],"entropies": [4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920]},"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356664538177,"flow_dst_last_pkt_time":1282356664538369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1470,"flow_src_tot_l4_payload_len":16812,"flow_dst_tot_l4_payload_len":35212,"midstream":0,"thread_ts_usec":1282356664538369,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1282356664538369}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 438/434
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510609 bytes
-~~ total memory freed........: 5510609 bytes
+~~ total memory allocated....: 5510633 bytes
+~~ total memory freed........: 5510633 bytes
 ~~ total allocations/frees...: 86296/86296
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 578 chars
-~~ json message max len.......: 2394 chars
+~~ json message min len.......: 577 chars
+~~ json message max len.......: 2396 chars
 ~~ json message avg len.......: 1416 chars
diff --git a/test/results/default/dns.pcap.out b/test/results/default/dns.pcap.out
index b8d68d8fe..a8a56b294 100644
--- a/test/results/default/dns.pcap.out
+++ b/test/results/default/dns.pcap.out
@@ -1,17 +1,17 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="}
 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
 00291{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667}
 00409{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="}
 00291{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144}
 00580{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/3
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498060 bytes
-~~ total memory freed........: 5498060 bytes
+~~ total memory allocated....: 5498084 bytes
+~~ total memory freed........: 5498084 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 296 chars
diff --git a/test/results/default/dns2tcp_tunnel.pcap.out b/test/results/default/dns2tcp_tunnel.pcap.out
index b7e3c7393..faf699461 100644
--- a/test/results/default/dns2tcp_tunnel.pcap.out
+++ b/test/results/default/dns2tcp_tunnel.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1585754662417775}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1585754662417775}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662417775,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1585754662417775,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAADxHSUAAQAYb9sCoFNMBAQEBrXQBu3Drjx4AAAAAoAL68NerAAACBAW0BAIICnay3cMAAAAAAQMDBw=="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1585754662432958,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAADQAAEAAOwZoRwEBAQHAqBTTAbutdOoUh0Fw648fgBL\/\/3bwAAACBAW0AQEEAgEDAwo="}
@@ -10,7 +10,7 @@
 01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662450074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1585754662450074,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"547df21d727c7b3a5dcb59aa0fd97c2c","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1910h2_9dc949149365_d811adc85aab","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 02392{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754667234417,"flow_dst_last_pkt_time":1585754667234382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":832,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1585754667234417,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":310750.0,"max":3088155,"stddev":822603.9,"var":676677156864.0,"ent":2.2,"data": [15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155]},"pktlen": {"min":40,"avg":193.5,"max":1628,"stddev":364.6,"var":132965.6,"ent":3.7,"data": [60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40]},"bins": {"c_to_s": [9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0],"entropies": [4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754670430406,"flow_dst_last_pkt_time":1585754670531367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":4713,"midstream":0,"thread_ts_usec":1585754670531367,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1585754670531367}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1585754670531367}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506463 bytes
-~~ total memory freed........: 5506463 bytes
+~~ total memory allocated....: 5506487 bytes
+~~ total memory freed........: 5506487 bytes
 ~~ total allocations/frees...: 85915/85915
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/dns_ambiguous_names.pcap.out b/test/results/default/dns_ambiguous_names.pcap.out
index e1d2d938e..2bde4b7f0 100644
--- a/test/results/default/dns_ambiguous_names.pcap.out
+++ b/test/results/default/dns_ambiguous_names.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625744123717337}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625744123717337}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1625744123717337,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","proto_id":"5.238","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"41-courier.push.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -60,7 +60,7 @@
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123796920,"flow_src_last_pkt_time":1625744123796920,"flow_dst_last_pkt_time":1625744123823325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422852,"flow_src_last_pkt_time":1625744124422852,"flow_dst_last_pkt_time":1625744124461060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1625744124461060}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1625744124461060}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -69,10 +69,10 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518125 bytes
-~~ total memory freed........: 5518125 bytes
+~~ total memory allocated....: 5518293 bytes
+~~ total memory freed........: 5518293 bytes
 ~~ total allocations/frees...: 85980/85980
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 581 chars
+~~ json message min len.......: 579 chars
 ~~ json message max len.......: 1328 chars
-~~ json message avg len.......: 953 chars
+~~ json message avg len.......: 952 chars
diff --git a/test/results/default/dns_doh.pcap.out b/test/results/default/dns_doh.pcap.out
index f525ca111..602d985b3 100644
--- a/test/results/default/dns_doh.pcap.out
+++ b/test/results/default/dns_doh.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1571089200789290}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1571089200789290}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200789290,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1571089200789290,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1571089200876406,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
@@ -10,7 +10,7 @@
 01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1571089200968629,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_29a2cd9e9f10_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089201723583,"flow_dst_last_pkt_time":1571089201764372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":4202,"midstream":0,"thread_ts_usec":1571089201764372,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61592.7,"max":535341,"stddev":130172.4,"var":16944855040.0,"ent":3.0,"data": [87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6]},"pktlen": {"min":40,"avg":216.9,"max":1340,"stddev":327.3,"var":107137.2,"ent":3.9,"data": [64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71]},"bins": {"c_to_s": [9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1],"entropies": [4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":56,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089204031014,"flow_dst_last_pkt_time":1571089204030791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":3792,"flow_dst_tot_l4_payload_len":8866,"midstream":0,"thread_ts_usec":1571089204031014,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1571089204031014}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1571089204031014}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 142/142
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511614 bytes
-~~ total memory freed........: 5511614 bytes
+~~ total memory allocated....: 5511638 bytes
+~~ total memory freed........: 5511638 bytes
 ~~ total allocations/frees...: 86008/86008
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/dns_dot.pcap.out b/test/results/default/dns_dot.pcap.out
index dbdb1f64e..9dba5908f 100644
--- a/test/results/default/dns_dot.pcap.out
+++ b/test/results/default/dns_dot.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572783663234722}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572783663234722}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663234722,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663234722,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663269648,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
@@ -9,7 +9,7 @@
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663302644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572783663302644,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"}
 01956{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663319899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":3069,"midstream":0,"thread_ts_usec":1572783663319899,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","ja4":"t12d250900_7415a186c913_cdf51c020b42","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}}
 01341{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783666246370,"flow_dst_last_pkt_time":1572783666246346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1572783666246370,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1572783666246370}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1572783666246370}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507003 bytes
-~~ total memory freed........: 5507003 bytes
+~~ total memory allocated....: 5507027 bytes
+~~ total memory freed........: 5507027 bytes
 ~~ total allocations/frees...: 85902/85902
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/dns_exfiltration.pcap.out b/test/results/default/dns_exfiltration.pcap.out
index fb586304e..e45dfeee1 100644
--- a/test/results/default/dns_exfiltration.pcap.out
+++ b/test/results/default/dns_exfiltration.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1580978146717893}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1580978146717893}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1580978146717893,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
 01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -11,7 +11,7 @@
 02497{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978160880828,"flow_dst_last_pkt_time":1580978160882236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":1158,"flow_dst_tot_l4_payload_len":2183,"midstream":0,"thread_ts_usec":1580978160882236,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3976,"avg":913783.2,"max":1035526,"stddev":281798.4,"var":79410348032.0,"ent":4.8,"data": [170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694]},"pktlen": {"min":87,"avg":132.4,"max":372,"stddev":59.1,"var":3497.9,"ent":4.9,"data": [201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134]},"bins": {"c_to_s": [0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978196387731,"flow_dst_last_pkt_time":1580978196389199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":4115,"flow_dst_tot_l4_payload_len":7851,"midstream":0,"thread_ts_usec":1580978196389199,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978206706247,"flow_dst_last_pkt_time":1580978206707432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":26119,"flow_dst_tot_l4_payload_len":34826,"midstream":0,"thread_ts_usec":1580978206707432,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1580978206707432}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1580978206707432}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 300/300
 ~~ skipped flows.............: 0
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506787 bytes
-~~ total memory freed........: 5506787 bytes
+~~ total memory allocated....: 5506811 bytes
+~~ total memory freed........: 5506811 bytes
 ~~ total allocations/frees...: 86162/86162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 578 chars
+~~ json message min len.......: 576 chars
 ~~ json message max len.......: 2502 chars
-~~ json message avg len.......: 1504 chars
+~~ json message avg len.......: 1503 chars
diff --git a/test/results/default/dns_fragmented.pcap.out b/test/results/default/dns_fragmented.pcap.out
index 02996c272..51ef8f0d6 100644
--- a/test/results/default/dns_fragmented.pcap.out
+++ b/test/results/default/dns_fragmented.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1558968008021140}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1558968008021140}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968008021140,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -45,7 +45,7 @@
 01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_usec":1558968031134623,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
 01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968031134623,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1559042371783274}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1559042371783274}
 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_usec":1559042371783274,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"}
 01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2-mgmt.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -73,7 +73,7 @@
 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1560869882430319}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1560869882430319}
 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_usec":1560869882430319,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"}
 01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -150,7 +150,7 @@
 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869895045855,"flow_src_last_pkt_time":1560869895045855,"flow_dst_last_pkt_time":1560869895070558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913756066,"flow_dst_last_pkt_time":1560869913756036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1560869916477286}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1560869916477286}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 66/59
 ~~ skipped flows.............: 0
@@ -159,8 +159,8 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5543372 bytes
-~~ total memory freed........: 5543372 bytes
+~~ total memory allocated....: 5543716 bytes
+~~ total memory freed........: 5543716 bytes
 ~~ total allocations/frees...: 86150/86150
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 325 chars
diff --git a/test/results/default/dns_invert_query.pcapng.out b/test/results/default/dns_invert_query.pcapng.out
index 035380fe2..ad0908d62 100644
--- a/test/results/default/dns_invert_query.pcapng.out
+++ b/test/results/default/dns_invert_query.pcapng.out
@@ -1,11 +1,11 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744019230637}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744019230637}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1618744019230637,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"}
 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"216.58.202.4","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1618744019235548,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1618744019235548,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1618744019235548}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1618744019235548}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498003 bytes
-~~ total memory freed........: 5498003 bytes
+~~ total memory allocated....: 5498027 bytes
+~~ total memory freed........: 5498027 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/dns_long_domainname.pcap.out b/test/results/default/dns_long_domainname.pcap.out
index fcaf5046c..e8a53b2a3 100644
--- a/test/results/default/dns_long_domainname.pcap.out
+++ b/test/results/default/dns_long_domainname.pcap.out
@@ -1,12 +1,12 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
 01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498055 bytes
-~~ total memory freed........: 5498055 bytes
+~~ total memory allocated....: 5498079 bytes
+~~ total memory freed........: 5498079 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 581 chars
+~~ json message min len.......: 579 chars
 ~~ json message max len.......: 1221 chars
-~~ json message avg len.......: 886 chars
+~~ json message avg len.......: 885 chars
diff --git a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out
index 90eb6ae9f..9396ff6a3 100644
--- a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1,5 +1,5 @@
-00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946735705348929}
+00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946735705348929}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705348929,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -30,7 +30,7 @@
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705459813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705459813,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705460564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705460564,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705461257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705461257,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":946739299327173}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":946739299327173}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739299327173,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -1536,7 +1536,7 @@
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739614386871,"flow_src_last_pkt_time":946739614386871,"flow_dst_last_pkt_time":946739614411248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739660371388,"flow_src_last_pkt_time":946739660371388,"flow_dst_last_pkt_time":946739660417793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739861286767,"flow_src_last_pkt_time":946739861286767,"flow_dst_last_pkt_time":946739861499384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00673{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":946739861499384}
+00671{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":946739861499384}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 608/488
 ~~ skipped flows.............: 0
@@ -1545,9 +1545,9 @@
 ~~ total active/idle flows...: 245/245
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6042093 bytes
-~~ total memory freed........: 6042093 bytes
-~~ total allocations/frees...: 89032/89032
+~~ total memory allocated....: 6046164 bytes
+~~ total memory freed........: 6046164 bytes
+~~ total allocations/frees...: 89043/89043
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 338 chars
 ~~ json message max len.......: 2508 chars
diff --git a/test/results/default/dnscrypt-v2-doh.pcap.out b/test/results/default/dnscrypt-v2-doh.pcap.out
index 9f84c2b71..109e9de2d 100644
--- a/test/results/default/dnscrypt-v2-doh.pcap.out
+++ b/test/results/default/dnscrypt-v2-doh.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946739298533748}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946739298533748}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739298533748,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
 01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","ja4":"t13d1910h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
@@ -306,7 +306,7 @@
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739415379583,"flow_dst_last_pkt_time":946739385379086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":3691,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739364914261,"flow_dst_last_pkt_time":946739349138384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":4498,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739327879370,"flow_dst_last_pkt_time":946739305154704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":4520,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":309,"global_ts_usec":946739888204388}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":309,"global_ts_usec":946739888204388}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 577/577
 ~~ skipped flows.............: 0
@@ -315,8 +315,8 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5868737 bytes
-~~ total memory freed........: 5868737 bytes
+~~ total memory allocated....: 5869289 bytes
+~~ total memory freed........: 5869289 bytes
 ~~ total allocations/frees...: 86996/86996
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/dnscrypt-v2.pcap.out b/test/results/default/dnscrypt-v2.pcap.out
index 657a321d9..ef93fd106 100644
--- a/test/results/default/dnscrypt-v2.pcap.out
+++ b/test/results/default/dnscrypt-v2.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946760521313462}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946760521313462}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946760521313462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_usec":946760521313462,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="}
 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":946760521327075,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"}
@@ -15,7 +15,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285191,"flow_src_last_pkt_time":946760605285191,"flow_dst_last_pkt_time":946760605298451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202862,"flow_src_last_pkt_time":946760605202862,"flow_dst_last_pkt_time":946760605216429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946760605298451}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946760605298451}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -24,10 +24,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502491 bytes
-~~ total memory freed........: 5502491 bytes
-~~ total allocations/frees...: 85888/85888
+~~ total memory allocated....: 5502586 bytes
+~~ total memory freed........: 5502586 bytes
+~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 1999 chars
-~~ json message avg len.......: 1285 chars
+~~ json message avg len.......: 1284 chars
diff --git a/test/results/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/default/dnscrypt_skype_false_positive.pcapng.out
index 7acde6087..e5a25be79 100644
--- a/test/results/default/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/default/dnscrypt_skype_false_positive.pcapng.out
@@ -1,16 +1,16 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625015363846677}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625015363846677}
 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625015363846677,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625015363846677,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="}
 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1625015363881095,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"}
 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1625015363881095,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625020200938475}
+00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625020200938475}
 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020200938475,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1625020200970253,"pkt":"YDjgxTWgeJS0JASgCABFAACMI\/pAADQRpqLUL+SIwKgCZAG7twoAeAlVcjZmbnZXajhLx65R\/8kXF75ne7erN1aKqAFT9tSdFNk+\/FY4BWykKt5VBHfuRsQIXEdAWbATnDkescRMFqApy\/x1xRRyQOqpZlSFj2MoC\/ojSMDHYB0u+03LWvVBM3MXLjO1DiMtdOl\/yGx2VrztXQ=="}
 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":352,"midstream":0,"thread_ts_usec":1625020200970253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020500944370,"pkt":"eJS0JASgYDjgxTWgCABFcAIc0FIAALcRtUnAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD1a7lthGyhcXsTywP0kSgKzMOKxLpaXyj+9OZAFS8DY5Bm4L6EvzNq4lEGOPhLCjDamIIC0\/kBi+logo8aCs8Ykn1kcDSMHr5ohPkH5ojDFTDgfmwbydb9VkrPfnTo30VRoMTeB8FjhWHQEihOvRCilI3eOZjQ28Yfe1\/VN8xjLtW7ba4LSN2xCht1I09+EoUxpQ96D64sakFbj1gbWIfFC6mjxNpJkUYgFtEUrHrbQo6Yb4wDxxrHKxSGf5tYgGK8+4GML8fzlbAPa7o6RV3JY5yXNFJ3MnYVZDLyK7vZpuX+W0QdpvlOoXdQgu5V\/1vYCuIbYyjD1E\/aqH6T1VVYtREkaXUDd2\/HQM\/9A9d0RFNq36PferQRHvpzqWhRknav7p0NkGaOvxNr4arkI\/fXVJ5MfbPAbPxakCs4BQU\/13cQP6ZDmndNX77Vh4tfvSXHISUMO3wWRgJZ5OO3uCUlzoA70aywvlK9wHzLDRpXNBGmyqLOHKhuYIVjBo28jLGSH+k4Q\/m9sLX96Cn4Sy2hg4OVoKY8hV\/wDfOcc9a0g43ssuZX7WTWVwK498ezLekMjk8VjiXXgnBFdZzcotEoa4LInFCCX+jv6P33my\/Qi3ujnaRbTYXaA="}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020500975955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1536,"flow_dst_tot_l4_payload_len":592,"midstream":0,"thread_ts_usec":1625020500975955,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1625020500975955}
+00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1625020500975955}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498147 bytes
-~~ total memory freed........: 5498147 bytes
-~~ total allocations/frees...: 85866/85866
+~~ total memory allocated....: 5498184 bytes
+~~ total memory freed........: 5498184 bytes
+~~ total allocations/frees...: 85867/85867
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 593 chars
+~~ json message min len.......: 591 chars
 ~~ json message max len.......: 1235 chars
-~~ json message avg len.......: 913 chars
+~~ json message avg len.......: 912 chars
diff --git a/test/results/default/doh.pcapng.out b/test/results/default/doh.pcapng.out
index f75bc11c0..af165fdac 100644
--- a/test/results/default/doh.pcapng.out
+++ b/test/results/default/doh.pcapng.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"}
@@ -10,7 +10,7 @@
 01477{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 120/120
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511383 bytes
-~~ total memory freed........: 5511383 bytes
+~~ total memory allocated....: 5511407 bytes
+~~ total memory freed........: 5511407 bytes
 ~~ total allocations/frees...: 85986/85986
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/doq.pcapng.out b/test/results/default/doq.pcapng.out
index a41078653..95bbe15e8 100644
--- a/test/results/default/doq.pcapng.out
+++ b/test/results/default/doq.pcapng.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1606056093199591}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1606056093199591}
 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093199591,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
 01388{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","quic": {"quic_version":"Draft-32","tls": {"version":"TLSv1.3","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","ja3s":"","ja4":"q00d0307do_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
@@ -16,7 +16,7 @@
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1606056094761968,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_usec":1606056094761968,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"}
 00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260178,"flow_src_last_pkt_time":1606056096363710,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":846,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":11,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093202473,"flow_dst_last_pkt_time":1606056096363686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1606056096363710}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1606056096363710}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -25,10 +25,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510859 bytes
-~~ total memory freed........: 5510859 bytes
+~~ total memory allocated....: 5510899 bytes
+~~ total memory freed........: 5510899 bytes
 ~~ total allocations/frees...: 85912/85912
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 2220 chars
-~~ json message avg len.......: 1392 chars
+~~ json message avg len.......: 1391 chars
diff --git a/test/results/default/doq_adguard.pcapng.out b/test/results/default/doq_adguard.pcapng.out
index 21a0eff94..b680e6eea 100644
--- a/test/results/default/doq_adguard.pcapng.out
+++ b/test/results/default/doq_adguard.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1608278425043144}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1608278425043144}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425043144,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
 01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309do_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3"}}}}
@@ -9,7 +9,7 @@
 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122888,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbUAAD8RO01ejA4OwKgMqQMQoG4E7Ejn6\/8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRETGDa1HS+zF6UxQoqcWPtvaZD0M5D8vOuuwT1lT22BsNzW7UeqT3G1yaqqeziGQS9CbrgeN2LYCFWePpTXrCGMIZRaKZ4Dzl\/ylxVo1sZoKf5iJ77RobOd4uOVr4v1fzVtZK7SSnw2TNr9+YJLUw8RzWrFl1R5\/LuSFg\/4LBpdELaercn4cag8\/wfjYg5esjxgyw3\/DI39x6fJiEeLfYiMTQhdl4S1DvT1bf4On1cZ5Pve8aL9ZNSUV6pjz8exU6v+yozsTMJ2gReNqSJxiLOZA7Chr1rP372EcxwZOJfjuB3dtVyhjEVmDDR0MFakaOiW2TopUKwSO6tanORLdiScMWtoVB9EEXWrRqu7AHeUwMqJpJaM2sTYg9vj5V8V49eB01MwBWnW3RvuELSAA\/rr0tFC5kN8x80Q6hkUR9WERSgsSZyq2fWg2XEVb6wgyhQj7yJd8o1FbiW9te0lPExFduactwU4ZdCzzWwIfFwRTxEDa1WjbFyzhWvrV\/L8AnXhR\/fz+ImBVLIzbVNVFQzjIpkvT0AiSLhI\/Q3u+VRc1QDRm\/KyZFemkvcqHRqTa1EzbDy\/8E8zwa4LPWD4qxNxc86\/+Z2tRmJf7XxMZKQFOo0p\/mtsuZYDLoqPpnbMk+WCZqUAKJw5ylbvHbPXC16P9bvC6+EtzBwnKuIepTSqo3Idks2KPcjL1GocIhx65JvpwFw49ItI8ZlGPLwUdd\/nv1HyD8d1Q0CYp\/9+4zHKOO4YHyAjhX5MzgfB2TYJ+1KbY6eG8U+KMm575akz5nzlxw26myucQvSCqFwJ7xEC8AIJrnjWDoPOQR60myqM33dqPGKrP6kE0cAk+afxU3b\/vK+rfZEV\/Py90klu2hWkGl5in5MPx0bsWnQ0F7CXctdd02NLCht2yp7ll4ETNeFn3XM6mhON3pCvy498D54qI4zen22mbk\/WqVm3E8+JTyfl\/CzxZ4qyEDlpfxf7GEaVhJ7rqcius2EygkgEVV4xY2XRuUR766UoZs8qWnepQKnzhy\/9amls+aw28xFV3aYpewQpsypFwiv7Z7bDx+nQsJYuuS1kaashnFzhaXmhKUkxgorWYVnMEjKkzb\/IUGbuhdZstKP7O9fF7e6KKBxNLLfRS0lfTf+XipzVaJcbDwmAd2AluLDPZofxNzCj5cPuXES3Heazc8O8YpvXof3ytzfQk5x+KqUqi\/+Rxe9T3HFewik8RMi8MrjOjdYIZ51+0tdEPKmEFbsQMTFbcW172ZavX5jdgrAuD4MwmJ6wgKGaYwWwNRXhzRCSVvtIsCGrk+txykp4tvV75By2Kor6l0z9qnIl7gBOVIiHasEepsdO4OiB\/RH8LGAnt03cK3PZFqYhm2MSA6+sCm3NKMl7pHROc0Syuyaw8\/S9pn8cSw1kIUOxu0CAy6MKzrQ3zeUd8YrXWJeJn9B45tmf6F\/IZwdW6kr8sz3gshgpqCh64vBnmFxQNepWuT\/rvLhTewMp7+YSfmgGvgJk0VlvONZkv9khFJAToEnRePOuBnhUhkWLAJGxHNu\/tfIpyWrL0N3ERF4a3\/HS+2EuavJ219sPDpGBPIVfa4k5r2z4Wkv1gAWxeE7KYlcVSwrhvZRtvOqoTh68InjRMQA=="}
 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":160973.4,"max":1885270,"stddev":453072.4,"var":205274628096.0,"ent":2.4,"data": [36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270]},"pktlen": {"min":59,"avg":442.8,"max":1280,"stddev":522.9,"var":273444.5,"ent":4.1,"data": [1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69]},"bins": {"c_to_s": [4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1],"entropies": [7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278463119538,"flow_dst_last_pkt_time":1608278462796456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":10308,"flow_dst_tot_l4_payload_len":21705,"midstream":0,"thread_ts_usec":1608278463119538,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1608278463119538}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1608278463119538}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 296/296
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5516627 bytes
-~~ total memory freed........: 5516627 bytes
+~~ total memory allocated....: 5516651 bytes
+~~ total memory freed........: 5516651 bytes
 ~~ total allocations/frees...: 86177/86177
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 2225 chars
-~~ json message avg len.......: 1397 chars
+~~ json message avg len.......: 1396 chars
diff --git a/test/results/default/dos_win98_smb_netbeui.pcap.out b/test/results/default/dos_win98_smb_netbeui.pcap.out
index ef5e6e8d7..8769a2b78 100644
--- a/test/results/default/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/default/dos_win98_smb_netbeui.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005}
 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005}
 00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078}
@@ -107,7 +107,7 @@
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1576409931837438}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1576409931837438}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 220/62
 ~~ skipped flows.............: 0
@@ -116,8 +116,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506203 bytes
-~~ total memory freed........: 5506203 bytes
+~~ total memory allocated....: 5506275 bytes
+~~ total memory freed........: 5506275 bytes
 ~~ total allocations/frees...: 85952/85952
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 311 chars
diff --git a/test/results/default/dotenv.pcap.out b/test/results/default/dotenv.pcap.out
index a6727f7ac..fc181f08b 100644
--- a/test/results/default/dotenv.pcap.out
+++ b/test/results/default/dotenv.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1712149625108862}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1712149625108862}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712149625108862,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625108862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1712149625108862,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAG0iDAqALGWR9MCsh\/AFDEMiwGAAAAALAC\/\/+OxwAAAgQFtAEDAwYBAQgKah4cdgAAAAAEAgAA"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712149625108862,"flow_dst_last_pkt_time":1712149625154117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712149625154117,"pkt":"mAGnpQyTBBjWBrNaCABFAAA8AABAADIG4CRZH0wKwKgCxgBQyH9vZPz5xDIsB6AScSDzUAAAAgQFrAQCCAooNaa9ah4cdgEDAwc="}
@@ -7,9 +7,9 @@
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625154117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1712149625155098,"pkt":"BBjWBrNamAGnpQyTCABFAACGAABAAEAG0drAqALGWR9MCsh\/AFDEMiwHb2T8+oAYCBYgegAAAQEICmoeHKQoNaa9R0VUIC8uZW52IEhUVFAvMS4xDQpIb3N0OiBzZXZlbnBpdGFseS5jb20NClVzZXItQWdlbnQ6IGN1cmwvOC40LjANCkFjY2VwdDogKi8qDQoNCg=="}
 01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625154117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712149625155098,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sevenpitaly.com","http": {"url":"sevenpitaly.com\/.env","code":0,"content_type":"","user_agent":"curl\/8.4.0"}}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712149625197601,"pkt":"mAGnpQyTBBjWBrNaCABFAAA0Wj9AADIGhe1ZH0wKwKgCxgBQyH9vZPz6xDIsWYAQAOORyAAAAQEICig1psdqHhyk"}
-01430{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625197647,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary Data Transfer Attemot","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com","http": {"url":"sevenpitaly.com\/.env","code":406,"content_type":"application\/octet-stream","user_agent":"curl\/8.4.0"}}}
-01311{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625232341,"flow_dst_last_pkt_time":1712149625232158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625232341,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary Data Transfer Attemot","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1712149625232341}
+01438{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625155098,"flow_dst_last_pkt_time":1712149625197647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625197647,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"sevenpitaly.com","http": {"url":"sevenpitaly.com\/.env","code":406,"content_type":"application\/octet-stream","user_agent":"curl\/8.4.0"}}}
+01319{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1712149625108862,"flow_src_last_pkt_time":1712149625232341,"flow_dst_last_pkt_time":1712149625232158,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":231,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":231,"midstream":0,"thread_ts_usec":1712149625232341,"l3_proto":"ip4","src_ip":"192.168.2.198","dst_ip":"89.31.76.10","src_port":51327,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dotenv.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1712149625232341}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498400 bytes
-~~ total memory freed........: 5498400 bytes
+~~ total memory allocated....: 5498437 bytes
+~~ total memory freed........: 5498437 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
-~~ json message max len.......: 1435 chars
-~~ json message avg len.......: 966 chars
+~~ json message max len.......: 1443 chars
+~~ json message avg len.......: 969 chars
diff --git a/test/results/default/drda_db2.pcap.out b/test/results/default/drda_db2.pcap.out
index 2b0fc8412..7507606bc 100644
--- a/test/results/default/drda_db2.pcap.out
+++ b/test/results/default/drda_db2.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1175543772220609}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1175543772220609}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1175543772220609,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772220609,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772221098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772221098,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
@@ -9,7 +9,7 @@
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1175543772338468,"flow_dst_last_pkt_time":1175543772338790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1175543772338790,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"}
 02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543792690997,"flow_dst_last_pkt_time":1175543792523346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2071,"flow_dst_tot_l4_payload_len":2488,"midstream":0,"thread_ts_usec":1175543792690997,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":489,"avg":1315262.1,"max":17986057,"stddev":4366159.0,"var":19063346561024.0,"ent":1.8,"data": [489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439]},"pktlen": {"min":40,"avg":183.0,"max":703,"stddev":190.6,"var":36335.2,"ent":4.3,"data": [48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543810683631,"flow_dst_last_pkt_time":1175543810683601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2081,"flow_dst_tot_l4_payload_len":2542,"midstream":0,"thread_ts_usec":1175543810683631,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1175543810683631}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1175543810683631}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501123 bytes
-~~ total memory freed........: 5501123 bytes
+~~ total memory allocated....: 5501147 bytes
+~~ total memory freed........: 5501147 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/dropbox.pcap.out b/test/results/default/dropbox.pcap.out
index 5f74ed377..4a2fbaa8a 100644
--- a/test/results/default/dropbox.pcap.out
+++ b/test/results/default/dropbox.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455907271481938}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455907271481938}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1455907271481938,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -32,7 +32,7 @@
 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907275896569,"flow_dst_last_pkt_time":1455907275902611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1455907275902611,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1319,"avg":116856.3,"max":131359,"stddev":22365.2,"var":500202464.0,"ent":4.9,"data": [1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537]},"pktlen": {"min":46,"avg":87.2,"max":129,"stddev":38.5,"var":1485.3,"ent":4.9,"data": [125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]},"bins": {"c_to_s": [0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1455907275958608,"flow_dst_last_pkt_time":1455907275835251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907275958608,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7FHgAAIARNEPAqDgBwKg4ZcSPRFwAZyUVQgOAaDrbckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE2IEVFVCAyMDE2In0="}
 02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907277661201,"flow_dst_last_pkt_time":1455907277663998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1561,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1455907277663998,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5091,"avg":127214.4,"max":172321,"stddev":26264.3,"var":689812928.0,"ent":4.9,"data": [5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564]},"pktlen": {"min":45,"avg":87.1,"max":129,"stddev":38.6,"var":1487.1,"ent":4.9,"data": [127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51]},"bins": {"c_to_s": [0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1459182796665502}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1459182796665502}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1459182796665502,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","proto_id":"5.121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"client.dropbox.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -93,7 +93,7 @@
 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673445,"flow_dst_last_pkt_time":1459182817566407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673445,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1535391465534592}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1535391465534592}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_usec":1535391465534592,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -129,7 +129,7 @@
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391525545240,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170134,"flow_src_last_pkt_time":1535391682514087,"flow_dst_last_pkt_time":1535391651170134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":163,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":489,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535228,"flow_src_last_pkt_time":1535391525545589,"flow_dst_last_pkt_time":1535391465535228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":11,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1535391682514087}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":11,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1535391682514087}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 848/848
 ~~ skipped flows.............: 0
@@ -138,8 +138,8 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5552945 bytes
-~~ total memory freed........: 5552945 bytes
+~~ total memory allocated....: 5553193 bytes
+~~ total memory freed........: 5553193 bytes
 ~~ total allocations/frees...: 86861/86861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/dtls.pcap.out b/test/results/default/dtls.pcap.out
index e14a73a02..095ab26e9 100644
--- a/test/results/default/dtls.pcap.out
+++ b/test/results/default/dtls.pcap.out
@@ -1,12 +1,12 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1545143424891780}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1545143424891780}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
 01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","ja4":"t00d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
 01461{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","ja4":"t00d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1545143424891780}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1545143424891780}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498067 bytes
-~~ total memory freed........: 5498067 bytes
+~~ total memory allocated....: 5498091 bytes
+~~ total memory freed........: 5498091 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 1466 chars
-~~ json message avg len.......: 997 chars
+~~ json message avg len.......: 996 chars
diff --git a/test/results/default/dtls2.pcap.out b/test/results/default/dtls2.pcap.out
index 5405b0b3a..3e0fe3df8 100644
--- a/test/results/default/dtls2.pcap.out
+++ b/test/results/default/dtls2.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507911659748597}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507911659748597}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1507911659748597,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
 01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","ja4":"t00d080000_f3b6e48d6e2b_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -14,7 +14,7 @@
 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911920885639,"flow_dst_last_pkt_time":1507911921101187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":1919,"midstream":0,"thread_ts_usec":1507911921101187,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":15,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911981436327,"flow_dst_last_pkt_time":1507911981652443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1996,"midstream":0,"thread_ts_usec":1507911981652443,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01314{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507912041681166,"flow_dst_last_pkt_time":1507912041896833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1658,"flow_dst_tot_l4_payload_len":2073,"midstream":0,"thread_ts_usec":1507912041896833,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1507912041896833}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1507912041896833}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -23,10 +23,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498931 bytes
-~~ total memory freed........: 5498931 bytes
+~~ total memory allocated....: 5498955 bytes
+~~ total memory freed........: 5498955 bytes
 ~~ total allocations/frees...: 85894/85894
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 1646 chars
-~~ json message avg len.......: 1105 chars
+~~ json message avg len.......: 1104 chars
diff --git a/test/results/default/dtls_certificate.pcapng.out b/test/results/default/dtls_certificate.pcapng.out
index f655fcb03..a0213bdf3 100644
--- a/test/results/default/dtls_certificate.pcapng.out
+++ b/test/results/default/dtls_certificate.pcapng.out
@@ -1,10 +1,10 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645461580895085}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645461580895085}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1645461580895085,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="}
 01551{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","notafter":"2019-02-27 00:00:00","ja3":"","ja3s":"953c1507994f72697446de4eff6e300b","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39"}}}
 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1645461580895085}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1645461580895085}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500271 bytes
-~~ total memory freed........: 5500271 bytes
+~~ total memory allocated....: 5500295 bytes
+~~ total memory freed........: 5500295 bytes
 ~~ total allocations/frees...: 85865/85865
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 580 chars
+~~ json message min len.......: 578 chars
 ~~ json message max len.......: 2481 chars
-~~ json message avg len.......: 1469 chars
+~~ json message avg len.......: 1468 chars
diff --git a/test/results/default/dtls_certificate_fragments.pcap.out b/test/results/default/dtls_certificate_fragments.pcap.out
index 3b41836a8..5996a7654 100644
--- a/test/results/default/dtls_certificate_fragments.pcap.out
+++ b/test/results/default/dtls_certificate_fragments.pcap.out
@@ -1,5 +1,5 @@
-00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1556606275726225}
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1556606275726225}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_usec":1556606275726225,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
 01371{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","ja4":"t00d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -9,7 +9,7 @@
 01525{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"t00d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="}
 01909{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","ja4":"t00d800500_9cedc1f1428b_a1e935682795","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0"}}}
-00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591661831005800}
+00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591661831005800}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831005800,"pkt":"KICiDkMyVIygpBIpCABFAAC3TLlAAEARa4zAqAEaaJlXlapKw1EAo42PFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="}
 01366{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"","ja4":"t00d120700_7c0e62f61317_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -22,7 +22,7 @@
 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":621,"pkt_l4_len":587,"thread_ts_usec":1591661831094429,"pkt":"KICiDkMyVIygpBIpCABFAAJfTMFAAEARadzAqAEaaJlXlapKw1ECSz2PFv79AAAAAAAAAAIBLAsAASAAAQAAAAABIAABHQABGjCCARYwgb2gAwIBAgIJANEC+9dk9FU0MAoGCCqGSM49BAMCMBExDzANBgNVBAMMBldlYlJUQzAeFw0yMDA2MDgwMDE3MTBaFw0yMDA3MDkwMDE3MTBaMBExDzANBgNVBAMMBldlYlJUQzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMN4B8BcSIB8vft5RRQLAR85m\/tKuX7g5T1IYw7Hm7qhkyBdZX4OnwIFwDEfSDt3hvNzM2wWRdpiSZ6iGF90YtUwCgYIKoZIzj0EAwIDSAAwRQIgYiBJQW7KDUuAi3M9L3zwhEDpAL9q4DirUrayN1dURyMCIQD5bYw+Zs558BwlQadzNvlnhksxNHUTMmtsQ591HUXbABb+\/QAAAAAAAAADAE4QAABCAAIAAAAAAEJBBMZcbp+gpTP\/98W2Gp\/agbTEoqgz1y6bqmJbklIBPupi+fq8SYEjO9Y9JmSaRonmMNJqXH7zBblXPkmNr6nWxPMW\/v0AAAAAAAAABABXDwAASwADAAAAAABLBAMARzBFAiEAi1u+G3KaGQXoX1KGtvuQeozvmzHFR9Ra5exkC1MSZpoCIFTAFKcDyN3bpdNt1LWIF31bDpEkYEvrDTEBZbETusOEFP79AAAAAAAAAAUAAQEW\/v0AAQAAAAAAAAAwAAEAAAAAAACBA9i\/5ZXnRtf9Ph0HrY+iWRLDuMWOD5PqKOYsPS6F0szsv0blWRNP"}
 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831138018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":889,"flow_dst_tot_l4_payload_len":3074,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1591661831138018}
+00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1591661831138018}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 26/26
 ~~ skipped flows.............: 0
@@ -31,10 +31,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507566 bytes
-~~ total memory freed........: 5507566 bytes
+~~ total memory allocated....: 5507606 bytes
+~~ total memory freed........: 5507606 bytes
 ~~ total allocations/frees...: 85912/85912
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 588 chars
+~~ json message min len.......: 586 chars
 ~~ json message max len.......: 2433 chars
-~~ json message avg len.......: 1509 chars
+~~ json message avg len.......: 1508 chars
diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out
index 4323be7f9..195ffbfa2 100644
--- a/test/results/default/dtls_mid_sessions.pcapng.out
+++ b/test/results/default/dtls_mid_sessions.pcapng.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251732783352}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251732783352}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1644251732783352,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -28,7 +28,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1644251736135259}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1644251736135259}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 91/91
 ~~ skipped flows.............: 0
@@ -37,10 +37,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507128 bytes
-~~ total memory freed........: 5507128 bytes
+~~ total memory allocated....: 5507200 bytes
+~~ total memory freed........: 5507200 bytes
 ~~ total allocations/frees...: 85984/85984
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 581 chars
+~~ json message min len.......: 579 chars
 ~~ json message max len.......: 2504 chars
-~~ json message avg len.......: 1541 chars
+~~ json message avg len.......: 1540 chars
diff --git a/test/results/default/dtls_old_version.pcapng.out b/test/results/default/dtls_old_version.pcapng.out
index c1528c908..65fd4fec0 100644
--- a/test/results/default/dtls_old_version.pcapng.out
+++ b/test/results/default/dtls_old_version.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388130600596}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388130600596}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388130600596,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"}
 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -11,7 +11,7 @@
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388133613774,"flow_dst_last_pkt_time":1592388133698009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1592388133698009,"pkt":"AAAAAAAAAAYArvxgCABFAABM9VcAAPIRXFhGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"}
 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1592388137817410}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1592388137817410}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498251 bytes
-~~ total memory freed........: 5498251 bytes
+~~ total memory allocated....: 5498275 bytes
+~~ total memory freed........: 5498275 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 580 chars
+~~ json message min len.......: 578 chars
 ~~ json message max len.......: 1206 chars
-~~ json message avg len.......: 888 chars
+~~ json message avg len.......: 887 chars
diff --git a/test/results/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/default/dtls_session_id_and_coockie_both.pcap.out
index 1b62496f1..e4fa1801c 100644
--- a/test/results/default/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/default/dtls_session_id_and_coockie_both.pcap.out
@@ -1,5 +1,5 @@
-00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388499775130}
+00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388499775130}
 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388499775130,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
 01371{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","ja4":"t00d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -8,7 +8,7 @@
 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1592388499833900,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="}
 01433{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","ja4":"t00d010000_653ffb6f323e_e3b0c44298fc","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}}
 01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388499833900}
+00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388499833900}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498097 bytes
-~~ total memory freed........: 5498097 bytes
+~~ total memory allocated....: 5498121 bytes
+~~ total memory freed........: 5498121 bytes
 ~~ total allocations/frees...: 85865/85865
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 594 chars
+~~ json message min len.......: 592 chars
 ~~ json message max len.......: 1438 chars
-~~ json message avg len.......: 1009 chars
+~~ json message avg len.......: 1008 chars
diff --git a/test/results/default/edonkey.pcap.out b/test/results/default/edonkey.pcap.out
index 35e9c583b..5841c4adf 100644
--- a/test/results/default/edonkey.pcap.out
+++ b/test/results/default/edonkey.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256627019012259}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256627019012259}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019012259,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019012259,"pkt":"AAAAAAAAAAAAAAAACABFAAAwFXFAAHQGF7PJD7Hjh8DW8AbaHX\/iBcO2AAAAAHAC\/\/\/feQAAAgQFoAEBBAI="}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019016300,"pkt":"AAAAAAAAAAAAAAAACABFAAAwOUtAAH0G6tiHwNbwyQ+x4x1\/BtrTGFiF4gXDt3AS\/\/+ztgAAAgQFtAEBBAI="}
@@ -8,7 +8,7 @@
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1256627019112512,"pkt":"AAAAAAAAAAAAAAAACABFAACsOWpAAH0G6j2HwNbwyQ+x4x1\/BtrTGFiG4gXEM1AY\/4OcSAAA438AAABMOjVEqDEOKB1R7VGC9M9v1Ixx9M9\/HQgAAAACAQABFQBbQ0hOXVtWZXJ5Q0RdeW91cm5hbWUDAQARPAAAAAMBAPmJHYkdAwEA+htCEzQDAQD+tAEAAAMBAPsAwAAAAgEAVQ0AVmVyeUNEIDA5MDMwNAMBAO4M6YkU1D\/OI5IQ"}
 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1256627019112512,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}}
 01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":11,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627076408213,"flow_dst_last_pkt_time":1256627076408912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":792,"midstream":0,"thread_ts_usec":1256627076408912,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1256627076408912}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1256627076408912}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500514 bytes
-~~ total memory freed........: 5500514 bytes
+~~ total memory allocated....: 5500538 bytes
+~~ total memory freed........: 5500538 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/elasticsearch.pcap.out b/test/results/default/elasticsearch.pcap.out
index fdd1e914e..b3a467c29 100644
--- a/test/results/default/elasticsearch.pcap.out
+++ b/test/results/default/elasticsearch.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666258196034202}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666258196034202}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196034202,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196034202,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA816FAAD4G6yisEBFmrBAQa51aJFSXRuFEAAAAAKAC9QBC8wAAAgQjAAQCCAqEzLnHAAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196036761,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA8AABAAEAGwMqsEBBrrBARZiRUnVr59pHXl0bhRaAS9KzUfwAAAgQjAAQCCApHXJuLhMy5xwEDAwc="}
@@ -27,7 +27,7 @@
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1666258220448291,"pkt":"+hY+\/yO1ABY+v3lWCABFAAC9EplAAEAGrbCsEBBrrBARZiRUnWpT5e7d+a0KsYAYAeTSJwAAAQEICkdc+ueEzRkjRVMAAACDAAAAAAAAAHsBAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":37,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1666258921758874}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":37,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1666258921758874}
 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196256706,"flow_dst_last_pkt_time":1666258196229737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":414,"midstream":0,"thread_ts_usec":1666258923619099,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1666259164268444,"pkt":"ABY+soAn+hY+\/yO1CABFAAHarfFAAD4GEzysEBFmrBAQarucJFRoIUIXoUah\/oAYAebLKwAAAQEIClAEIdUYdep8RVMAAAGgAAAAAAAADI8AAGu7SwAAADAAAAEGeC1wYWNrJWluZGljZXM6ZGF0YS9yZWFkL3NlYXJjaFtwaGFzZS9xdWVyeV0WNUtpa2xFY3ZRRC01UnVUVjVIbXNlUQAAAAAAAE7GCS5raWJhbmFfMRY5YW1TRnUtMlJWbUQ3aDFUaDMwOTJBAAEBAAEAAgAAAAAAAAAAAQRib29sP4AAAAABE3NpbXBsZV9xdWVyeV9zdHJpbmc\/gAAAAAEwAAAAASp1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbi5zdGF0dXM\/gAAA\/\/\/\/\/wAAAAAAAAABADIBAAABBGJvb2w\/gAAAAAAAAQRib29sP4AAAAABBHRlcm0\/gAAAAAR0eXBlFSN1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbgEGZXhpc3RzP4AAAAAJbmFtZXNwYWNlAAABAAABAQExAQAAABQAAAAAAAACAQAAAAAAAX\/\/\/\/8AAAA\/gAAAv7ikpr8wAgABAAABBy5raWJhbmEDAgQFAQA="}
@@ -41,7 +41,7 @@
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212491705,"flow_dst_last_pkt_time":1666258212486464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2955,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1666259173881713}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1666259173881713}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 47/47
 ~~ skipped flows.............: 0
@@ -50,8 +50,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5526704 bytes
-~~ total memory freed........: 5526704 bytes
+~~ total memory allocated....: 5526824 bytes
+~~ total memory freed........: 5526824 bytes
 ~~ total allocations/frees...: 85980/85980
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/elf.pcap.out b/test/results/default/elf.pcap.out
new file mode 100644
index 000000000..be3a52909
--- /dev/null
+++ b/test/results/default/elf.pcap.out
@@ -0,0 +1,31 @@
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1712420115772907}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16384,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420115772907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+11800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712420115772907,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":16426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":16426,"pkt_l4_len":16392,"thread_ts_usec":1712420115772907,"pkt":"AAAAAAAAAAAAAAAACABFAEActA1AAEARSMF\/AAABfwAAAer2gjVACD4cf0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAoB8AAAAAAABAAAAAAAAAALhxAAAAAAAAAAAAAEAAOAANAEAAHgAdAAYAAAAEAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDAAAAAAAAGAMAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAoTIAAAAAAAChMgAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAABQEgAAAAAAAFASAAAAAAAAABAAAAAAAAABAAAABgAAAIBsAAAAAAAAgHwAAAAAAACAfAAAAAAAAJQDAAAAAAAAqAMAAAAAAAAAEAAAAAAAAAIAAAAGAAAAkGwAAAAAAACQfAAAAAAAAJB8AAAAAAAA8AEAAAAAAADwAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDAAAAAAAAOAMAAAAAAAAwAAAAAAAAADAAAAAAAAAACAAAAAAAAAAEAAAABAAAAGgDAAAAAAAAaAMAAAAAAABoAwAAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4AwAAAAAAADgDAAAAAAAAMAAAAAAAAAAwAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAABkXgAAAAAAAGReAAAAAAAAZF4AAAAAAACUAAAAAAAAAJQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAAgGwAAAAAAACAfAAAAAAAAIB8AAAAAAAAgAMAAAAAAACAAwAAAAAAAAEAAAAAAAAAL2xpYjY0L2xkLWxpbnV4LXg4Ni02NC5zby4yAAAAAAAEAAAAIAAAAAUAAABHTlUAAgAAwAQAAAADAAAAAAAAAAKAAMAEAAAAAQAAAAAAAAAEAAAAFAAAAAMAAABHTlUA0uju2W4DwzSiBB87d5L+o7nU\/UgEAAAAEAAAAAEAAABHTlUAAAAAAAMAAAACAAAAAAAAAAAAAAACAAAALwAAAAEAAAAGAAAAAACBAAAAAAAvAAAAAAAAANFlzm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQEAABIAAAAAAAAAAAAAAAAAAAAAAAAApQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAPwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAagAAABIAAAAAAAAAAAAAAAAAAAAAAAAASAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHwIAACAAAAAAAAAAAAAAAAAAAAAAAAAACAEAABEAAAAAAAAAAAAAAAAAAAAAAAAADwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAjwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAfAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAewAAABIAAAAAAAAAAAAAAAAAAAAAAAAAeAEAABIAAAAAAAAAAAAAAAAAAAAAAAAALwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAwwAAABIAAAAAAAAAAAAAAAAAAAAAAAAApAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA7wAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAQAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAggAAABIAAAAAAAAAAAAAAAAAAAAAAAAA6AAAABIAAAAAAAAAAAAAAAAAAAAAAAAAuwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAqwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAKgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOwIAACAAAAAAAAAAAAAAAAAAAAAAAAAAUAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAUQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAYwAAABIAAAAAAAAAAAAAAAAAAAAAAAAARQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAWAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAmgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA0QEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAaAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAiAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAIgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAEAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAygEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHAEAABIAAAAAAAAAAAAAAAAAAAAAAAAASgIAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhwEAABEAAAAAAAAAAAAAAAAAAAAAAAAA9wAAABIAAAAAAAAAAAAAAAAAAAAAAAAA2gAAABIAAAAAAAAAAAAAAAAAAAAAAAAAFQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAAQAAACIAAAAAAAAAAAAAAAAAAAAAAAAAAF9fY3hhX2ZpbmFsaXplAF9fbGliY19zdGFydF9tYWluAF9fY3hhX2F0ZXhpdABkY2dldHRleHQAZXJyb3IAYWJvcnQAbmxfbGFuZ2luZm8AZmlsZW5vAF9fZnJlYWRpbmcAZmZsdXNoAF9fZXJybm9fbG9jYXRpb24AZmNsb3NlAGxzZWVrAGZzZWVrbwBfX2ZwZW5kaW5nAHNldGxvY2FsZQBzdHJsZW4Ac3RyY21wAF9fc3RhY2tfY2hrX2ZhaWwAX19jdHlwZV9nZXRfbWJfY3VyX21heABfX2N0eXBlX2JfbG9jAG1lbWNtcABtYnJ0b3djAGlzd3ByaW50AG1ic2luaXQAc3Rkb3V0AF9leGl0AHN0ZGVycgBfX2ZwcmludGZfY2hrAGZwdXRjX3VubG9ja2VkAGdldGVudgBzdHJyY2hyAHN0cm5jbXAAcHJvZ3JhbV9pbnZvY2F0aW9uX25hbWUAX19wcm9nbmFtZV9mdWxsAGJpbmR0ZXh0ZG9tYWluAHByb2dyYW1faW52b2NhdGlvbl9zaG9ydF9uYW1lAF9fcHJvZ25hbWUAX19vdmVyZmxvdwBmcHV0c191bmxvY2tlZABmd3JpdGUAX19wcmludGZfY2hrAGxpYmMuc28uNgBHTElCQ18yLjMAR0xJQkNfMi4zLjQAR0xJQkNfMi40AEdMSUJDXzIuMzQAR0xJQkNfMi4yLjUAX0lUTV9kZXJlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fZ21vbl9zdGFydF9fAF9JVE1fcmVnaXN0ZXJUTUNsb25lVGFibGUAAAACAAIAAwACAAIAAgABAAIAAgACAAIAAgACAAIAAgACAAQAAgACAAIAAgACAAIAAgACAAEAAgACAAIAAgACAAIABQACAAIAAgACAAIAAgAFAAEAAgACAAIABgACAAIAAAAAAAEABQDeAQAAEAAAAAAAAAATaWkNAAAGAOgBAAAQAAAAdBlpCQAABQDyAQAAEAAAABRpaQ0AAAQA\/gEAABAAAAC0kZYGAAADAAgCAAAQAAAAdRppCQAAAgATAgAAAAAAAIB8AAAAAAAACAAAAAAAAACAIAAAAAAAAIh8AAAAAAAACAAAAAAAAABAIAAAAAAAAAiAAAAAAAAACAAAAAAAAAAIgAAAAAAAALh\/AAAAAAAABgAAAAMAAAAAAAAAAAAAAMB\/AAAAAAAABgAAAAcAAAAAAAAAAAAAAMh\/AAAAAAAABgAAAAgAAAAAAAAAAAAAANB\/AAAAAAAABgAAABoAAAAAAAAAAAAAANh\/AAAAAAAABgAAABsAAAAAAAAAAAAAAOB\/AAAAAAAABgAAACkAAAAAAAAAAAAAAOh\/AAAAAAAABgAAACsAAAAAAAAAAAAAAPB\/AAAAAAAABgAAAC8AAAAAAAAAAAAAAPh\/AAAAAAAABgAAAC4AAAAAAAAAAAAAAJh+AAAAAAAABwAAAAEAAAAAAAAAAAAAAKB+AAAAAAAABwAAAAQAAAAAAAAAAAAAAKh+AAAAAAAABwAAAAUAAAAAAAAAAAAAALB+AAAAAAAABwAAAAYAAAAAAAAAAAAAALh+AAAAAAAABwAAAAkAAAAAAAAAAAAAAMB+AAAAAAAABwAAAAoAAAAAAAAAAAAAAMh+AAAAAAAABwAAAAsAAAAAAAAAAAAAANB+AAAAAAAABwAAAAwAAAAAAAAAAAAAANh+AAAAAAAABwAAAA0AAAAAAAAAAAAAAOB+AAAAAAAABwAAAA4AAAAAAAAAAAAAAOh+AAAAAAAABwAAAA8AAAAAAAAAAAAAAPB+AAAAAAAABwAAABAAAAAAAAAAAAAAAPh+AAAAAAAABwAAABEAAAAAAAAAAAAAAAB\/AAAAAAAABwAAABIAAAAAAAAAAAAAAAh\/AAAAAAAABwAAABMAAAAAAAAAAAAAABB\/AAAAAAAABwAAABQAAAAAAAAAAAAAABh\/AAAAAAAABwAAABUAAAAAAAAAAAAAACB\/AAAAAAAABwAAABYAAAAAAAAAAAAAACh\/AAAAAAAABwAAABcAAAAAAAAAAAAAADB\/AAAAAAAABwAAABgAAAAAAAAAAAAAADh\/AAAAAAAABwAAABkAAAAAAAAAAAAAAEB\/AAAAAAAABwAAABwAAAAAAAAAAAAAAEh\/AAAAAAAABwAAAB0AAAAAAAAAAAAAAFB\/AAAAAAAABwAAAB4AAAAAAAAAAAAAAFh\/AAAAAAAABwAAAB8AAAAAAAAAAAAAAGB\/AAAAAAAABwAAACAAAAAAAAAAAAAAAGh\/AAAAAAAABwAAACEAAAAAAAAAAAAAAHB\/AAAAAAAABwAAACIAAAAAAAAAAAAAAHh\/AAAAAAAABwAAACQAAAAAAAAAAAAAAIB\/AAAAAAAABwAAACUAAAAAAAAAAAAAAIh\/AAAAAAAABwAAACYAAAAAAAAAAAAAAJB\/AAAAAAAABwAAACcAAAAAAAAAAAAAAJh\/AAAAAAAABwAAACgAAAAAAAAAAAAAAKB\/AAAAAAAABwAAACoAAAAAAAAAAAAAAKh\/AAAAAAAABwAAACwAAAAAAAAAAAAAALB\/AAAAAAAABwAAAC0AAAAAAAAAAAAAAPMPHvpIg+wISIsFwW8AAEiFwHQC\/9BIg8QIwwAAAAAA\/zVibgAA\/yVkbgAADx9AAPMPHvpoAAAAAOni\/\/\/\/ZpDzDx76aAEAAADp0v\/\/\/2aQ8w8e+mgCAAAA6cL\/\/\/9mkPMPHvpoAwAAAOmy\/\/\/\/ZpDzDx76aAQAAADpov\/\/\/2aQ8w8e+mgFAAAA6ZL\/\/\/9mkPMPHvpoBgAAAOmC\/\/\/\/ZpDzDx76aAcAAADpcv\/\/\/2aQ8w8e+mgIAAAA6WL\/\/\/9mkPMPHvpoCQAAAOlS\/\/\/\/ZpDzDx76aAoAAADpQv\/\/\/2aQ8w8e+mgLAAAA6TL\/\/\/9mkPMPHvpoDAAAAOki\/\/\/\/ZpDzDx76aA0AAADpEv\/\/\/2aQ8w8e+mgOAAAA6QL\/\/\/9mkPMPHvpoDwAAAOny\/v\/\/ZpDzDx76aBAAAADp4v7\/\/2aQ8w8e+mgRAAAA6dL+\/\/9mkPMPHvpoEgAAAOnC\/v\/\/ZpDzDx76aBMAAADpsv7\/\/2aQ8w8e+mgUAAAA6aL+\/\/9mkPMPHvpoFQAAAOmS\/v\/\/ZpDzDx76aBYAAADpgv7\/\/2aQ8w8e+mgXAAAA6XL+\/\/9mkPMPHvpoGAAAAOli\/v\/\/ZpDzDx76aBkAAADpUv7\/\/2aQ8w8e+mgaAAAA6UL+\/\/9mkPMPHvpoGwAAAOky\/v\/\/ZpDzDx76aBwAAADpIv7\/\/2aQ8w8e+mgdAAAA6RL+\/\/9mkPMPHvpoHgAAAOkC\/v\/\/ZpDzDx76aB8AAADp8v3\/\/2aQ8w8e+mggAAAA6eL9\/\/9mkPMPHvpoIQAAAOnS\/f\/\/ZpDzDx76aCIAAADpwv3\/\/2aQ8w8e+mgjAAAA6bL9\/\/9mkPMPHvr\/JXZtAABmDx9EAADzDx76\/yUObAAAZg8fRAAA8w8e+v8lBmwAAGYPH0QAAPMPHvr\/Jf5rAABmDx9EAADzDx76\/yX2awAAZg8fRAAA8w8e+v8l7msAAGYPH0QAAPMPHvr\/JeZrAABmDx9EAADzDx76\/yXeawAAZg8fRAAA8w8e+v8l1msAAGYPH0QAAPMPHvr\/Jc5rAABmDx9EAADzDx76\/yXGawAAZg8fRAAA8w8e+v8lvmsAAGYPH0QAAPMPHvr\/JbZrAABmDx9EAADzDx76\/yWuawAAZg8fRAAA8w8e+v8lpmsAAGYPH0QAAPMPHvr\/JZ5rAABmDx9EAADzDx76\/yWWawAAZg8fRAAA8w8e+v8ljmsAAGYPH0QAAPMPHvr\/JYZrAABmDx9EAADzDx76\/yV+awAAZg8fRAAA8w8e+v8ldmsAAGYPH0QAAPMPHvr\/JW5rAABmDx9EAADzDx76\/yVmawAAZg8fRAAA8w8e+v8lXmsAAGYPH0QAAPMPHvr\/JVZrAABmDx9EAADzDx76\/yVOawAAZg8fRAAA8w8e+v8lRmsAAGYPH0QAAPMPHvr\/JT5rAABmDx9EAADzDx76\/yU2awAAZg8fRAAA8w8e+v8lLmsAAGYPH0QAAPMPHvr\/JSZrAABmDx9EAADzDx76\/yUeawAAZg8fRAAA8w8e+v8lFmsAAGYPH0QAAPMPHvr\/JQ5rAABmDx9EAADzDx76\/yUGawAAZg8fRAAA8w8e+v8l\/moAAGYPH0QAAPMPHvr\/JfZqAABmDx9EAADoy\/3\/\/2YuDx+EAAAAAACQ8w8e+kFXQVZBVUG9AQAAAEFUVYn9SI09LEEAAFNIifNIgeyYAAAAZEiLBCUoAAAASImEJIgAAAAxwOhx\/f\/\/SYnGSIXAdCFFMe2D\/QF+GUiLewhIjTX+QAAARTHt6H7+\/\/+FwEEPlMVEiehMiyOD4AGIRCQLTYXkD4SABgAAvi8AAABMiefoFf7\/\/0mJx0iFwHQxSI1IAUiJyEiJDCRMKeBIg\/gGfh1JjX\/6ugcAAABIjTWkQAAA6CT9\/\/+FwA+EVgIAAEiLBT1qAABIjTV1QAAAvwYAAABMjT0IQAAATIkla2oAAEyJIOhT\/v\/\/SI01c0AAAEyJ\/+g0\/f\/\/TIn\/6Az9\/\/9IjT1lJgAA6KAsAACD\/QIPhesAAACAfCQLAA+E4AAAAEiLawhIjTVKQAAASInv6Kn9\/\/+FwA+E5AUAAEiNNc9AAABIie\/okv3\/\/4XAD4QCBQAATI17CL0BAAAARYXtD4W3AAAAQbwBAAAATYX2D4T7AwAAhe0PjkgBAACJ7U2NLO9IjS2wPQAATYs36y8PH4AAAAAASIsdWWkAAA+2ykmJxkiLO0iLRyhIO0cwD4NKAwAASI1IAUiJTyiIEEEPthZJjUYBhNIPhFADAACA+lx1w0UPtkYBRYTAD4T1AgAAQY1A0E2NTgJEicE8SA+HWAEAAA+2wEhjRIUASAHoPv\/gg+0BTI17CEWF7Q+EVP\/\/\/0GJ7YXtD46tAAAATYX2RIntQbwBAAAASbgBAAAAAQIAAEEPlcJFMclJiz+APy0PhU4EAAAPtk8BhMkPhEIEAABIjVcCichmDx9EAACD6EU8KQ+H9QIAAEkPo8BAD5LGQIT2D4TkAgAAD7YCSIPCAYTAddlIjUcBMdLrD5CA+UVED0TKD7YIhMl0HEiDwAGA+WUPhK0CAACA+W514A+2CEUx5ITJdeRJg8cIg+0BD4V1\/\/\/\/RYTkdCNIiwUlaAAASIs4SItHKEg7RzAPg\/MDAABIjVABSIlXKMYACkiLhCSIAAAAZEgrBCUoAAAAD4XzAwAASIHEmAAAADHAW11BXEFdQV5BX8NIizwkugMAAABIjTU5PgAA6LH6\/\/9MiyQkhcAPhYn9\/\/9IiwXWZwAATY1nBEyJIOl2\/f\/\/SIsdo2cAAEEPtshIiztIi0coSDtHMA+DQwMAAEiNUAFIiVcoxgBcRInCTYnO6SX+\/\/9BD7ZOAo1B0DwHD4dmAgAATY1OA0EPtgGNUdCNSNCA+QcPhiUCAABIix1KZwAAD7bKTYnO6ez9\/\/9MiQwkQQ+2XgJEiEQkC+gU\/P\/\/RA+2RCQLTIsMJEiLCA+2w\/ZEQQEQD4Rn\/\/\/\/D7b76NEHAABBD7Z+A4nC9kR5ARAPhAgCAACJwUAPtv9Jg8YE6LAHAADB4QRIix3eZgAAjRQBD7bK6YD9\/\/9Iix3MZgAATYnOuQsAAAC6CwAAAOln\/f\/\/SIsds2YAAE2JzrkJAAAAugkAAADpTv3\/\/0iLHZpmAABNic65DQAAALoNAAAA6TX9\/\/9Iix2BZgAATYnOuQoAAAC6CgAAAOkc\/f\/\/SIsdaGYAAE2JzrkMAAAAugwAAADpA\/3\/\/0iLHU9mAABNic65GwAAALobAAAA6er8\/\/9Iix02ZgAATYnOuQgAAAC6CAAAAOnR\/P\/\/Dx9AAEiLHRlmAABJica5XAAAAEiLO0iLRyhIO0cwD4K+\/P\/\/Dx+EAAAAAACJzuiJ+f\/\/QQ+2FkmNRgGE0g+Fufz\/\/2YPH4QAAAAAAEmDxwhNOe8PhJr9\/\/9Iix3EZQAASIs7SItHKEg7RzAPgwQBAABIjVABSIlXKMYAIOk3\/P\/\/Dx8AQYnx6Tf9\/\/9FhNIPhRb8\/\/9FhMkPhQ38\/\/+F7Q+OTf3\/\/4ntSIsddWUAAEmNLO\/rEg8fgAAAAABIjVABSIlXKMYAIEmLP0iLM0mDxwjoJvn\/\/0k57w+EFP3\/\/0iLO0iLRyhIO0cwctC+IAAAAOjG+P\/\/68+NVNDQQQ+2QQGD6DA8Bw+HBgEAAI0U0EiLHQ5lAABNjXECD7bK6a\/7\/\/9Iix37ZAAATYnOMckx0umc+\/\/\/SIsd6GQAAEmDxgMPtsjpifv\/\/0iLHdVkAABNic65BwAAALoHAAAA6XD7\/\/9Iix28ZAAATYnOuVwAAADpXPv\/\/74gAAAA6D34\/\/\/pNPv\/\/1BIiwWYZAAASI0NzTsAAEiNFXQ6AABqAEyNDag7AABMjQWsOwAASIs4SI01aDoAADHA6GEhAABaWelZ\/P\/\/RYTSD4XY+v\/\/RYTJD4TS\/v\/\/6cr6\/\/++XAAAAIlMJAxMiQwkRIhEJAvozPf\/\/0QPtkQkC0yLDCSLTCQM6Z78\/\/++CgAAAOiv9\/\/\/6Qn8\/\/9Iix0LZAAATY1xAQ+2yums+v\/\/6HL3\/\/9IiwUjZAAAujcAAAC+AQAAAEiNPUI9AABIiwjogvj\/\/+id9v\/\/ugUAAABIjTVhPQAAMf\/oCvf\/\/0yJ4UyJ4r8BAAAASInGMcDoBfj\/\/0iLHaZjAAC6BQAAADH\/SI01cD0AAEiLK+jY9v\/\/SInHSInu6F33\/\/9Iiyu6BQAAADH\/SI01rD0AAOi39v\/\/SInuSInH6Dz3\/\/9Iiyu6BQAAADH\/SI01Ez4AAOiW9v\/\/SInuSInH6Bv3\/\/9Iiyu6BQAAADH\/SI01Ij4AAOh19v\/\/SInuSInH6Pr2\/\/9Iiyu6BQAAADH\/SI01QT4AAOhU9v\/\/SInuSInH6Nn2\/\/9Iiyu6BQAAADH\/SI01YD4AAOgz9v\/\/SInuSInH6Lj2\/\/9Iiyu6BQAAADH\/SI01Jz8AAOgS9v\/\/SInuSI0tuDgAAEiJx+iQ9v\/\/ugUAAABIjTV0PwAAMf\/o7fX\/\/0iJ6r8BAAAASInGMcDo6\/b\/\/0yLI7oFAAAAMf9IjTUKQAAA6MX1\/\/9MieZMjWQkEEiJx+hF9v\/\/SI0F\/zgAAEiNNfY4AABmSA9u0GZID27GSI0F9zgAAGYPbMJmSA9u2EiNBf04AAAPKUQkEGZJD27HZg9sww8pRCQgZkgPbsBIjQWnOAAAZkgPbshIjQXcOAAAZg9swQ8pRCQwZkgPbsBIjQXROAAAZg9swQ8pRCRAZkgPbsBIjQXGOAAAZg9swQ8pRCRQZkgPbsBmD2zBDylEJGBmD+\/ADylEJHDrEEiJ7+in9f\/\/hcB0DUmDxBBJizQkSIX2dedNi2wkCLoFAAAASI01hDgAADH\/TYXtD4S5AAAA6NX0\/\/9MjSV+PwAAvwEAAABIjRVkNwAASInGTInhMcDoxfX\/\/zH2vwUAAADoqfX\/\/0iFwHQcugMAAABIjTVOOAAASInH6DD0\/\/+FwA+F4wAAALoFAAAASI01NjgAADH\/6HX0\/\/9IielMieK\/AQAAAEiJxjHASI0dZTcAAOhp9f\/\/STntD4SYAAAAugUAAABIjTVkPwAAMf\/oPfT\/\/78BAAAASInZTInqSInGMcDoOPX\/\/zH\/6HH1\/\/\/oHPT\/\/0yNJcU+AABIjRWwNgAAvwEAAABIicZMieFMjS2sNgAAMcDoBfX\/\/zH2vwUAAADo6fT\/\/0iFwA+FPP\/\/\/7oFAAAASI01jjcAADH\/6M3z\/\/9IielMieK\/AQAAAEiJxjHA6Mj0\/\/9MjS1hNgAASI0dFTcAAOlV\/\/\/\/SIsbMf+6BQAAAEiNNWw+AADoj\/P\/\/0iJx0iJ3ugU9P\/\/6ff+\/\/9mLg8fhAAAAAAADx9EAADzDx76Me1JidFeSIniSIPk8FBURTHAMclIjT0R9f\/\/\/xXzXwAA9GYuDx+EAAAAAABIjT1BYAA="}
+12188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":14690,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":14690,"pkt_l4_len":14656,"thread_ts_usec":1712420115772931,"pkt":"AAAAAAAAAAAAAAAACABFADlUtA5AAEART4h\/AAABfwAAAer2gjU5QDdUTCRASI01thgAAEyLbCR4TItkJHBIi1wkaEyJTCQQTIt8JGBMi3QkWEyJRCQISIkMJOja0v\/\/SInCUOla\/\/\/\/TItEJEhIi0wkQLoFAAAAMf9Mi2QkcEiLXCRoSI01LxgAAEyLfCRgTIt0JFhMiUQkCEyLbCRQSIkMJOiS0v\/\/QVRTSInCTYnpQVdBVkyLRCQoSItMJCC+AQAAAEiJ7zHA6NzT\/\/9Ig8Qg6Rf\/\/\/9Ii0wkQEyLbCRQugUAAAAx\/0yLZCRISItcJGhIjTWZFwAATIt8JGBMi3QkWEiJDCToLtL\/\/02J6U2J4FFIicJTQVdBVuudTIt8JGC6BQAAAEiNNTwXAAAx\/0yLdCRYTItsJFBMi2QkSEiLXCRA6PHR\/\/9BV0iJwkFWvgEAAABIie9NielNieBIidkxwOhC0\/\/\/Xl\/pf\/7\/\/7oFAAAASI01zxYAADH\/TIt0JFhMi2wkUEyLZCRISItcJEDopNH\/\/0iJwkFQ67FMi2wkUEyLZCRIMf+6BQAAAEiLXCRASI01bBQAAOh70f\/\/TYnpTYngvgEAAABIicJIidlIie8xwOjQ0v\/\/6Q\/+\/\/9Mi2QkSEiLXCRAMf+6BQAAAEiNNRgUAADoPtH\/\/02J4EiJ2b4BAAAASInCSInvMcDoltL\/\/+nV\/f\/\/SItcJEAx\/7oFAAAASI010xMAAOgJ0f\/\/vgEAAABIie9IicJIidkxwOhk0v\/\/6aP9\/\/9Mi0wkUEyLRCRIugUAAABIjTW5FgAATIuUJIAAAABIi0wkQEyLbCR4TItkJHBMiUwkEEiLXCRoTIt8JGBMiVQkGEyJRCQITIt0JFhIiQwk6RP9\/\/\/oxtD\/\/2YPH0QAAPMPHvpIixV9PQAAMfbpvtH\/\/wAA8w8e+kiD7AhIg8QIwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ND\/\/+DQ\/\/+g0P\/\/sND\/\/8DQ\/\/\/Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/+Q0P\/\/kND\/\/5DQ\/\/\/w0P\/\/4ND\/\/6DQ\/\/+w0P\/\/wND\/\/9DQ\/\/853f\/\/Rt7\/\/5zq\/\/8E3v\/\/19z\/\/3Ld\/\/\/C3f\/\/ntz\/\/+jV\/\/\/o1f\/\/6NX\/\/6jb\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/+S2\/\/\/Vdr\/\/wHc\/\/9m3P\/\/GNr\/\/xfX\/\/9a3P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/RNj\/\/0TY\/\/9E2P\/\/S9z\/\/+zZ\/\/\/s2f\/\/3Nv\/\/+zZ\/\/861\/\/\/7Nn\/\/zzb\/\/\/s2f\/\/7Nn\/\/+zZ\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/Otf\/\/zrX\/\/861\/\/\/7Nn\/\/+zZ\/\/\/s2f\/\/7Nn\/\/2va\/\/933v\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/aN7\/\/xDf\/\/\/\/3v\/\/V97\/\/\/De\/\/8w3\/\/\/H9\/\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/0TX\/\/9E1\/\/\/RNf\/\/9Xe\/\/831v\/\/N9b\/\/0re\/\/831v\/\/NN7\/\/zfW\/\/8\/3\/\/\/N9b\/\/zfW\/\/831v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zTe\/\/803v\/\/NN7\/\/zfW\/\/831v\/\/N9b\/\/zfW\/\/912f\/\/zN7\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/znf\/\/\/R3\/\/\/vd\/\/\/3ff\/\/+L3\/\/\/rt\/\/\/5rf\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/881v\/\/PNb\/\/zzW\/\/\/g3\/\/\/vN7\/\/7ze\/\/\/c2f\/\/vN7\/\/5ze\/\/+83v\/\/\/t\/\/\/7ze\/\/+83v\/\/vN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+c3v\/\/nN7\/\/5ze\/\/+83v\/\/vN7\/\/7ze\/\/+83v\/\/SN\/\/\/+Dr\/\/8L7v\/\/0e3\/\/4\/t\/\/9h7f\/\/D+3\/\/8ns\/\/9b7P\/\/Cez\/\/z3u\/\/9ExP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/1jE\/\/9YxP\/\/WMT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/\/nG\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/4Mb\/\/3\/F\/\/+zw\/\/\/EsT\/\/2bF\/\/9Nxf\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/xLE\/\/8SxP\/\/EsT\/\/zTF\/\/8SxP\/\/EsT\/\/xLE\/\/8bxf\/\/EsT\/\/wLF\/\/8SxP\/\/6cT\/\/xLE\/\/99xP\/\/AAAAAAAAAAAAAAAAAAAAAENvcHlyaWdodCAlcyAlZCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4AbWVtb3J5IGV4aGF1c3RlZAAlcwDigJkAoa8AIgAnAKEHZQDigJgAR0IxODAzMABQT1NJWABgAHdyaXRlIGVycm9yAEdOVSBjb3JldXRpbHMAZWNobwAlcyAoJXMpICVzCgAoQykAV3JpdHRlbiBieSAlcy4KAFdyaXR0ZW4gYnkgJXMgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsIGFuZCAlcy4KAFBPU0lYTFlfQ09SUkVDVAAtbgAvLmxpYnMvAGx0LQAvdXNyL3NoYXJlL2xvY2FsZQAtLWhlbHAAc2hhMiB1dGlsaXRpZXMAWwB0ZXN0IGludm9jYXRpb24ATXVsdGktY2FsbCBpbnZvY2F0aW9uAHNoYTIyNHN1bQBzaGEyNTZzdW0Ac2hhMzg0c3VtAHNoYTUxMnN1bQAKJXMgb25saW5lIGhlbHA6IDwlcz4KAGVuXwBGdWxsIGRvY3VtZW50YXRpb24gPCVzJXM+CgAtLXZlcnNpb24AQ2hldCBSYW1leQBCcmlhbiBGb3gAOS4xAExpY2Vuc2UgR1BMdjMrOiBHTlUgR1BMIHZlcnNpb24gMyBvciBsYXRlciA8JXM+LgpUaGlzIGlzIGZyZWUgc29mdHdhcmU6IHlvdSBhcmUgZnJlZSB0byBjaGFuZ2UgYW5kIHJlZGlzdHJpYnV0ZSBpdC4KVGhlcmUgaXMgTk8gV0FSUkFOVFksIHRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdy4KAAAAAAAAaHR0cHM6Ly9nbnUub3JnL2xpY2Vuc2VzL2dwbC5odG1sAAAAAAAAAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsICVzLCAlcywgJXMsCiVzLCAlcywgYW5kIG90aGVycy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCmFuZCAlcy4KAFdyaXR0ZW4gYnkgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABXcml0dGVuIGJ5ICVzLCAlcywgJXMsCiVzLCAlcywgYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCBhbmQgJXMuCgAAAAAAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKYW5kICVzLgoAV3JpdHRlbiBieSAlcywgJXMsICVzLAolcywgJXMsICVzLCAlcywKJXMsIGFuZCAlcy4KAAAAAABBIE5VTEwgYXJndlswXSB3YXMgcGFzc2VkIHRocm91Z2ggYW4gZXhlYyBzeXN0ZW0gY2FsbC4KAFVzYWdlOiAlcyBbU0hPUlQtT1BUSU9OXS4uLiBbU1RSSU5HXS4uLgogIG9yOiAgJXMgTE9ORy1PUFRJT04KAABFY2hvIHRoZSBTVFJJTkcocykgdG8gc3RhbmRhcmQgb3V0cHV0LgoKICAtbiAgICAgICAgICAgICBkbyBub3Qgb3V0cHV0IHRoZSB0cmFpbGluZyBuZXdsaW5lCgAAAAAgIC1lICAgICAgICAgICAgIGVuYWJsZSBpbnRlcnByZXRhdGlvbiBvZiBiYWNrc2xhc2ggZXNjYXBlcwogIC1FICAgICAgICAgICAgIGRpc2FibGUgaW50ZXJwcmV0YXRpb24gb2YgYmFja3NsYXNoIGVzY2FwZXMgKGRlZmF1bHQpCgAAAAAAICAgICAgLS1oZWxwICAgICAgICBkaXNwbGF5IHRoaXMgaGVscCBhbmQgZXhpdAoAICAgICAgLS12ZXJzaW9uICAgICBvdXRwdXQgdmVyc2lvbiBpbmZvcm1hdGlvbiBhbmQgZXhpdAoAAAAAAAAAAApJZiAtZSBpcyBpbiBlZmZlY3QsIHRoZSBmb2xsb3dpbmcgc2VxdWVuY2VzIGFyZSByZWNvZ25pemVkOgoKAAAgIFxcICAgICAgYmFja3NsYXNoCiAgXGEgICAgICBhbGVydCAoQkVMKQogIFxiICAgICAgYmFja3NwYWNlCiAgXGMgICAgICBwcm9kdWNlIG5vIGZ1cnRoZXIgb3V0cHV0CiAgXGUgICAgICBlc2NhcGUKICBcZiAgICAgIGZvcm0gZmVlZAogIFxuICAgICAgbmV3IGxpbmUKICBcciAgICAgIGNhcnJpYWdlIHJldHVybgogIFx0ICAgICAgaG9yaXpvbnRhbCB0YWIKICBcdiAgICAgIHZlcnRpY2FsIHRhYgoAAAAAICBcME5OTiAgIGJ5dGUgd2l0aCBvY3RhbCB2YWx1ZSBOTk4gKDEgdG8gMyBkaWdpdHMpCiAgXHhISCAgICBieXRlIHdpdGggaGV4YWRlY2ltYWwgdmFsdWUgSEggKDEgdG8gMiBkaWdpdHMpCgAAAApOT1RFOiB5b3VyIHNoZWxsIG1heSBoYXZlIGl0cyBvd24gdmVyc2lvbiBvZiAlcywgd2hpY2ggdXN1YWxseSBzdXBlcnNlZGVzCnRoZSB2ZXJzaW9uIGRlc2NyaWJlZCBoZXJlLiAgUGxlYXNlIHJlZmVyIHRvIHlvdXIgc2hlbGwncyBkb2N1bWVudGF0aW9uCmZvciBkZXRhaWxzIGFib3V0IHRoZSBvcHRpb25zIGl0IHN1cHBvcnRzLgoAAApOT1RFOiBwcmludGYoMSkgaXMgYSBwcmVmZXJyZWQgYWx0ZXJuYXRpdmUsCndoaWNoIGRvZXMgbm90IGhhdmUgaXNzdWVzIG91dHB1dHRpbmcgb3B0aW9uLWxpa2Ugc3RyaW5ncy4KAAAAAAAAAABodHRwczovL3d3dy5nbnUub3JnL3NvZnR3YXJlL2NvcmV1dGlscy8AUmVwb3J0IGFueSB0cmFuc2xhdGlvbiBidWdzIHRvIDxodHRwczovL3RyYW5zbGF0aW9ucHJvamVjdC5vcmcvdGVhbS8+CgAAb3IgYXZhaWxhYmxlIGxvY2FsbHkgdmlhOiBpbmZvICcoY29yZXV0aWxzKSAlcyVzJwoAAAEbAzuQAAAAEQAAALyx\/\/\/EAAAADLT\/\/+wAAAActP\/\/BAEAAFy2\/\/+AAgAAbLb\/\/3QDAAA8wf\/\/rAAAACzC\/\/8cAQAAvML\/\/zABAAC8w\/\/\/RAEAAPzD\/\/9gAQAA7MT\/\/6QBAADsxf\/\/4AEAAEzG\/\/8MAgAAfMf\/\/zACAADc3f\/\/oAIAAFze\/\/\/AAgAAHOT\/\/9QDAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAUAAAAHAAAAIjA\/\/8mAAAAAEQHEAAAAAAkAAAANAAAAPCw\/\/9QAgAAAA4QRg4YSg8LdwiAAD8aOSozJCIAAAAAFAAAAFwAAAAYs\/\/\/EAAAAAAAAAAAAAAAFAAAAHQAAAAQs\/\/\/QAIAAAAAAAAAAAAAEAAAAIwAAAAIwf\/\/hgAAAAAAAAAQAAAAoAAAAITB\/\/\/9AAAAAAAAABgAAAC0AAAAcML\/\/zcAAAAAQQ4QQQ4IUg4QAABAAAAA0AAAAJTC\/\/\/uAAAAAEE="}
+00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712420134895500,"flow_src_last_pkt_time":1712420134895500,"flow_dst_last_pkt_time":1712420134895500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420134895500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41150,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1712420134895500,"flow_dst_last_pkt_time":1712420134895500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712420134895500,"pkt":"AAAAAAAAAAAAAAAACABFAAA8LlRAAEAGDmZ\/AAABfwAAAaC+gjVW+UuWAAAAAKAC\/9f+MAAAAgT\/1wQCCAqIn3ggAAAAAAEDAwc="}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1712420134895500,"flow_dst_last_pkt_time":1712420134895511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712420134895511,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI1oL6KfnhgVvlLl6AS\/8v+MAAAAgT\/1wQCCAqIn3ghiJ94IAEDAwc="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1712420134895520,"flow_dst_last_pkt_time":1712420134895511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712420134895520,"pkt":"AAAAAAAAAAAAAAAACABFAAA0LlVAAEAGDm1\/AAABfwAAAaC+gjVW+UuXin54YYAQAgD+KAAAAQEICoifeCGIn3gh"}
+11798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1712420134895559,"flow_dst_last_pkt_time":1712420134895511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":16450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":16450,"pkt_l4_len":16416,"thread_ts_usec":1712420134895559,"pkt":"AAAAAAAAAAAAAAAACABFAEA0LlZAAEAGzmt\/AAABfwAAAaC+gjVW+UuXin54YYAYAgA+KQAAAQEICoifeCGIn3ghf0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAoB8AAAAAAABAAAAAAAAAALhxAAAAAAAAAAAAAEAAOAANAEAAHgAdAAYAAAAEAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDAAAAAAAAGAMAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAoTIAAAAAAAChMgAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAUAAAAAAAAABQAAAAAAAAAFAAAAAAAABQEgAAAAAAAFASAAAAAAAAABAAAAAAAAABAAAABgAAAIBsAAAAAAAAgHwAAAAAAACAfAAAAAAAAJQDAAAAAAAAqAMAAAAAAAAAEAAAAAAAAAIAAAAGAAAAkGwAAAAAAACQfAAAAAAAAJB8AAAAAAAA8AEAAAAAAADwAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDAAAAAAAAOAMAAAAAAAAwAAAAAAAAADAAAAAAAAAACAAAAAAAAAAEAAAABAAAAGgDAAAAAAAAaAMAAAAAAABoAwAAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4AwAAAAAAADgDAAAAAAAAMAAAAAAAAAAwAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAABkXgAAAAAAAGReAAAAAAAAZF4AAAAAAACUAAAAAAAAAJQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAAgGwAAAAAAACAfAAAAAAAAIB8AAAAAAAAgAMAAAAAAACAAwAAAAAAAAEAAAAAAAAAL2xpYjY0L2xkLWxpbnV4LXg4Ni02NC5zby4yAAAAAAAEAAAAIAAAAAUAAABHTlUAAgAAwAQAAAADAAAAAAAAAAKAAMAEAAAAAQAAAAAAAAAEAAAAFAAAAAMAAABHTlUA0uju2W4DwzSiBB87d5L+o7nU\/UgEAAAAEAAAAAEAAABHTlUAAAAAAAMAAAACAAAAAAAAAAAAAAACAAAALwAAAAEAAAAGAAAAAACBAAAAAAAvAAAAAAAAANFlzm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOQEAABIAAAAAAAAAAAAAAAAAAAAAAAAApQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAPwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAagAAABIAAAAAAAAAAAAAAAAAAAAAAAAASAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHwIAACAAAAAAAAAAAAAAAAAAAAAAAAAACAEAABEAAAAAAAAAAAAAAAAAAAAAAAAADwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAjwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAfAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAewAAABIAAAAAAAAAAAAAAAAAAAAAAAAAeAEAABIAAAAAAAAAAAAAAAAAAAAAAAAALwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAwwAAABIAAAAAAAAAAAAAAAAAAAAAAAAApAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA7wAAABIAAAAAAAAAAAAAAAAAAAAAAAAAsAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAQAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAggAAABIAAAAAAAAAAAAAAAAAAAAAAAAA6AAAABIAAAAAAAAAAAAAAAAAAAAAAAAAuwEAABIAAAAAAAAAAAAAAAAAAAAAAAAAqwAAABIAAAAAAAAAAAAAAAAAAAAAAAAAKgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOwIAACAAAAAAAAAAAAAAAAAAAAAAAAAAUAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAUQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAYwAAABIAAAAAAAAAAAAAAAAAAAAAAAAARQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAWAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAmgAAABIAAAAAAAAAAAAAAAAAAAAAAAAA0QEAABIAAAAAAAAAAAAAAAAAAAAAAAAAOQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAaAEAABEAAAAAAAAAAAAAAAAAAAAAAAAAiAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAIgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAEAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAygEAABIAAAAAAAAAAAAAAAAAAAAAAAAAHAEAABIAAAAAAAAAAAAAAAAAAAAAAAAASgIAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhwEAABEAAAAAAAAAAAAAAAAAAAAAAAAA9wAAABIAAAAAAAAAAAAAAAAAAAAAAAAA2gAAABIAAAAAAAAAAAAAAAAAAAAAAAAAFQEAABEAAAAAAAAAAAAAAAAAAAAAAAAAAQAAACIAAAAAAAAAAAAAAAAAAAAAAAAAAF9fY3hhX2ZpbmFsaXplAF9fbGliY19zdGFydF9tYWluAF9fY3hhX2F0ZXhpdABkY2dldHRleHQAZXJyb3IAYWJvcnQAbmxfbGFuZ2luZm8AZmlsZW5vAF9fZnJlYWRpbmcAZmZsdXNoAF9fZXJybm9fbG9jYXRpb24AZmNsb3NlAGxzZWVrAGZzZWVrbwBfX2ZwZW5kaW5nAHNldGxvY2FsZQBzdHJsZW4Ac3RyY21wAF9fc3RhY2tfY2hrX2ZhaWwAX19jdHlwZV9nZXRfbWJfY3VyX21heABfX2N0eXBlX2JfbG9jAG1lbWNtcABtYnJ0b3djAGlzd3ByaW50AG1ic2luaXQAc3Rkb3V0AF9leGl0AHN0ZGVycgBfX2ZwcmludGZfY2hrAGZwdXRjX3VubG9ja2VkAGdldGVudgBzdHJyY2hyAHN0cm5jbXAAcHJvZ3JhbV9pbnZvY2F0aW9uX25hbWUAX19wcm9nbmFtZV9mdWxsAGJpbmR0ZXh0ZG9tYWluAHByb2dyYW1faW52b2NhdGlvbl9zaG9ydF9uYW1lAF9fcHJvZ25hbWUAX19vdmVyZmxvdwBmcHV0c191bmxvY2tlZABmd3JpdGUAX19wcmludGZfY2hrAGxpYmMuc28uNgBHTElCQ18yLjMAR0xJQkNfMi4zLjQAR0xJQkNfMi40AEdMSUJDXzIuMzQAR0xJQkNfMi4yLjUAX0lUTV9kZXJlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fZ21vbl9zdGFydF9fAF9JVE1fcmVnaXN0ZXJUTUNsb25lVGFibGUAAAACAAIAAwACAAIAAgABAAIAAgACAAIAAgACAAIAAgACAAQAAgACAAIAAgACAAIAAgACAAEAAgACAAIAAgACAAIABQACAAIAAgACAAIAAgAFAAEAAgACAAIABgACAAIAAAAAAAEABQDeAQAAEAAAAAAAAAATaWkNAAAGAOgBAAAQAAAAdBlpCQAABQDyAQAAEAAAABRpaQ0AAAQA\/gEAABAAAAC0kZYGAAADAAgCAAAQAAAAdRppCQAAAgATAgAAAAAAAIB8AAAAAAAACAAAAAAAAACAIAAAAAAAAIh8AAAAAAAACAAAAAAAAABAIAAAAAAAAAiAAAAAAAAACAAAAAAAAAAIgAAAAAAAALh\/AAAAAAAABgAAAAMAAAAAAAAAAAAAAMB\/AAAAAAAABgAAAAcAAAAAAAAAAAAAAMh\/AAAAAAAABgAAAAgAAAAAAAAAAAAAANB\/AAAAAAAABgAAABoAAAAAAAAAAAAAANh\/AAAAAAAABgAAABsAAAAAAAAAAAAAAOB\/AAAAAAAABgAAACkAAAAAAAAAAAAAAOh\/AAAAAAAABgAAACsAAAAAAAAAAAAAAPB\/AAAAAAAABgAAAC8AAAAAAAAAAAAAAPh\/AAAAAAAABgAAAC4AAAAAAAAAAAAAAJh+AAAAAAAABwAAAAEAAAAAAAAAAAAAAKB+AAAAAAAABwAAAAQAAAAAAAAAAAAAAKh+AAAAAAAABwAAAAUAAAAAAAAAAAAAALB+AAAAAAAABwAAAAYAAAAAAAAAAAAAALh+AAAAAAAABwAAAAkAAAAAAAAAAAAAAMB+AAAAAAAABwAAAAoAAAAAAAAAAAAAAMh+AAAAAAAABwAAAAsAAAAAAAAAAAAAANB+AAAAAAAABwAAAAwAAAAAAAAAAAAAANh+AAAAAAAABwAAAA0AAAAAAAAAAAAAAOB+AAAAAAAABwAAAA4AAAAAAAAAAAAAAOh+AAAAAAAABwAAAA8AAAAAAAAAAAAAAPB+AAAAAAAABwAAABAAAAAAAAAAAAAAAPh+AAAAAAAABwAAABEAAAAAAAAAAAAAAAB\/AAAAAAAABwAAABIAAAAAAAAAAAAAAAh\/AAAAAAAABwAAABMAAAAAAAAAAAAAABB\/AAAAAAAABwAAABQAAAAAAAAAAAAAABh\/AAAAAAAABwAAABUAAAAAAAAAAAAAACB\/AAAAAAAABwAAABYAAAAAAAAAAAAAACh\/AAAAAAAABwAAABcAAAAAAAAAAAAAADB\/AAAAAAAABwAAABgAAAAAAAAAAAAAADh\/AAAAAAAABwAAABkAAAAAAAAAAAAAAEB\/AAAAAAAABwAAABwAAAAAAAAAAAAAAEh\/AAAAAAAABwAAAB0AAAAAAAAAAAAAAFB\/AAAAAAAABwAAAB4AAAAAAAAAAAAAAFh\/AAAAAAAABwAAAB8AAAAAAAAAAAAAAGB\/AAAAAAAABwAAACAAAAAAAAAAAAAAAGh\/AAAAAAAABwAAACEAAAAAAAAAAAAAAHB\/AAAAAAAABwAAACIAAAAAAAAAAAAAAHh\/AAAAAAAABwAAACQAAAAAAAAAAAAAAIB\/AAAAAAAABwAAACUAAAAAAAAAAAAAAIh\/AAAAAAAABwAAACYAAAAAAAAAAAAAAJB\/AAAAAAAABwAAACcAAAAAAAAAAAAAAJh\/AAAAAAAABwAAACgAAAAAAAAAAAAAAKB\/AAAAAAAABwAAACoAAAAAAAAAAAAAAKh\/AAAAAAAABwAAACwAAAAAAAAAAAAAALB\/AAAAAAAABwAAAC0AAAAAAAAAAAAAAPMPHvpIg+wISIsFwW8AAEiFwHQC\/9BIg8QIwwAAAAAA\/zVibgAA\/yVkbgAADx9AAPMPHvpoAAAAAOni\/\/\/\/ZpDzDx76aAEAAADp0v\/\/\/2aQ8w8e+mgCAAAA6cL\/\/\/9mkPMPHvpoAwAAAOmy\/\/\/\/ZpDzDx76aAQAAADpov\/\/\/2aQ8w8e+mgFAAAA6ZL\/\/\/9mkPMPHvpoBgAAAOmC\/\/\/\/ZpDzDx76aAcAAADpcv\/\/\/2aQ8w8e+mgIAAAA6WL\/\/\/9mkPMPHvpoCQAAAOlS\/\/\/\/ZpDzDx76aAoAAADpQv\/\/\/2aQ8w8e+mgLAAAA6TL\/\/\/9mkPMPHvpoDAAAAOki\/\/\/\/ZpDzDx76aA0AAADpEv\/\/\/2aQ8w8e+mgOAAAA6QL\/\/\/9mkPMPHvpoDwAAAOny\/v\/\/ZpDzDx76aBAAAADp4v7\/\/2aQ8w8e+mgRAAAA6dL+\/\/9mkPMPHvpoEgAAAOnC\/v\/\/ZpDzDx76aBMAAADpsv7\/\/2aQ8w8e+mgUAAAA6aL+\/\/9mkPMPHvpoFQAAAOmS\/v\/\/ZpDzDx76aBYAAADpgv7\/\/2aQ8w8e+mgXAAAA6XL+\/\/9mkPMPHvpoGAAAAOli\/v\/\/ZpDzDx76aBkAAADpUv7\/\/2aQ8w8e+mgaAAAA6UL+\/\/9mkPMPHvpoGwAAAOky\/v\/\/ZpDzDx76aBwAAADpIv7\/\/2aQ8w8e+mgdAAAA6RL+\/\/9mkPMPHvpoHgAAAOkC\/v\/\/ZpDzDx76aB8AAADp8v3\/\/2aQ8w8e+mggAAAA6eL9\/\/9mkPMPHvpoIQAAAOnS\/f\/\/ZpDzDx76aCIAAADpwv3\/\/2aQ8w8e+mgjAAAA6bL9\/\/9mkPMPHvr\/JXZtAABmDx9EAADzDx76\/yUObAAAZg8fRAAA8w8e+v8lBmwAAGYPH0QAAPMPHvr\/Jf5rAABmDx9EAADzDx76\/yX2awAAZg8fRAAA8w8e+v8l7msAAGYPH0QAAPMPHvr\/JeZrAABmDx9EAADzDx76\/yXeawAAZg8fRAAA8w8e+v8l1msAAGYPH0QAAPMPHvr\/Jc5rAABmDx9EAADzDx76\/yXGawAAZg8fRAAA8w8e+v8lvmsAAGYPH0QAAPMPHvr\/JbZrAABmDx9EAADzDx76\/yWuawAAZg8fRAAA8w8e+v8lpmsAAGYPH0QAAPMPHvr\/JZ5rAABmDx9EAADzDx76\/yWWawAAZg8fRAAA8w8e+v8ljmsAAGYPH0QAAPMPHvr\/JYZrAABmDx9EAADzDx76\/yV+awAAZg8fRAAA8w8e+v8ldmsAAGYPH0QAAPMPHvr\/JW5rAABmDx9EAADzDx76\/yVmawAAZg8fRAAA8w8e+v8lXmsAAGYPH0QAAPMPHvr\/JVZrAABmDx9EAADzDx76\/yVOawAAZg8fRAAA8w8e+v8lRmsAAGYPH0QAAPMPHvr\/JT5rAABmDx9EAADzDx76\/yU2awAAZg8fRAAA8w8e+v8lLmsAAGYPH0QAAPMPHvr\/JSZrAABmDx9EAADzDx76\/yUeawAAZg8fRAAA8w8e+v8lFmsAAGYPH0QAAPMPHvr\/JQ5rAABmDx9EAADzDx76\/yUGawAAZg8fRAAA8w8e+v8l\/moAAGYPH0QAAPMPHvr\/JfZqAABmDx9EAADoy\/3\/\/2YuDx+EAAAAAACQ8w8e+kFXQVZBVUG9AQAAAEFUVYn9SI09LEEAAFNIifNIgeyYAAAAZEiLBCUoAAAASImEJIgAAAAxwOhx\/f\/\/SYnGSIXAdCFFMe2D\/QF+GUiLewhIjTX+QAAARTHt6H7+\/\/+FwEEPlMVEiehMiyOD4AGIRCQLTYXkD4SABgAAvi8AAABMiefoFf7\/\/0mJx0iFwHQxSI1IAUiJyEiJDCRMKeBIg\/gGfh1JjX\/6ugcAAABIjTWkQAAA6CT9\/\/+FwA+EVgIAAEiLBT1qAABIjTV1QAAAvwYAAABMjT0IQAAATIkla2oAAEyJIOhT\/v\/\/SI01c0AAAEyJ\/+g0\/f\/\/TIn\/6Az9\/\/9IjT1lJgAA6KAsAACD\/QIPhesAAACAfCQLAA+E4AAAAEiLawhIjTVKQAAASInv6Kn9\/\/+FwA+E5AUAAEiNNc9AAABIie\/okv3\/\/4XAD4QCBQAATI17CL0BAAAARYXtD4W3AAAAQbwBAAAATYX2D4T7AwAAhe0PjkgBAACJ7U2NLO9IjS2wPQAATYs36y8PH4AAAAAASIsdWWkAAA+2ykmJxkiLO0iLRyhIO0cwD4NKAwAASI1IAUiJTyiIEEEPthZJjUYBhNIPhFADAACA+lx1w0UPtkYBRYTAD4T1AgAAQY1A0E2NTgJEicE8SA+HWAEAAA+2wEhjRIUASAHoPv\/gg+0BTI17CEWF7Q+EVP\/\/\/0GJ7YXtD46tAAAATYX2RIntQbwBAAAASbgBAAAAAQIAAEEPlcJFMclJiz+APy0PhU4EAAAPtk8BhMkPhEIEAABIjVcCichmDx9EAACD6EU8KQ+H9QIAAEkPo8BAD5LGQIT2D4TkAgAAD7YCSIPCAYTAddlIjUcBMdLrD5CA+UVED0TKD7YIhMl0HEiDwAGA+WUPhK0CAACA+W514A+2CEUx5ITJdeRJg8cIg+0BD4V1\/\/\/\/RYTkdCNIiwUlaAAASIs4SItHKEg7RzAPg\/MDAABIjVABSIlXKMYACkiLhCSIAAAAZEgrBCUoAAAAD4XzAwAASIHEmAAAADHAW11BXEFdQV5BX8NIizwkugMAAABIjTU5PgAA6LH6\/\/9MiyQkhcAPhYn9\/\/9IiwXWZwAATY1nBEyJIOl2\/f\/\/SIsdo2cAAEEPtshIiztIi0coSDtHMA+DQwMAAEiNUAFIiVcoxgBcRInCTYnO6SX+\/\/9BD7ZOAo1B0DwHD4dmAgAATY1OA0EPtgGNUdCNSNCA+QcPhiUCAABIix1KZwAAD7bKTYnO6ez9\/\/9MiQwkQQ+2XgJEiEQkC+gU\/P\/\/RA+2RCQLTIsMJEiLCA+2w\/ZEQQEQD4Rn\/\/\/\/D7b76NEHAABBD7Z+A4nC9kR5ARAPhAgCAACJwUAPtv9Jg8YE6LAHAADB4QRIix3eZgAAjRQBD7bK6YD9\/\/9Iix3MZgAATYnOuQsAAAC6CwAAAOln\/f\/\/SIsds2YAAE2JzrkJAAAAugkAAADpTv3\/\/0iLHZpmAABNic65DQAAALoNAAAA6TX9\/\/9Iix2BZgAATYnOuQoAAAC6CgAAAOkc\/f\/\/SIsdaGYAAE2JzrkMAAAAugwAAADpA\/3\/\/0iLHU9mAABNic65GwAAALobAAAA6er8\/\/9Iix02ZgAATYnOuQgAAAC6CAAAAOnR\/P\/\/Dx9AAEiLHRlmAABJica5XAAAAEiLO0iLRyhIO0cwD4K+\/P\/\/Dx+EAAAAAACJzuiJ+f\/\/QQ+2FkmNRgGE0g+Fufz\/\/2YPH4QAAAAAAEmDxwhNOe8PhJr9\/\/9Iix3EZQAASIs7SItHKEg7RzAPgwQBAABIjVABSIlXKMYAIOk3\/P\/\/Dx8AQYnx6Tf9\/\/9FhNIPhRb8\/\/9FhMkPhQ38\/\/+F7Q+OTf3\/\/4ntSIsddWUAAEmNLO\/rEg8fgAAAAABIjVABSIlXKMYAIEmLP0iLM0mDxwjoJvn\/\/0k57w+EFP3\/\/0iLO0iLRyhIO0cwctC+IAAAAOjG+P\/\/68+NVNDQQQ+2QQGD6DA8Bw+HBgEAAI0U0EiLHQ5lAABNjXECD7bK6a\/7\/\/9Iix37ZAAATYnOMckx0umc+\/\/\/SIsd6GQAAEmDxgMPtsjpifv\/\/0iLHdVkAABNic65BwAAALoHAAAA6XD7\/\/9Iix28ZAAATYnOuVwAAADpXPv\/\/74gAAAA6D34\/\/\/pNPv\/\/1BIiwWYZAAASI0NzTsAAEiNFXQ6AABqAEyNDag7AABMjQWsOwAASIs4SI01aDoAADHA6GEhAABaWelZ\/P\/\/RYTSD4XY+v\/\/RYTJD4TS\/v\/\/6cr6\/\/++XAAAAIlMJAxMiQwkRIhEJAvozPf\/\/0QPtkQkC0yLDCSLTCQM6Z78\/\/++CgAAAOiv9\/\/\/6Qn8\/\/9Iix0LZAAATY1xAQ+2yums+v\/\/6HL3\/\/9IiwUjZAAAujcAAAC+AQAAAEiNPUI9AABIiwjogvj\/\/+id9v\/\/ugUAAABIjTVhPQAAMf\/oCvf\/\/0yJ4UyJ4r8BAAAASInGMcDoBfj\/\/0iLHaZjAAC6BQAAADH\/SI01cD0AAEiLK+jY9v\/\/SInHSInu6F33\/\/9Iiyu6BQAAADH\/SI01rD0AAOi39v\/\/SInuSInH6Dz3\/\/9Iiyu6BQAAADH\/SI01Ez4AAOiW9v\/\/SInuSInH6Bv3\/\/9Iiyu6BQAAADH\/SI01Ij4AAOh19v\/\/SInuSInH6Pr2\/\/9Iiyu6BQAAADH\/SI01QT4AAOhU9v\/\/SInuSInH6Nn2\/\/9Iiyu6BQAAADH\/SI01YD4AAOgz9v\/\/SInuSInH6Lj2\/\/9Iiyu6BQAAADH\/SI01Jz8AAOgS9v\/\/SInuSI0tuDgAAEiJx+iQ9v\/\/ugUAAABIjTV0PwAAMf\/o7fX\/\/0iJ6r8BAAAASInGMcDo6\/b\/\/0yLI7oFAAAAMf9IjTUKQAAA6MX1\/\/9MieZMjWQkEEiJx+hF9v\/\/SI0F\/zgAAEiNNfY4AABmSA9u0GZID27GSI0F9zgAAGYPbMJmSA9u2EiNBf04AAAPKUQkEGZJD27HZg9sww8pRCQgZkgPbsBIjQWnOAAAZkgPbshIjQXcOAAAZg9swQ8pRCQwZkgPbsBIjQXROAAAZg9swQ8pRCRAZkgPbsBIjQXGOAAAZg9swQ8pRCRQZkgPbsBmD2zBDylEJGBmD+\/ADylEJHDrEEiJ7+in9f\/\/hcB0DUmDxBBJizQkSIX2dedNi2wkCLoFAAAASI01hDgAADH\/TYXtD4S5AAAA6NX0\/\/9MjSV+PwAAvwEAAABIjRVkNwAASInGTInhMcDoxfX\/\/zH2vwUAAADoqfX\/\/0iFwHQcugMAAABIjTVOOAAASInH6DD0\/\/+FwA+F4wAAALoFAAAASI01NjgAADH\/6HX0\/\/9IielMieK\/AQAAAEiJxjHASI0dZTcAAOhp9f\/\/STntD4SYAAAAugUAAABIjTVkPwAAMf\/oPfT\/\/78BAAAASInZTInqSInGMcDoOPX\/\/zH\/6HH1\/\/\/oHPT\/\/0yNJcU+AABIjRWwNgAAvwEAAABIicZMieFMjS2sNgAAMcDoBfX\/\/zH2vwUAAADo6fT\/\/0iFwA+FPP\/\/\/7oFAAAASI01jjcAADH\/6M3z\/\/9IielMieK\/AQAAAEiJxjHA6Mj0\/\/9MjS1hNgAASI0dFTcAAOlV\/\/\/\/SIsbMf+6BQAAAEiNNWw+AADoj\/P\/\/0iJx0iJ3ugU9P\/\/6ff+\/\/9mLg8fhAAAAAAADx9EAADzDx76Me1JidFeSIniSIPk8FBURTHAMclIjT0R9f8="}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1712420134895559,"flow_dst_last_pkt_time":1712420134895563,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712420134895563,"pkt":"AAAAAAAAAAAAAAAACABFAAA0R91AAEAG9OR\/AAABfwAAAYI1oL6KfnhhVvmLl4AQAb3+KAAAAQEICoifeCGIn3gh"}
+00985{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1712420134895500,"flow_src_last_pkt_time":1712420138537174,"flow_dst_last_pkt_time":1712420138537199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41150,"dst_port":33333,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1712420134895500,"flow_src_last_pkt_time":1712420138537174,"flow_dst_last_pkt_time":1712420138537199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41150,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01098{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1712420115772907,"flow_src_last_pkt_time":1712420115772931,"flow_dst_last_pkt_time":1712420115772907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14648,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16384,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31032,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712420138537199,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60150,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/elf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":62064,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1712420138537199}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 12/12
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 62064 bytes
+~~ total detected protocols..: 0
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 5518986 bytes
+~~ total memory freed........: 5518986 bytes
+~~ total allocations/frees...: 85887/85887
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 542 chars
+~~ json message max len.......: 12193 chars
+~~ json message avg len.......: 6366 chars
diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out
index f5a255c61..597ce9b3d 100644
--- a/test/results/default/emotet.pcap.out
+++ b/test/results/default/emotet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645830066121611}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645830066121611}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645830066121611,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1645830066121611,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066871134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1645830066871134,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="}
@@ -8,7 +8,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830067977441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1645830067978107,"pkt":"IOUqtpPxAAgCHEeuCABFAAA9wBRAAIAGPu4KAhlmwfwWVN\/dAkvNIWS3iukoFlAY+rqhDQAARUhMTyBbMTczLjY2LjQ2Ljk3XQ0K"}
 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830068348052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":214,"midstream":0,"thread_ts_usec":1645830068348052,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1","smtp": {"user":"","password":"","auth_failed":0}}}
 02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074471734,"flow_dst_last_pkt_time":1645830074471604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1645830074471734,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":254,"avg":538713.4,"max":3056402,"stddev":774055.0,"var":599161176064.0,"ent":3.7,"data": [749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254]},"pktlen": {"min":40,"avg":80.8,"max":738,"stddev":121.9,"var":14849.5,"ent":4.3,"data": [52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]},"bins": {"c_to_s": [8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1648563468993352}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1648563468993352}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648563468993352,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648563468993352,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563469109116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1648563469109116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="}
@@ -18,7 +18,7 @@
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648563469109583,"flow_dst_last_pkt_time":1648563469109634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648563469109634,"pkt":"AAgCHEeuIOUqtpPxCABFAAAooCsAAIAGi4VooX8WCgMdZQBQ2\/UuAEkmb3ez7lAQ+vAu8gAA"}
 02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469442201,"flow_dst_last_pkt_time":1648563469442152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":24498,"midstream":0,"thread_ts_usec":1648563469442201,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":28956.4,"max":204389,"stddev":59845.4,"var":3581476608.0,"ent":2.7,"data": [115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690]},"pktlen": {"min":40,"avg":820.0,"max":1401,"stddev":663.1,"var":439751.8,"ent":4.4,"data": [52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":27,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074472054,"flow_dst_last_pkt_time":1645830074472521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":15498,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1648563469606163,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1650490398530577}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1650490398530577}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398530577,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650490398530577,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1650490398627831,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="}
@@ -26,9 +26,9 @@
 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1650490398628513,"pkt":"IOUqtpPxAAgCHEeuCABFAAEJ\/mRAAIAGvqwKBBRma6Gy0tQvAFBRzVZnDPZp\/FAYBAC+xwAAR0VUIC92aWRlby82SnZBOC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpVQS1DUFU6IEFNRDY0DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvDQpIb3N0OiBnYW5kaGl0b2RheS5vcmcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
 01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398628513,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}}
 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1442,"pkt_l4_len":1408,"thread_ts_usec":1650490398888771,"pkt":"AAgCHEeuIOUqtpPxCABFAAWU7ZtAADMGF+trobLSCgQUZgBQ1C8M9mn8Uc1XSFAQAO1SvQAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDIwIEFwciAyMDIyIDIxOjMzOjA0IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtUG93ZXJlZC1CeTogUEhQLzUuNi40MA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogV2VkLCAyMCBBcHIgMjAyMiAyMTozMzowNCBHTVQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJFR2g3eDZhS04zSUxQLmRsbCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KU2V0LUNvb2tpZTogNjI2MDdjMTAzODZhMz0xNjUwNDkwMzg0OyBleHBpcmVzPVdlZCwgMjAtQXByLTIwMjIgMjE6MzQ6MDQgR01UOyBNYXgtQWdlPTYwOyBwYXRoPS8NCkxhc3QtTW9kaWZpZWQ6IFdlZCwgMjAgQXByIDIwMjIgMjE6MzM6MDQgR01UDQpDb250ZW50LUxlbmd0aDogODAyODE2DQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LW1zZG93bmxvYWQNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAANclxdSRMyDkkTMg5JEzIOP45fDkETMg4\/jkkOXhMyDkkTMw4uETIObtVfDsMTMg5u1U8OQxMyDm7VXA75EzIObtVADkATMg5u1UgOSBMyDm7VTg5IEzIObtVKDkgTMg5SaWNoSRMyDgAAAAAAAAAAUEUAAGSGBgAAFV9iAAAAAAAAAADwACIgCwIIAABgBgAA3AUAAAAAAMBwBAAAEAAAAAAAEAAAAAAAEAAAAAIAAAQAAAAAAAAABQACAAAAAAAA0AwAAAQAAPAJDQACAAAAAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAACCMCABjAAAAsF8IANwAAAAAsAkABMwCAAAwCQDgcwAAAAAAAAAAAAAAgAwAhCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwBgAIDgAAEF8IAEAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACcXwYAABAAAABgBgAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAgxwCAABwBgAAHgIAAGQGAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADCTAAAAkAgAADYAAACCCAAAAAAAAAAAAAAAAABAAADALnBkYXRhAADgcwAAADAJAAB0AAAAuAgAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAABMwCAACwCQAAzgIAACwJAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAADxEAAAAgAwAAEYAAAD6CwAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}}
+01444{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":37,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469606163,"flow_dst_last_pkt_time":1648563469559770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":46621,"midstream":0,"thread_ts_usec":1650490398907947,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":123,"packets-processed":122,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1650905413858492}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":123,"packets-processed":122,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1650905413858492}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905413858492,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905413858492,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905414042728,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"}
@@ -36,8 +36,8 @@
 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1650905414043252,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1650905414043252,"pkt":"IOUqtpPxAAgCHEeuCABFAADALKdAAIAGOCMKBBllTWkknMKFAFDxFWwhKWw3CFAYAgOTIAAAR0VUIC9TcHJ5QXNzZXRzL2dEUi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiB2QktiYVFnanl2UlJiY2dmdmxzYw0KSG9zdDogZmlsbW1vZ3ppdm90YS5ycw0KDQo="}
 01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414043252,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905414043252,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"filmmogzivota.rs","http": {"url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":0,"content_type":"","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1650905414043252,"flow_dst_last_pkt_time":1650905414214545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905414214545,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoU5RAADIGX85NaSScCgQZZQBQwoUpbDcI8RVsuVAQAHuY0gAAAAAAAAAA"}
-01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414043252,"flow_dst_last_pkt_time":1650905414335184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1650905414335184,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"filmmogzivota.rs","http": {"url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}}
-01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398907823,"flow_dst_last_pkt_time":1650490398907947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":8328,"midstream":0,"thread_ts_usec":1650905414341100,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01471{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414043252,"flow_dst_last_pkt_time":1650905414335184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":572,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1650905414335184,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"filmmogzivota.rs","http": {"url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}}}
+01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398907823,"flow_dst_last_pkt_time":1650490398907947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":8328,"midstream":0,"thread_ts_usec":1650905414341100,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467542773,"flow_dst_last_pkt_time":1650905467542773,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905467542773,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1650905467542773,"flow_dst_last_pkt_time":1650905467542773,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905467542773,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C55AAIAGrZIKBBllisWTZcKLAbv3Q1KhAAAAAIAC\/\/8fUQAAAgQFtAEDAwgBAQQC"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650905467542773,"flow_dst_last_pkt_time":1650905467652145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905467652145,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7wotH+MA690NSooAS+vAcZQAAAgQFbAEBBAIBAwMH"}
@@ -54,10 +54,10 @@
 01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469855852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905469856222,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469964301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650905469964301,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoNn1AADEG0b+KxZNlCgQZZQG7woy1bvT8\/rxMy1AQAfWyEAAAAAAAAAAA"}
 01413{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905469856222,"flow_dst_last_pkt_time":1650905469964391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":325,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1650905469964391,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","ja4":"t12d190600_d83cc789557e_2dae41c691ec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}}
-01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414338361,"flow_dst_last_pkt_time":1650905414341100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":9960,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01331{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414338361,"flow_dst_last_pkt_time":1650905414341100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":9960,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01308{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467928862,"flow_dst_last_pkt_time":1650905469191372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01206{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":169,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1650905518385458}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":169,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1650905518385458}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 169/169
 ~~ skipped flows.............: 0
@@ -66,9 +66,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5531730 bytes
-~~ total memory freed........: 5531730 bytes
-~~ total allocations/frees...: 86115/86115
+~~ total memory allocated....: 5531911 bytes
+~~ total memory freed........: 5531911 bytes
+~~ total allocations/frees...: 86117/86117
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
 ~~ json message max len.......: 2391 chars
diff --git a/test/results/default/encrypted_sni.pcap.out b/test/results/default/encrypted_sni.pcap.out
index c24d9de00..0cc616d5d 100644
--- a/test/results/default/encrypted_sni.pcap.out
+++ b/test/results/default/encrypted_sni.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
 01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
@@ -12,7 +12,7 @@
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3/3
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510429 bytes
-~~ total memory freed........: 5510429 bytes
+~~ total memory allocated....: 5510485 bytes
+~~ total memory freed........: 5510485 bytes
 ~~ total allocations/frees...: 85897/85897
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 1507 chars
-~~ json message avg len.......: 1040 chars
+~~ json message avg len.......: 1039 chars
diff --git a/test/results/default/epicgames.pcapng.out b/test/results/default/epicgames.pcapng.out
index 8d53f1edb..8bc38da8a 100644
--- a/test/results/default/epicgames.pcapng.out
+++ b/test/results/default/epicgames.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684594463217688}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684594463217688}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463217688,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1684594463217688,"pkt":"CL6sCxduJjb1W8R1CABFAABOdf1AAEAR1QjAqAycEp0PuMIdOqMAOpeORxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKE7iHg4H\/Z6HRc="}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594463538671,"flow_dst_last_pkt_time":1684594463538671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463538671,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -32,7 +32,7 @@
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594467702588,"flow_dst_last_pkt_time":1684594467772655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":444,"flow_dst_tot_l4_payload_len":337,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474915533,"flow_dst_last_pkt_time":1684594475180053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":952,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":4385,"flow_dst_tot_l4_payload_len":394,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594491581525,"flow_dst_last_pkt_time":1684594491475757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":750,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1684594491581525}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1684594491581525}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 81/81
 ~~ skipped flows.............: 0
@@ -41,10 +41,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506838 bytes
-~~ total memory freed........: 5506838 bytes
+~~ total memory allocated....: 5506910 bytes
+~~ total memory freed........: 5506910 bytes
 ~~ total allocations/frees...: 85974/85974
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 984 chars
-~~ json message avg len.......: 777 chars
+~~ json message avg len.......: 776 chars
diff --git a/test/results/default/esp.pcapng.out b/test/results/default/esp.pcapng.out
index 9fdc1b3d5..57459ca17 100644
--- a/test/results/default/esp.pcapng.out
+++ b/test/results/default/esp.pcapng.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587340723655842}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587340723655842}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587340723655842,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="}
 00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -12,7 +12,7 @@
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587340725659995,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="}
 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723670088,"flow_dst_last_pkt_time":1587340723676343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":702,"flow_dst_tot_l4_payload_len":654,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00914{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658959,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587340725659995}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587340725659995}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500319 bytes
-~~ total memory freed........: 5500319 bytes
+~~ total memory allocated....: 5500359 bytes
+~~ total memory freed........: 5500359 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 999 chars
-~~ json message avg len.......: 782 chars
+~~ json message avg len.......: 781 chars
diff --git a/test/results/default/ethereum.pcap.out b/test/results/default/ethereum.pcap.out
index 5d517ad5b..d6bff6411 100644
--- a/test/results/default/ethereum.pcap.out
+++ b/test/results/default/ethereum.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578508362274369}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578508362274369}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508362274369,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
@@ -570,7 +570,7 @@
 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365099452,"flow_dst_last_pkt_time":1578508365126662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":573,"global_ts_usec":1578508366135917}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":573,"global_ts_usec":1578508366135917}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2000/2000
 ~~ skipped flows.............: 0
@@ -579,8 +579,8 @@
 ~~ total active/idle flows...: 74/74
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5714585 bytes
-~~ total memory freed........: 5714585 bytes
+~~ total memory allocated....: 5715777 bytes
+~~ total memory freed........: 5715777 bytes
 ~~ total allocations/frees...: 88665/88665
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out
index d7ce0cb8a..9b72fa91c 100644
--- a/test/results/default/ethernetIP.pcap.out
+++ b/test/results/default/ethernetIP.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1352718180263865}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1352718180263865}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1352718180263865,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="}
 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -32,7 +32,7 @@
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718181046133,"flow_dst_last_pkt_time":1352718181017708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":860,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718181047922,"flow_dst_last_pkt_time":1352718181046461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":474,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1864,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718181046315,"flow_dst_last_pkt_time":1352718181050397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1492,"flow_dst_tot_l4_payload_len":1106,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1352718181050397}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1352718181050397}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -41,8 +41,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507389 bytes
-~~ total memory freed........: 5507389 bytes
+~~ total memory allocated....: 5507461 bytes
+~~ total memory freed........: 5507461 bytes
 ~~ total allocations/frees...: 85993/85993
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/ethersbus.pcap.out b/test/results/default/ethersbus.pcap.out
index 9d605f86f..47608dd7f 100644
--- a/test/results/default/ethersbus.pcap.out
+++ b/test/results/default/ethersbus.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1119024300361278}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1119024300361278}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1119024300361278,"pkt":"AFDCDF0nAAR14vSPCABFAAAp4p0AAIAR\/QasEAF4rBABhwmjE7oAFU3cAAAADQEAAAEACiBTGA=="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300361278,"flow_dst_last_pkt_time":1119024300361278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1119024300361278,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -8,7 +8,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1119024300369033,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1119024300376367,"pkt":"AAR14vSPAFDCDF0nCABFAAArKxoAAB4RFomsEAGHrBABeBO6CaMAF6QUAAAADwAAAAIBTW9kZWwNAAAA"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1119024300377012,"flow_dst_last_pkt_time":1119024300376367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1119024300377012,"pkt":"AFDCDF0nAAR14vSPCABFAAA14qEAAIAR\/PasEAF4rBABhwmjE7oAIW2KAAAAGQEAAAMAClEKAMQ8I8YAAMRETnV6Cg=="}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1119024300361278,"flow_src_last_pkt_time":1119024300457007,"flow_dst_last_pkt_time":1119024300466212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":230,"midstream":0,"thread_ts_usec":1119024300466212,"l3_proto":"ip4","src_ip":"172.16.1.120","dst_ip":"172.16.1.135","src_port":2467,"dst_port":5050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ether-S-Bus","proto_id":"368","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1119024300466212}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ethersbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1119024300466212}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498553 bytes
-~~ total memory freed........: 5498553 bytes
+~~ total memory allocated....: 5498577 bytes
+~~ total memory freed........: 5498577 bytes
 ~~ total allocations/frees...: 85880/85880
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/ethersio.pcap.out b/test/results/default/ethersio.pcap.out
index 6938a6584..b4f8f23df 100644
--- a/test/results/default/ethersio.pcap.out
+++ b/test/results/default/ethersio.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1279888308544606}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1279888308544606}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308544606,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhU8AAEARmPisFwIbrBcCDwQAF6wAOXbIRVNJTwABAAAAMXYWAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888308544606,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888308544606,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -9,7 +9,7 @@
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1279888308942138,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1279888308942138,"pkt":"AFDCjQ2CAFDCvyBeCABFAABNhVMAAEARmPSsFwIbrBcCDwQAF6wAOXbERVNJTwABAAAAMXYaAAAAGAAAAA0BAAAAAFwAAAABABEAAAswAAAAAAAAAAAAAAAA\/w=="}
 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311540875,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1543,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311540875,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":96653.8,"max":111455,"stddev":18558.1,"var":344403296.0,"ent":4.9,"data": [96162,97433,107881,96056,97599,109902,95490,95566,98398,3,111001,95507,96493,95973,109998,96979,96994,97899,109080,95700,95853,95658,111455,95276,100124,106350,95476,95590,108907,95554,95912]},"pktlen": {"min":52,"avg":76.2,"max":77,"stddev":4.3,"var":18.9,"ent":5.0,"data": [77,77,77,77,77,77,77,77,77,52,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77,77]},"bins": {"c_to_s": [1,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.361773968,3.345603704,3.361774206,3.387748003,3.361773968,3.361774206,3.387748003,3.387748003,3.387748003,3.744090796,3.387748003,3.387748003,3.387748003,3.361773968,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.387748003,3.361774206,3.361774206,3.345603704,3.387748003,3.387748003]},"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":0,"flow_first_seen":1279888308544606,"flow_src_last_pkt_time":1279888311939437,"flow_dst_last_pkt_time":1279888308544606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1714,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1279888311939437,"l3_proto":"ip4","src_ip":"172.23.2.27","dst_ip":"172.23.2.15","src_port":1024,"dst_port":6060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EtherSIO","proto_id":"363","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1279888311939437}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethersio.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1714,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1279888311939437}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 36/36
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499017 bytes
-~~ total memory freed........: 5499017 bytes
+~~ total memory allocated....: 5499041 bytes
+~~ total memory freed........: 5499041 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2176 chars
-~~ json message avg len.......: 1294 chars
+~~ json message avg len.......: 1293 chars
diff --git a/test/results/default/exe_download.pcap.out b/test/results/default/exe_download.pcap.out
index f172187bb..0097ffbf0 100644
--- a/test/results/default/exe_download.pcap.out
+++ b/test/results/default/exe_download.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434051004796}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434051004796}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434051004796,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434051004796,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434051324116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
@@ -7,9 +7,9 @@
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1569434051324979,"pkt":"IOUqtpPxAAgCHEeuCABFAADBALNAAIAG\/\/cKCRllkFtFw8ANAFC+hvgfPu\/YuVAY+vAITAAAR0VUIC9zb2xhci5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiBwd3R5eUVLek50R2F0d25Kam1DY0JMYk92ZUNWcGMNCkhvc3Q6IDE0NC45MS42OS4xOTUNCg0K"}
 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434051324979,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051325236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1569434051325236,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051623372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434051623372,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}}
-01445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051760034,"flow_dst_last_pkt_time":1569434051659215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":13620,"midstream":0,"thread_ts_usec":1569434051760034,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1569434051760034}
+01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051623372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434051623372,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}}
+01573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051760034,"flow_dst_last_pkt_time":1569434051659215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":13620,"midstream":0,"thread_ts_usec":1569434051760034,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":13773,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1569434051760034}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498779 bytes
-~~ total memory freed........: 5498779 bytes
-~~ total allocations/frees...: 85889/85889
+~~ total memory allocated....: 5498826 bytes
+~~ total memory freed........: 5498826 bytes
+~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
-~~ json message max len.......: 1586 chars
-~~ json message avg len.......: 1034 chars
+~~ json message max len.......: 1714 chars
+~~ json message avg len.......: 1090 chars
diff --git a/test/results/default/exe_download_as_png.pcap.out b/test/results/default/exe_download_as_png.pcap.out
index f97d2898b..5fe50e160 100644
--- a/test/results/default/exe_download_as_png.pcap.out
+++ b/test/results/default/exe_download_as_png.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434903040298}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434903040298}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434903040298,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434903040298,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903440451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434903440451,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
@@ -10,7 +10,7 @@
 01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903441012,"flow_dst_last_pkt_time":1569434904053845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434904053845,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185","http": {"url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}}
 02549{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904481632,"flow_dst_last_pkt_time":1569434904508320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":25916,"midstream":0,"thread_ts_usec":1569434904508320,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":93850.2,"max":613012,"stddev":192589.9,"var":37090865152.0,"ent":2.7,"data": [400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344]},"pktlen": {"min":40,"avg":855.0,"max":1500,"stddev":664.6,"var":441668.3,"ent":4.4,"data": [52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404]},"bins": {"c_to_s": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01340{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904944506,"flow_dst_last_pkt_time":1569434904944721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":88660,"midstream":0,"thread_ts_usec":1569434904944721,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434904944721}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":88809,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434904944721}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501013 bytes
-~~ total memory freed........: 5501013 bytes
+~~ total memory allocated....: 5501037 bytes
+~~ total memory freed........: 5501037 bytes
 ~~ total allocations/frees...: 85967/85967
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/facebook.pcap.out b/test/results/default/facebook.pcap.out
index dda1d4806..c0191f531 100644
--- a/test/results/default/facebook.pcap.out
+++ b/test/results/default/facebook.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1472393122365661}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1472393122365661}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122365661,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122365661,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122668038,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
@@ -20,7 +20,7 @@
 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124118414,"flow_dst_last_pkt_time":1472393124118402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":15090,"midstream":0,"thread_ts_usec":1472393124118414,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":36622.1,"max":154982,"stddev":57898.8,"var":3352273664.0,"ent":3.3,"data": [132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444]},"pktlen": {"min":52,"avg":555.1,"max":1440,"stddev":613.3,"var":376153.1,"ent":4.1,"data": [60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52]},"bins": {"c_to_s": [10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393123408152,"flow_dst_last_pkt_time":1472393123665163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":743,"flow_dst_tot_l4_payload_len":3732,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124218612,"flow_dst_last_pkt_time":1472393124229315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":20642,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1472393124229315}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1472393124229315}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517308 bytes
-~~ total memory freed........: 5517308 bytes
+~~ total memory allocated....: 5517348 bytes
+~~ total memory freed........: 5517348 bytes
 ~~ total allocations/frees...: 85956/85956
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/fastcgi.pcap.out b/test/results/default/fastcgi.pcap.out
index c3f0cf11e..2f1c2fe61 100644
--- a/test/results/default/fastcgi.pcap.out
+++ b/test/results/default/fastcgi.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1280403893598699}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1280403893598699}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893598699,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598699,"pkt":"ABzEfBq8AAvNgo+GCABFAAA8aJRAAEAGvhQKAAAJCgAAC5VuIyi+0TJPAAAAAKACFtD1nwAAAgQFtAQCCAoi61rbAAAAAAEDAwY="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598868,"pkt":"AAvNgo+GABzEfBq8CABFAAA8AABAAEAGJqkKAAALCgAACSMolW5v2bTavtEyUKASFqBTYwAAAgQFtAQCCAoN02\/TIuta2wEDAwc="}
@@ -9,7 +9,7 @@
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893599034,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893599034,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 02122{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403895619664,"flow_dst_last_pkt_time":1280403895619673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":14480,"midstream":0,"thread_ts_usec":1280403895619673,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":130385.1,"max":2020143,"stddev":496240.3,"var":246254469120.0,"ent":1.0,"data": [169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32]},"pktlen": {"min":52,"avg":539.2,"max":1500,"stddev":672.8,"var":452637.9,"ent":3.9,"data": [60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":54,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403897015424,"flow_dst_last_pkt_time":1280403897015595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":64400,"midstream":0,"thread_ts_usec":1280403897015595,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1280403897015595}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1280403897015595}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 102/102
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503018 bytes
-~~ total memory freed........: 5503018 bytes
+~~ total memory allocated....: 5503042 bytes
+~~ total memory freed........: 5503042 bytes
 ~~ total allocations/frees...: 85965/85965
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/fins.pcap.out b/test/results/default/fins.pcap.out
index 22344a1d7..7c02e3816 100644
--- a/test/results/default/fins.pcap.out
+++ b/test/results/default/fins.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1233089082809333}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1233089082809333}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809333,"pkt":"ANADs6f8ABNyl6LUCABFAAAugitAAEAREyYKBA5mCoKCguViJYAAGv5TgAACAAAAAAAAegEBAMzMzAAB"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -8,7 +8,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1233089082809410,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809410,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi5AAEAREyMKBA5mCoKCguViJYAAGn1SgAACAAAAAAAAegEBgczMzAAC"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1233089082809435,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809435,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi9AAEAREyIKBA5mCoKCguViJYAAGnxSgAACAAAAAAAAegEBgszMzAAC"}
 02050{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082810135,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082810135,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":25.9,"max":31,"stddev":1.6,"var":2.4,"ent":5.0,"data": [22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29]},"pktlen": {"min":44,"avg":47.2,"max":65,"stddev":3.5,"var":12.6,"ent":5.0,"data": [46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65]},"bins": {"c_to_s": [31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1428095655145347}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1428095655145347}
 00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347}
 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1233089082814433,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655145347,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -47,7 +47,7 @@
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":114,"thread_ts_usec":1428095676054158,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="}
 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655734613,"flow_dst_last_pkt_time":1428095655734575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":257,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1428095676054158}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":257,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1428095676054158}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 257/257
 ~~ skipped flows.............: 0
@@ -56,8 +56,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509770 bytes
-~~ total memory freed........: 5509770 bytes
+~~ total memory allocated....: 5509826 bytes
+~~ total memory freed........: 5509826 bytes
 ~~ total allocations/frees...: 86139/86139
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 343 chars
diff --git a/test/results/default/firefox.pcap.out b/test/results/default/firefox.pcap.out
index cfbaef5a8..b7cb2eb0a 100644
--- a/test/results/default/firefox.pcap.out
+++ b/test/results/default/firefox.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620927997754367}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620927997754367}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997754367,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927997754367,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927997781073,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
@@ -54,7 +54,7 @@
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999224233,"flow_dst_last_pkt_time":1620927999224319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":9203,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999213956,"flow_dst_last_pkt_time":1620927999214178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999228482,"flow_dst_last_pkt_time":1620927999227832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":129,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620927999228482}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":129,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620927999228482}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 129/129
 ~~ skipped flows.............: 0
@@ -63,8 +63,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5654856 bytes
-~~ total memory freed........: 5654856 bytes
+~~ total memory allocated....: 5654960 bytes
+~~ total memory freed........: 5654960 bytes
 ~~ total allocations/frees...: 86088/86088
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/fix.pcap.out b/test/results/default/fix.pcap.out
index 327785df3..db20bab0f 100644
--- a/test/results/default/fix.pcap.out
+++ b/test/results/default/fix.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1493755109242949}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1493755109242949}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1493755109242949,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
 00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
@@ -101,7 +101,7 @@
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1493755111956116,"flow_src_last_pkt_time":1493755132007515,"flow_dst_last_pkt_time":1493755131957560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":255,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1493755110320014,"flow_src_last_pkt_time":1493755130314066,"flow_dst_last_pkt_time":1493755130355530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":172,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1493755113353296,"flow_src_last_pkt_time":1493755123449395,"flow_dst_last_pkt_time":1493755123354617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":269,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1493755132120045}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1493755132120045}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1261/1261
 ~~ skipped flows.............: 0
@@ -110,8 +110,8 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5583010 bytes
-~~ total memory freed........: 5583010 bytes
+~~ total memory allocated....: 5583210 bytes
+~~ total memory freed........: 5583210 bytes
 ~~ total allocations/frees...: 87254/87254
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/fix2.pcap.out b/test/results/default/fix2.pcap.out
index 0fb8f4383..66cb13945 100644
--- a/test/results/default/fix2.pcap.out
+++ b/test/results/default/fix2.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614758889587624}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614758889587624}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889588862,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614758889588862,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889589020,"flow_dst_last_pkt_time":1614758889589020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889589020,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -18,7 +18,7 @@
 02059{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889590049,"flow_dst_last_pkt_time":1614758889590048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":801,"midstream":0,"thread_ts_usec":1614758889590049,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":66.4,"max":570,"stddev":137.8,"var":18986.0,"ent":3.3,"data": [568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25]},"pktlen": {"min":46,"avg":92.0,"max":160,"stddev":46.1,"var":2122.5,"ent":4.8,"data": [48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46]},"bins": {"c_to_s": [6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0],"entropies": [3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":683,"flow_dst_packets_processed":1304,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889595345,"flow_dst_last_pkt_time":1614758889595344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":13395,"flow_dst_tot_l4_payload_len":26148,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":411,"flow_dst_packets_processed":648,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889595307,"flow_dst_last_pkt_time":1614758889595305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":10864,"flow_dst_tot_l4_payload_len":17549,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1614758889595345}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1614758889595345}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3049/3046
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5592575 bytes
-~~ total memory freed........: 5592575 bytes
+~~ total memory allocated....: 5592615 bytes
+~~ total memory freed........: 5592615 bytes
 ~~ total allocations/frees...: 88919/88919
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/flute.pcapng.out b/test/results/default/flute.pcapng.out
index ce9cc004c..d6bde222a 100644
--- a/test/results/default/flute.pcapng.out
+++ b/test/results/default/flute.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710770492196928}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710770492196928}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1710770492196928,"pkt":"AQBeAQFf8C90rUP1CABFAAJ2YalAAAERDN7AqFjn7gEBX58NnJUCYgtkEBAIAAAAAAAAAAAAwBAAAkAEAAAAAAI2AAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIj4KICAgIDxGaWxlIFRPST0iMSIgQ29udGVudC1Mb2NhdGlvbj0iaGVsbG9fd29ybGQudHh0IiBDb250ZW50LUxlbmd0aD0iMTMiIFRyYW5zZmVyLUxlbmd0aD0iMTMiIENvbnRlbnQtTUQ1PSJqZDJMNUxGNXBTbXZwZkwvcmt1WVdBPT0iIENvbnRlbnQtVHlwZT0iYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtIj4KICAgICAgICA8bWJtczIwMDc6Q2FjaGUtQ29udHJvbD4KICAgICAgICAgICAgPG1ibXMyMDA3OkV4cGlyZXM+MTcxMDc3MDU1MjwvbWJtczIwMDc6RXhwaXJlcz4KICAgICAgICA8L21ibXMyMDA3OkNhY2hlLUNvbnRyb2w+CiAgICA8L0ZpbGU+CjwvRkRULUluc3RhbmNlPgo="}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770492196928,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":602,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":602,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770492196928,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
@@ -7,7 +7,7 @@
 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1710770492197076,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770492197076,"pkt":"AQBeAQFf8C90rUP1CABFAAEuYatAAAERDiTAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTAyIiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="}
 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_usec":1710770497188134,"pkt":"AQBeAQFf8C90rUP1CABFAAEuZedAAAERCejAqFjn7gEBX58NnJUBGgocEBAIAAAAAAAAAAAAwBAAA0AEAAAAAADuAAAFnAAAAEAAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEZEVC1JbnN0YW5jZSBFeHBpcmVzPSIxNzEwNzcwNTA3IiBGRUMtT1RJLUZFQy1FbmNvZGluZy1JRD0iMCIgRkVDLU9USS1NYXhpbXVtLVNvdXJjZS1CbG9jay1MZW5ndGg9IjY0IiBGRUMtT1RJLUVuY29kaW5nLVN5bWJvbC1MZW5ndGg9IjE0MzYiIHhtbG5zOm1ibXMyMDA3PSJ1cm46M0dQUDptZXRhZGF0YToyMDA3Ok1CTVM6RkxVVEU6RkRUIi8+Cg=="}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1710770492196928,"flow_src_last_pkt_time":1710770497188134,"flow_dst_last_pkt_time":1710770492196928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":602,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710770497188134,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"238.1.1.95","src_port":40717,"dst_port":40085,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FLUTE","proto_id":"406","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1710770497188134}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/flute.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1710770497188134}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498061 bytes
-~~ total memory freed........: 5498061 bytes
+~~ total memory allocated....: 5498085 bytes
+~~ total memory freed........: 5498085 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/forticlient.pcap.out b/test/results/default/forticlient.pcap.out
index dbc91d542..397a68e61 100644
--- a/test/results/default/forticlient.pcap.out
+++ b/test/results/default/forticlient.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621067203571879}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621067203571879}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203571879,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067203571879,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067203633408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
@@ -51,7 +51,7 @@
 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067206681899,"flow_dst_last_pkt_time":1621067206738955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 01241{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067207801622,"flow_dst_last_pkt_time":1621067207860710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":384,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":6525,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1150,"flow_dst_packets_processed":751,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067222261499,"flow_dst_last_pkt_time":1621067222260652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":70643,"flow_dst_tot_l4_payload_len":206814,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1621067222261499}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1621067222261499}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2000/2000
 ~~ skipped flows.............: 0
@@ -60,8 +60,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5611380 bytes
-~~ total memory freed........: 5611380 bytes
+~~ total memory allocated....: 5611468 bytes
+~~ total memory freed........: 5611468 bytes
 ~~ total allocations/frees...: 87944/87944
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 549 chars
diff --git a/test/results/default/ftp-start-tls.pcap.out b/test/results/default/ftp-start-tls.pcap.out
index 1065e193c..ad78db6f2 100644
--- a/test/results/default/ftp-start-tls.pcap.out
+++ b/test/results/default/ftp-start-tls.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383123629078448}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383123629078448}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383123629078448,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078448,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078863,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
@@ -12,7 +12,7 @@
 01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":13,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629101855,"flow_dst_last_pkt_time":1383123629103328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1383123629103328,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 02589{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629152654,"flow_dst_last_pkt_time":1383123629153383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":3206,"midstream":0,"thread_ts_usec":1383123629153383,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4811.0,"max":40376,"stddev":9556.7,"var":91331016.0,"ent":3.2,"data": [415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203]},"pktlen": {"min":46,"avg":160.9,"max":552,"stddev":164.2,"var":26956.4,"ent":4.4,"data": [46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130]},"bins": {"c_to_s": [4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1],"entropies": [4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":35,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629412168,"flow_dst_last_pkt_time":1383123629233523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":856,"flow_dst_tot_l4_payload_len":3834,"midstream":0,"thread_ts_usec":1383123629412168,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS.Huawei","proto_id":"311.398","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1383123629412168}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1383123629412168}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 51/51
 ~~ skipped flows.............: 0
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505811 bytes
-~~ total memory freed........: 5505811 bytes
+~~ total memory allocated....: 5505835 bytes
+~~ total memory freed........: 5505835 bytes
 ~~ total allocations/frees...: 85919/85919
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/ftp.pcap.out b/test/results/default/ftp.pcap.out
index 05d5f59c9..4b8517818 100644
--- a/test/results/default/ftp.pcap.out
+++ b/test/results/default/ftp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1552590234892296}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1552590234892296}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1552590234892296,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1552590234892296,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234919708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1552590234919708,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
@@ -13,7 +13,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1552590236580045,"flow_dst_last_pkt_time":1552590236608252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1552590236608252,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1552590236608298,"flow_dst_last_pkt_time":1552590236608252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1552590236608298,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1552590236608298,"flow_dst_last_pkt_time":1552590236637965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1271,"pkt_l4_len":1237,"thread_ts_usec":1552590236637965,"pkt":"xCwDBkn+EBMx8Tl2CABFAATpn4tAADYGPTxagkZJwKgB1GRVxgdmK2Nx7sCijYAYAAMMxgAAAQEIChJn\/Po7V585LXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwMDAgRmViIDE5ICAyMDE2IDEwMDBHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDczNzQxODI0MDAgRmViIDE5ICAyMDE2IDEwMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAgMTAyNDAwIEZlYiAxOSAgMjAxNiAxMDBLQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDQ4NTc2MDAgRmViIDE5ICAyMDE2IDEwME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwIEZlYiAxOSAgMjAxNiAxMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNDg1NzYwIEZlYiAxOSAgMjAxNiAxME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQgRmViIDE5ICAyMDE2IDFHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgICAgMTAyNCBGZWIgMTkgIDIwMTYgMUtCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAxMDQ4NTc2IEZlYiAxOSAgMjAxNiAxTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgMjA5NzE1MjAwIEZlYiAxOSAgMjAxNiAyMDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAyMDk3MTUyMCBGZWIgMTkgIDIwMTYgMjBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgMjA5NzE1MiBGZWIgMTkgIDIwMTYgMk1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAzMTQ1NzI4IEZlYiAxOSAgMjAxNiAzTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgNTI0Mjg4MDAwIEZlYiAxOSAgMjAxNiA1MDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICA1MjQyODgwMCBGZWIgMTkgIDIwMTYgNTBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgIDUyNDI4OCBGZWIgMTkgIDIwMTYgNTEyS0IuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgIDUyNDI4ODAgRmViIDE5ICAyMDE2IDVNQi56aXANCmRyd3hyLXhyLXggICAgMiAxMDUgICAgICAxMDggICAgICAgICAxNjM4NCBNYXIgMTQgMjA6MDMgdXBsb2FkDQo="}
-01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236608298,"flow_dst_last_pkt_time":1552590236637965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590236637965,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236608298,"flow_dst_last_pkt_time":1552590236637965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590236637965,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1552590236608298,"flow_dst_last_pkt_time":1552590236637967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1552590236637967,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n4xAADYGQfBagkZJwKgB1GRVxgdmK2gm7sCijYARAAOfgQAAAQEIChJn\/Po7V585"}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241545143,"flow_dst_last_pkt_time":1552590241545143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1552590241545143,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1552590241545143,"flow_dst_last_pkt_time":1552590241545143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1552590241545143,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
@@ -25,8 +25,8 @@
 00871{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":54,"flow_dst_packets_processed":78,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241697652,"flow_dst_last_pkt_time":1552590241697604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":109440,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":54,"flow_dst_packets_processed":78,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241697652,"flow_dst_last_pkt_time":1552590241697604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":109440,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01198{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":27,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590243340268,"flow_dst_last_pkt_time":1552590243371057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":241,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":889,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}}
-01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236638093,"flow_dst_last_pkt_time":1552590236666222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1552590243371057}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236638093,"flow_dst_last_pkt_time":1552590236666222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":111708,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1552590243371057}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 209/209
 ~~ skipped flows.............: 0
@@ -35,8 +35,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514553 bytes
-~~ total memory freed........: 5514553 bytes
+~~ total memory allocated....: 5514609 bytes
+~~ total memory freed........: 5514609 bytes
 ~~ total allocations/frees...: 86095/86095
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/ftp_failed.pcap.out b/test/results/default/ftp_failed.pcap.out
index e1c4931ca..869b96011 100644
--- a/test/results/default/ftp_failed.pcap.out
+++ b/test/results/default/ftp_failed.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574361625864342}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574361625864342}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574361625864342,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625864342,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625878212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625878212,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
@@ -8,7 +8,7 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574361625977593,"flow_dst_last_pkt_time":1574361625977557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1574361625977593,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQaBgBAA4XzDAAABAQgKlgVfE1bTSNw="}
 01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361631282407,"flow_dst_last_pkt_time":1574361631296434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1574361631296434,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"hello","password":"","auth_failed":1}}}
 01218{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361633088930,"flow_dst_last_pkt_time":1574361633102738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1574361633102738,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574361633102738}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574361633102738}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 18/18
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500570 bytes
-~~ total memory freed........: 5500570 bytes
+~~ total memory allocated....: 5500594 bytes
+~~ total memory freed........: 5500594 bytes
 ~~ total allocations/frees...: 85880/85880
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 1236 chars
-~~ json message avg len.......: 876 chars
+~~ json message avg len.......: 875 chars
diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out
index 348cda1e1..f4ea958e2 100644
--- a/test/results/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469540839312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="}
 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}}
@@ -664,7 +664,7 @@
 01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01218{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01096{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00660{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":71,"total-detection-updates":34,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1120470141614697}
+00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":71,"total-detection-updates":34,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1120470141614697}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470141614697,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="}
 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -1454,7 +1454,7 @@
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00665{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":135,"total-detection-updates":65,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1120470764674629}
+00663{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":135,"total-detection-updates":65,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1120470764674629}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470764674629,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="}
 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -2131,7 +2131,7 @@
 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}}
 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00667{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":27,"total-detected-flows":191,"total-detection-updates":105,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2134,"global_ts_usec":1120471107427770}
+00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":27,"total-detected-flows":191,"total-detection-updates":105,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2134,"global_ts_usec":1120471107427770}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 691/569
 ~~ skipped flows.............: 0
@@ -2140,8 +2140,8 @@
 ~~ total active/idle flows...: 257/257
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6102942 bytes
-~~ total memory freed........: 6102942 bytes
+~~ total memory allocated....: 6107062 bytes
+~~ total memory freed........: 6107062 bytes
 ~~ total allocations/frees...: 89329/89329
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 311 chars
diff --git a/test/results/default/fuzz-2006-09-29-28586.pcap.out b/test/results/default/fuzz-2006-09-29-28586.pcap.out
index 89030b95d..b2f249c39 100644
--- a/test/results/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/default/fuzz-2006-09-29-28586.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1031854484481540}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1031854484481540}
 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854484481540,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540}
 00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484481540,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854484481558,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854484481558,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -216,7 +216,7 @@
 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562321743,"flow_src_last_pkt_time":1031854562321743,"flow_dst_last_pkt_time":1031854562321743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1031854568982740}
+00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1031854568982740}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 131/123
 ~~ skipped flows.............: 0
@@ -225,8 +225,8 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5597142 bytes
-~~ total memory freed........: 5597142 bytes
+~~ total memory allocated....: 5597774 bytes
+~~ total memory freed........: 5597774 bytes
 ~~ total allocations/frees...: 86441/86441
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 312 chars
diff --git a/test/results/default/fuzz-2020-02-16-11740.pcap.out b/test/results/default/fuzz-2020-02-16-11740.pcap.out
index 2a34f8fef..7bcbd85c6 100644
--- a/test/results/default/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/default/fuzz-2020-02-16-11740.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1528996067791491}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1528996067791491}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528996067791491,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -39,7 +39,7 @@
 01201{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996641548676,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996641548676,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_usec":1528996641548676,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1528996680540870}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1528996680540870}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996680808327,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996680808327,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528996680808327,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996684582288,"flow_src_last_pkt_time":1528996684582288,"flow_dst_last_pkt_time":1528996684582288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996684582288,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -187,7 +187,7 @@
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997105304205,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":5}
 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997109583874,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":5}
-00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1528997294157193}
+00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1528997294157193}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -398,7 +398,7 @@
 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":5}
-00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":243,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":401,"global_ts_usec":1528997988607022}
+00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":243,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":401,"global_ts_usec":1528997988607022}
 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997988838453,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453}
 00628{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997989240618,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618}
@@ -583,7 +583,7 @@
 01440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1528998585268788,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998585268788,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00329{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998585453134,"packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134}
 00731{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998585268788,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00660{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":586,"global_ts_usec":1528998601376404}
+00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":586,"global_ts_usec":1528998601376404}
 01468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998601376404,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWhAAP8RAAAKDEAexuIZNXIQBxQCxwAAAboCvwMeoZZ\/zB+Bk50RcisfPygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFDICQlXSVNQUjEwGgkAADghDQMwNwZbIqrJATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFDaXNjb4MGAAAAAR8TZjAtNzktdDAtZDEtN2QtMzceJTAwLWE3LTRVLWQwLWUwLTAwOlZlcml6b25XaUZpQWZjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDVjOWFhMjI1YiwgNWIyMmFhYzkvZjA6Nzk6bjA6ZDE6N2Q6MzcvMjQ0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAlAGNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6V2ANAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxrvAAA4IRQGAAABAhoMAFY4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS5kf6rm1Yn3hVOKVq3hvZUw=="}
 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998601561020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998601561020,"pkt":"ABRP+4rqcNuYVcUnCABFAADhEBRAAPwRQ7bG4hk1CgxAHgcUchAA7U+kC7oAxe81RNsNL9nkCabTe8sTdH4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0T0oBAgBIFwEAAAEFAAB93OZOPyN1g5mAaIFbRevEAgUAAM9K59M2sAAACew7QKwfR6iLAQACCwUAAO6YBGpcBLQq1zvE8qMpnJxQcQNtupIsEGf0aXWvBvX8yPY="}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998605741189,"flow_src_last_pkt_time":1528998605741189,"flow_dst_last_pkt_time":1528998605741189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998605741189,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -612,7 +612,7 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998585019610,"flow_src_last_pkt_time":1528998585019610,"flow_dst_last_pkt_time":1528998585019610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":5}
-00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":366,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1528998643334661}
+00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":366,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1528998643334661}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 366/301
 ~~ skipped flows.............: 0
@@ -621,8 +621,8 @@
 ~~ total active/idle flows...: 79/79
 ~~ total timeout flows.......: 13
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5676034 bytes
-~~ total memory freed........: 5676034 bytes
+~~ total memory allocated....: 5677306 bytes
+~~ total memory freed........: 5677306 bytes
 ~~ total allocations/frees...: 87016/87016
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 312 chars
diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
index 82562b8f3..76ac18e95 100644
--- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -1,10 +1,10 @@
-00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1953631155595384}
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1953631155595384}
 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384}
 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
 00331{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384}
 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1953631155595384}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1953631155595384}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/0
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 336 chars
-~~ json message max len.......: 653 chars
-~~ json message avg len.......: 494 chars
+~~ json message max len.......: 651 chars
+~~ json message avg len.......: 493 chars
diff --git a/test/results/default/fuzz-2021-10-13.pcap.out b/test/results/default/fuzz-2021-10-13.pcap.out
index 3a4682eab..00819ec53 100644
--- a/test/results/default/fuzz-2021-10-13.pcap.out
+++ b/test/results/default/fuzz-2021-10-13.pcap.out
@@ -1,8 +1,8 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":980658803882137}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":980658803882137}
 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":980658803882137,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137}
 00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":524501,"pkt_l4_len":0,"thread_ts_usec":980658803882137,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":980658803882137}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":980658803882137}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/0
 ~~ skipped flows.............: 0
@@ -11,10 +11,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 318 chars
-~~ json message max len.......: 641 chars
-~~ json message avg len.......: 474 chars
+~~ json message max len.......: 639 chars
+~~ json message avg len.......: 473 chars
diff --git a/test/results/default/gaijin_mobile_mixed.pcap.out b/test/results/default/gaijin_mobile_mixed.pcap.out
index 47e1401fc..290094fc3 100644
--- a/test/results/default/gaijin_mobile_mixed.pcap.out
+++ b/test/results/default/gaijin_mobile_mixed.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707397560481026}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707397560481026}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560481026,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560481026,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707397560481026,"pkt":"RQAAPHqEQABABuuOCtetATZL5oW6MgG7Ussu4gAAAACgAv\/\/aUMAAAIEJugEAggKhDYnDAAAAAABAwMJ"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707397560481026,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707397560552997,"pkt":"RQAAMAAAQABABmYfNkvmhQrXrQEBu7oyd+t361LLLuNwEgQAVL8AAAIEJugDAwkA"}
@@ -8,7 +8,7 @@
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":45,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":45,"pkt_l4_len":25,"thread_ts_usec":1707397560555930,"pkt":"RQAALXqHQABABuuaCtetATZL5oW6MgG7Ussw43frd+xQGACAqyoAAAAAAAAA"}
 01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560552997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707397560555930,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_10734c531abe","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 01555{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707397560621636,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"yupmaster.gaijinent.com","tls": {"version":"TLSv1.2","server_names":"*.gaijinent.com,gaijinent.com","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t13d3113ht_e8f1e7e78f70_10734c531abe","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"CN=*.gaijinent.com","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"27:23:37:24:85:95:B7:8F:75:BE:79:18:DF:DC:11:D8:04:F7:1E:A2"}}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1707398512218954}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1707398512218954}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512218954,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512218954,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707398512218954,"pkt":"RQAAPJK6QABABn9ZCtetAVGrHyWZkgG7j0wUqAAAAACgAv\/\/CrsAAAIEJugEAggKawZJHgAAAAABAwMJ"}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1707398512218954,"flow_dst_last_pkt_time":1707398512264128,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707398512264128,"pkt":"RQAAMAAAQABABhIgUasfJQrXrQEBu5mSd+t3649MFKlwEgQA\/xgAAAIEJugDAwkA"}
@@ -27,7 +27,7 @@
 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1707398512218954,"flow_src_last_pkt_time":1707398512264512,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":4168,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":4168,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"81.171.31.37","src_port":39314,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1707397560481026,"flow_src_last_pkt_time":1707397560555930,"flow_dst_last_pkt_time":1707397560621636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4128,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4128,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"54.75.230.133","src_port":47666,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GaijinEntertainment","proto_id":"91.396","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707398512312802,"flow_src_last_pkt_time":1707398512312802,"flow_dst_last_pkt_time":1707398512312802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":134,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":697,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707398512312802,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"95.211.246.178","src_port":42424,"dst_port":20011,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1707398512312802}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/gaijin_mobile_mixed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":9838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1707398512312802}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 18/18
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5519640 bytes
-~~ total memory freed........: 5519640 bytes
+~~ total memory allocated....: 5519696 bytes
+~~ total memory freed........: 5519696 bytes
 ~~ total allocations/frees...: 85917/85917
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 525 chars
diff --git a/test/results/default/gaijin_warthunder.pcap.out b/test/results/default/gaijin_warthunder.pcap.out
index a12020b99..4bb611786 100644
--- a/test/results/default/gaijin_warthunder.pcap.out
+++ b/test/results/default/gaijin_warthunder.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707407475013359}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707407475013359}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1707407475013359,"pkt":"SKmKCiNt8C90rUP1CABFAABQKIpAAEARKY3AqFjnuf0U+ZBBTjUAPOjTj\/8AAYL\/AAEAAP\/\/AAAEsAABAAAAAAD\/AAAAAAAAAAAAABOIAAAAAAAAAACWmQpEACYAAA=="}
 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475013359,"flow_dst_last_pkt_time":1707407475013359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475013359,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -16,7 +16,7 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1707407475059508,"pkt":"SKmKCiNt8C90rUP1CABFAACjTw5AAEAReybAqFjnX9P2spHVTisAj3C2ZGxkYXRhLmxvYWRfZGVjYWxzX2lkeF9vayxlbnY9cHJvZHVjdGlvbixjaXJjdWl0PXByb2R1Y3Rpb24sYXBwbGljYXRpb249Y2xpZW50LHByb2plY3Q9d2FydGh1bmRlcixwbGF0Zm9ybT1saW51eDY0LGhvc3Q9aG9zdF9jbGllbnQ6MXxj"}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1707407475059508,"flow_src_last_pkt_time":1707407475059508,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":178,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"95.211.246.178","src_port":37333,"dst_port":20011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1707407475013359,"flow_src_last_pkt_time":1707407475043572,"flow_dst_last_pkt_time":1707407475059508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1707407475059508,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.253.20.249","src_port":36929,"dst_port":20021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GaijinEntertainment","proto_id":"396","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1707407475059508}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/gaijin_warthunder.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1707407475059508}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500435 bytes
-~~ total memory freed........: 5500435 bytes
+~~ total memory allocated....: 5500475 bytes
+~~ total memory freed........: 5500475 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/gearman.pcap.out b/test/results/default/gearman.pcap.out
index 07d90f0bb..15d7d3105 100644
--- a/test/results/default/gearman.pcap.out
+++ b/test/results/default/gearman.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278690518812160}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278690518812160}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518812160,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812160,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BL9AAIAG1DLAqFABwKhQgFttEnpztNRBAAAAAIACgAAXaAAAAgQFtAEDAwABAQQC"}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1278690518812160,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518812898,"pkt":"AFBWwAAIAAwpVzzvCABFAAA0AABAAEAGGPLAqFCAwKhQARJ6W23kPUpKc7TUQoASFtBR+wAAAgQFtAEBBAIBAwME"}
@@ -8,7 +8,7 @@
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518813921,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278690518813921,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518812898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1278690518814263,"pkt":"AAwpVzzvAFBWwAAICABFAAA0BMJAAIAG1C\/AqFABwKhQgFttEnpztNRQ5D1KS1AYgADjywAAAFJFUQAAAAkAAAAA"}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1278690518812160,"flow_src_last_pkt_time":1278690518814263,"flow_dst_last_pkt_time":1278690518815728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1278690518815728,"l3_proto":"ip4","src_ip":"192.168.80.1","dst_ip":"192.168.80.128","src_port":23405,"dst_port":4730,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Gearman","proto_id":"394","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1278690518815728}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/gearman.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":38,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1278690518815728}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498205 bytes
-~~ total memory freed........: 5498205 bytes
+~~ total memory allocated....: 5498229 bytes
+~~ total memory freed........: 5498229 bytes
 ~~ total allocations/frees...: 85868/85868
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/geforcenow.pcapng.out b/test/results/default/geforcenow.pcapng.out
index 5c2298065..b0a4f3bb5 100644
--- a/test/results/default/geforcenow.pcapng.out
+++ b/test/results/default/geforcenow.pcapng.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684671871380890}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684671871380890}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871380890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871380890,"pkt":"ILAB4IZiNObXAhsnCABFAAA8bnNAAEAGEYnAqAH1UFSnzuCSv8zOL1q0AAAAAKAC+vC67gAAAgQFtAQCCAp\/iNNhAAAAAAEDAwc="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871422093,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAC4GkfxQVKfOwKgB9b\/M4JLTvM+Mzi9ataAS\/ojy\/AAAAgQFtAQCCAq2cyW7f4jTYQEDAwo="}
@@ -24,7 +24,7 @@
 02411{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671872718418,"flow_dst_last_pkt_time":1684671871771400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":6969,"flow_dst_tot_l4_payload_len":38102,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":108,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1684671872745627}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":108,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1684671872745627}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 108/108
 ~~ skipped flows.............: 0
@@ -33,8 +33,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5567600 bytes
-~~ total memory freed........: 5567600 bytes
+~~ total memory allocated....: 5567640 bytes
+~~ total memory freed........: 5567640 bytes
 ~~ total allocations/frees...: 85999/85999
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/genshin-impact.pcap.out b/test/results/default/genshin-impact.pcap.out
index d44daa4d5..1fedb1a26 100644
--- a/test/results/default/genshin-impact.pcap.out
+++ b/test/results/default/genshin-impact.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1615497372822667}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1615497372822667}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1615497372822667,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -7,7 +7,7 @@
 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372843789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1615497372883763,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1615497372914092,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1615497372922682,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1615497372922682,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+mEAAD8R\/vzAqAJkL\/WPVeWOVlUAJJKtMhgDABWiDTpSAAAB3qQlIwAAAAABAAAAAAAAAA=="}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1617969465739661}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1617969465739661}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1617969465739661,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="}
 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -16,7 +16,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969465822356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1617969465822356,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="}
 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969466442121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1617969466442121,"pkt":"YDjgxTWgeJS0JASgCABFAADDnBFAADcRCqEv\/qltwKgCZFZW5wkAr58vrCICAM3EmrpRAAABP8x+tgAAAAABAAAAiwAAAOjKqWVw7UqL9cV3tYWQZx8+3lVfAt\/cHNmWKr5HDFui7AF186oJD92EHtODJcp3zBYr48tD1h1Wy1znPkPfrQyOdDY0xX4woCkAFe\/M0qGOOXqx5KQ032vvPu3M8qe6WA1GLKlWVI5iU9E1q9MYvSH7QLzYypooMZ9tX0Ab4QCSgJ54yulHLEquC+U="}
 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497374420722,"flow_dst_last_pkt_time":1615497374454886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":1181,"flow_src_tot_l4_payload_len":1075,"flow_dst_tot_l4_payload_len":3232,"midstream":0,"thread_ts_usec":1617969467485845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1618759616491441}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1618759616491441}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1618759616491441,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -25,7 +25,7 @@
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1618759616572945,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1618759616601044,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1618759616612938,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1618759616612938,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/jQAAD8Ra+TAqAJkCNFFv81fVlUAJJbpXPECABn4gxJSAAABTIiX5QAAAAABAAAAAAAAAA=="}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969467485845,"flow_dst_last_pkt_time":1617969467482889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":298,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1618759618761347,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1650541441246000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1650541441246000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441246000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650541441246000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650541441413000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"}
@@ -34,7 +34,7 @@
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441582000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650541441582000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo12pAAC4GwnMxM76ywKgCZABQm44lLXPZ2CsUVlAQHFK\/KQAAAAAAAAAA"}
 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759618715293,"flow_dst_last_pkt_time":1618759618761347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":1681,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1650541441932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1650813582412000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1650813582412000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582412000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650813582412000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650813582583000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"}
@@ -43,7 +43,7 @@
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582759000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650813582759000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoY7JAAC4GPzYxM7WowKgCZABQmwaucKQiYOcydFAQHFJoVQAAAAAAAAAA"}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441932000,"flow_dst_last_pkt_time":1650541441930000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1650813583121000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655043605088000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655043605088000}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043605088000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043605088000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605260000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043605260000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"}
@@ -53,7 +53,7 @@
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655043605265000,"flow_dst_last_pkt_time":1655043605436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043605436000,"pkt":"YDjgxTWgeJS0JASgCABFAAAocDRAAC4GMrQxM7WowKgCZCccsL7ZMHkhqfpkUlAQHFKxIAAAAAAAAAAA"}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605840000,"flow_dst_last_pkt_time":1655043606011000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813583121000,"flow_dst_last_pkt_time":1650813583117000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1821,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1655043606011000}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1655043606011000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 90/90
 ~~ skipped flows.............: 0
@@ -62,8 +62,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517587 bytes
-~~ total memory freed........: 5517587 bytes
+~~ total memory allocated....: 5517691 bytes
+~~ total memory freed........: 5517691 bytes
 ~~ total allocations/frees...: 86008/86008
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/git.pcap.out b/test/results/default/git.pcap.out
index 055f88824..7f3e545fd 100644
--- a/test/results/default/git.pcap.out
+++ b/test/results/default/git.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460821630164056}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460821630164056}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460821630164056,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630164056,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630221958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630221958,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
@@ -9,7 +9,7 @@
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1460821630222080,"flow_dst_last_pkt_time":1460821630278031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1460821630278031,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J+9AAC8GdikFmecVwKgATSTKu3dqwE5WfoYLioAQAHLGLwAAAQEICiuNabkBp0gh"}
 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630544728,"flow_dst_last_pkt_time":1460821630545903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":19825,"midstream":0,"thread_ts_usec":1460821630545903,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":24597.4,"max":99851,"stddev":28614.0,"var":818762240.0,"ent":3.8,"data": [57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651]},"pktlen": {"min":52,"avg":690.9,"max":2932,"stddev":773.9,"var":598945.8,"ent":4.1,"data": [60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1],"entropies": [4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":49,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821631220936,"flow_dst_last_pkt_time":1460821631269756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":67444,"midstream":0,"thread_ts_usec":1460821631269756,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1460821631269756}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1460821631269756}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 90/90
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500583 bytes
-~~ total memory freed........: 5500583 bytes
+~~ total memory allocated....: 5500607 bytes
+~~ total memory freed........: 5500607 bytes
 ~~ total allocations/frees...: 85950/85950
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/gnutella.pcap.out b/test/results/default/gnutella.pcap.out
index b8ff9a3bf..15d2026e0 100644
--- a/test/results/default/gnutella.pcap.out
+++ b/test/results/default/gnutella.pcap.out
@@ -1,4 +1,4 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00269{"error_event_id":4,"error_event_name":"Packet too short","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":22,"packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22}
 00278{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":22,"pkt":"AAAAAA=="}
 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":9752391,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
@@ -1517,8 +1517,8 @@
 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":115369554,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115369554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":115369554,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115369554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":115369554,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ticAAIARadEKAAIPDsj\/5XAJkMIAJDeaLGAxAs8iaaH\/Df9W3JltAwABAAUAAADDglFLQA=="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":115369554,"flow_dst_last_pkt_time":115702290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":115702290,"pkt":"CAAn5uVZUlQAEjUCCABFAABKBegAAEARWf8OyP\/lCgACD5DCcAkANl\/hLGAxAs8iaaH\/Df9W3JltAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="}
-01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":116164038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":794,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":794,"midstream":0,"thread_ts_usec":116164038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}}
-01523{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1990,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":116336924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":806,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":116336924,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}}
+01654{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930255,"flow_src_last_pkt_time":115040547,"flow_dst_last_pkt_time":116164038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":794,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":794,"midstream":0,"thread_ts_usec":116164038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"69.118.162.229","http": {"url":"69.118.162.229:46906\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}}
+01651{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1990,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":114930776,"flow_src_last_pkt_time":115127909,"flow_dst_last_pkt_time":116336924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":806,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":116336924,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media","hostname":"189.147.72.83","http": {"url":"189.147.72.83:26108\/uri-res\/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI","code":206,"content_type":"audio\/mpeg","user_agent":"gtk-gnutella\/1.2.2 (2022-02-25; GTK2; Windows x64)"}}}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":5,"flow_src_last_pkt_time":116628818,"flow_dst_last_pkt_time":95911831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":116628818,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0cAAIARMnMKAAIPdvBFx3AJGMwAWboABjMxAj4wOckacH6ZjRVmWUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":116628965,"flow_src_last_pkt_time":116628965,"flow_dst_last_pkt_time":116628965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":116628965,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":116628965,"flow_dst_last_pkt_time":116628965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":116628965,"pkt":"UlQAEjUCCAAn5uVZCABFAABtIxgAAIARvpEKAAIPUAf8wHAJGugAWSw6p+kxAjYZLonacBdkV9ywAUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"}
@@ -6605,7 +6605,7 @@
 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3901,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599426218,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599426218,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3902,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_usec":599529292,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3903,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_usec":599747316,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":311,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6608,"global_ts_usec":600247140}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":311,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6608,"global_ts_usec":600247140}
 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
@@ -6668,7 +6668,7 @@
 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72267129,"flow_src_last_pkt_time":81278710,"flow_dst_last_pkt_time":72267129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72267129,"flow_src_last_pkt_time":81278710,"flow_dst_last_pkt_time":72267129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":599415510,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":772,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":772,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01329{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":114930255,"flow_src_last_pkt_time":116183701,"flow_dst_last_pkt_time":116183576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":5238,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
+01457{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":114930255,"flow_src_last_pkt_time":116183701,"flow_dst_last_pkt_time":116183576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":5238,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67094277,"flow_src_last_pkt_time":76122571,"flow_dst_last_pkt_time":67094277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67094277,"flow_src_last_pkt_time":76122571,"flow_dst_last_pkt_time":67094277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66078714,"flow_src_last_pkt_time":75077268,"flow_dst_last_pkt_time":66078714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -6817,7 +6817,7 @@
 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66079236,"flow_src_last_pkt_time":75108166,"flow_dst_last_pkt_time":66079236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66079236,"flow_src_last_pkt_time":75108166,"flow_dst_last_pkt_time":66079236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":153,"flow_dst_packets_processed":159,"flow_first_seen":88704875,"flow_src_last_pkt_time":593713091,"flow_dst_last_pkt_time":593712859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2615,"flow_dst_tot_l4_payload_len":16813,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
-01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":114930776,"flow_src_last_pkt_time":116342717,"flow_dst_last_pkt_time":116342552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":2552,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
+01456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":114930776,"flow_src_last_pkt_time":116342717,"flow_dst_last_pkt_time":116342552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":2552,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
@@ -6863,7 +6863,7 @@
 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":47,"flow_first_seen":71205609,"flow_src_last_pkt_time":593376712,"flow_dst_last_pkt_time":593376534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":5162,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01075{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":399,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":399,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3905/3882
 ~~ skipped flows.............: 0
@@ -6872,9 +6872,9 @@
 ~~ total active/idle flows...: 801/801
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7466288 bytes
-~~ total memory freed........: 7466288 bytes
-~~ total allocations/frees...: 98811/98811
+~~ total memory allocated....: 7479240 bytes
+~~ total memory freed........: 7479240 bytes
+~~ total allocations/frees...: 98813/98813
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 274 chars
 ~~ json message max len.......: 2354 chars
diff --git a/test/results/default/google_chat.pcapng.out b/test/results/default/google_chat.pcapng.out
index 9db173640..43438de6f 100644
--- a/test/results/default/google_chat.pcapng.out
+++ b/test/results/default/google_chat.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1704623922342164}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1704623922342164}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704623922342164,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922342164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922342164,"pkt":"SKmKCiNt8C90rUP1CABFAAA8Y99AAEAGLO7AqFjnjvsBZLRcAbvnTZHrAAAAAKACfXiqHQAAAgQFtAQCCAoK8tkcAAAAAAEDAwc="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1704623922342164,"flow_dst_last_pkt_time":1704623922362193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1704623922362193,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoGVs2O+wFkwKhY5wG7tFxjuRz6502R7KAS\/\/+xnQAAAgQFhAQCCAqcHrxfCvLZHAEDAwg="}
@@ -9,7 +9,7 @@
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1704623922383034,"pkt":"8C90rUP1SKmKCiNtCABFAAA0sD0AAHoG5peO+wFkwKhY5wG7tFxjuRz7502Ug4AQAQbccwAAAQEICpwevHQK8tkx"}
 01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"chat.google.com","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1704623922342164,"flow_src_last_pkt_time":1704623922362679,"flow_dst_last_pkt_time":1704623922383651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1704623922383651,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"142.251.1.100","src_port":46172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleChat","proto_id":"91.382","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1704623922383651}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/google_chat.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":3463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1704623922383651}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505072 bytes
-~~ total memory freed........: 5505072 bytes
+~~ total memory allocated....: 5505096 bytes
+~~ total memory freed........: 5505096 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/google_meet.pcapng.out b/test/results/default/google_meet.pcapng.out
index b3c4a3527..23ce4fd42 100644
--- a/test/results/default/google_meet.pcapng.out
+++ b/test/results/default/google_meet.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703652259039627}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703652259039627}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703652259039627,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259039627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259039627,"pkt":"SKmKCiNt8C90rUP1CABFAAA8yC9AAEAGYdXAqFjnrcJJZakEAbv5xd30AAAAAKACfXgQ5gAAAgQFtAQCCAoH2CG3AAAAAAEDAwc="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703652259039627,"flow_dst_last_pkt_time":1703652259056157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703652259056157,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAAHoG8AStwkllwKhY5wG7qQQhsMvn+cXd9aAS\/\/9kSwAAAgQFhAQCCAr2okLXB9ghtwEDAwg="}
@@ -17,7 +17,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259281787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1703652259281814,"pkt":"SKmKCiNt8C90rUP1CABFAABDWL5AAEAR0TTAqFjnrcJJZefpAbsALxD44wAAAAEI4xgnxg0H7jsAQBY\/UHCZ5amHNV483U22omo4yv0J4LBc"}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1703652259263021,"flow_src_last_pkt_time":1703652259281814,"flow_dst_last_pkt_time":1703652259298957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1289,"flow_dst_tot_l4_payload_len":5000,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":59369,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleMeet","proto_id":"188.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703652259039627,"flow_src_last_pkt_time":1703652259056259,"flow_dst_last_pkt_time":1703652259073582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":535,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":535,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1703652259298957,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"173.194.73.101","src_port":43268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMeet","proto_id":"91.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1703652259298957}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1703652259298957}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5519360 bytes
-~~ total memory freed........: 5519360 bytes
+~~ total memory allocated....: 5519400 bytes
+~~ total memory freed........: 5519400 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/google_ssl.pcap.out b/test/results/default/google_ssl.pcap.out
index 7926a94d7..d2e240386 100644
--- a/test/results/default/google_ssl.pcap.out
+++ b/test/results/default/google_ssl.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434443394683939}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434443394683939}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434443394683939,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1434443394683939,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394717671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434443394717671,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
@@ -8,7 +8,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434443394995795,"flow_dst_last_pkt_time":1434443395030206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1434443395030206,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAoeX0AADMGsbTYOtRkrB8D4AG7p1PuIxEUemdzaVAQp5QVigAAAAAAAAAA"}
 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00790{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1434443401353810}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1434443401353810}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 28/28
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500833 bytes
-~~ total memory freed........: 5500833 bytes
+~~ total memory allocated....: 5500857 bytes
+~~ total memory freed........: 5500857 bytes
 ~~ total allocations/frees...: 85889/85889
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/googledns_android10.pcap.out b/test/results/default/googledns_android10.pcap.out
index 4f5bc81de..80422177f 100644
--- a/test/results/default/googledns_android10.pcap.out
+++ b/test/results/default/googledns_android10.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592552824409182}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592552824409182}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552824409182,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824409182,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592552824632762,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824632762,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
@@ -74,7 +74,7 @@
 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553013061132,"flow_dst_last_pkt_time":1592553013091250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592553013091250,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":78,"avg":389623.4,"max":5703762,"stddev":1387530.2,"var":1925240193024.0,"ent":1.5,"data": [14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01130{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":65,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552996489587,"flow_dst_last_pkt_time":1592552996502369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":5210,"flow_dst_tot_l4_payload_len":14618,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":121,"flow_dst_packets_processed":120,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553079303170,"flow_dst_last_pkt_time":1592553079299653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":11059,"flow_dst_tot_l4_payload_len":37798,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1592553079303170}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1592553079303170}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 532/532
 ~~ skipped flows.............: 0
@@ -83,8 +83,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5564757 bytes
-~~ total memory freed........: 5564757 bytes
+~~ total memory allocated....: 5564893 bytes
+~~ total memory freed........: 5564893 bytes
 ~~ total allocations/frees...: 86540/86540
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/gquic.pcap.out b/test/results/default/gquic.pcap.out
index 4a5f59c97..476078c30 100644
--- a/test/results/default/gquic.pcap.out
+++ b/test/results/default/gquic.pcap.out
@@ -1,10 +1,10 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591876186378535}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591876186378535}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1591876186378535,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"}
 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","quic": {"user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64","quic_version":"Q050"}}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1591876186378535}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1591876186378535}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508373 bytes
-~~ total memory freed........: 5508373 bytes
+~~ total memory allocated....: 5508397 bytes
+~~ total memory freed........: 5508397 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 2348 chars
-~~ json message avg len.......: 1400 chars
+~~ json message avg len.......: 1399 chars
diff --git a/test/results/default/gquic_only_from_server.pcap.out b/test/results/default/gquic_only_from_server.pcap.out
index 8a3c346e4..16f330fa9 100644
--- a/test/results/default/gquic_only_from_server.pcap.out
+++ b/test/results/default/gquic_only_from_server.pcap.out
@@ -1,5 +1,5 @@
-00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251989197119}
+00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251989197119}
 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989197119,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4qFAglQtqrsDUxewFr5JIXeWAY6RF86CpAAQOlAQAGAKABAltSRUoABwAAAFNUSwA4AAAAU05PAGwAAABQUk9GbAEAAFNDRkfzAQAAUlJFSvcBAABTVFRM\/wEAAENSVP8bAgAAT7lEuqmgqtYH+ijEiKaPQIy+ZChskOUCQEOXCVQHODgEUDi4gK+Y2fknYCMPTuXF5o7P1p2Q09HWj67E\/GVB22m2zd3BwWxvWGnHbEMibFDsKh7Y\/Frv41cGn7hjXqEcbAsNpcVd7dzeyErmKzuNIO0vP5FIw0+Q18PdyZGT3x5dWqDzeh010yoNKDztLTRTGgLmFqmPSHrDGNj0ZjRIJ5YLMvzSsofddd\/pmSWWU\/br7MLE0U3uy5GheQ5rsuvfCxr\/3wS5OodpK\/U6uXoiWDCp\/9jJhgLW1RH8KH+AsqOcR83lhenQiRYYWJ7UcXeHR72CiYaDsMjStdV6yUsD2KUn3OuVTfPYSZOd0CfePbKnOIouDsGc7zpamsdSnCTdELRk5aZqs2Bks\/aS0+qcPSL+nMD5wTfTmv6hbPMmnqhE75+hj5BLcSaQVPfTdSHo82q2odiSmYlJ6syER6cP9lc6uWo6jxmhn29mPlNDRkcGAAAAQUVBRAgAAABTQ0lEGAAAAFBVQlM7AAAAS0VYUz8AAABPQklURwAAAEVYUFlPAAAAQUVTR0NDMjANAns7u4LJoHrRQPcY9PuYIAAA4D7eqlM679heUJOOpLBttHaQi+6STlpRUkjX5oqSpndDMjU1GjfRB2GCZa2q1+liAAAAAA0AAABUjOgAAAAAAAIjIdJ88ECivwIeTWKjZk57pwLCmOM1SIo0xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00983{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989197119,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989197119,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
@@ -8,7 +8,7 @@
 02362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgAAQABxEaKi1coHGgq9ekcBu+xsBU4fIQAFXUInh+Nj46SUAklw7faHf2lL9QCzuRO2td6KNKev\/JAr5eYL9lbo6W7jpopveWBQmWLK\/fr+P6D32bulPZ1TfPYQWzoAa9AwZxwvKH7I0RRXjumRndqUFv2dzEysBdzscsuwCtuQig8EBcrgyhirTLG5oXc4aw8zCyni5+Ov3z15t5jbII4zM9bYLybkdJyMYG4X3cMqIlfoPiOYEKKb3u7c3FpUt+feGrTXJ+OGCzmC9UwL6My0kVjrRblnPCYv18Vc27CawuoN6Hc7yzsZ5JDxa+vP6Mjhwi0kfo+Mhh57CRwmahnAvlT4gBXgrcZbKRC+SZbL7i\/YuEY+IpYnfadX27oIHnX1fWz\/V420PqUI7e95pehRMQZ6t6EHIhSwQQQsZAt3KoIErSCjrSeWoo2BmqsG3YQEYg1M0X55ZRl2L38k2ISSv34XlgzWOf3f+MddKHNUwyNXGc8KZppw8FF9qo9UTRB46k0OJypFH+fW92hUuO5vZdaM4zsIT66YcJBKGqNkD\/VBer\/jx5GJVGfplZHgYjiDI38PF8Bo4z89DoeXKcVEGPnQk6TZcCO0YZbjPEsApoYfIeVKzouW\/o3A9PYEjSEXi5EPMlZQs4pi5l+jJz31+mq0VAI5j2CT4vJoFQT8ilbKMSgYlqpHl7+qbW85929Fr436\/KEx1MrKk75ShODFrcxTxXvgg8NKYT6SPGNBWa7fHkd12VRwAmTSQFAGc2ZfMVD4sPtrL0PSqapPxeO\/S3HlmtTYXHaEZIETuHHfZS3qfkPtV6MK+OGOHZlzjaYR9qi4NxDwM+nSx3MusIV0GrwCounlN1Qf1XbGFqK27rbvFzhA6dgYSVf5Qmb9HT58ff3INYOVFOLwRdnBI0YDTKk+O6czdlW3XVUQ5s2GorzADWyzZTY7PbgEJIn7poFIn9uUVTp5UAJMqDLpblGRBUOCJVenp+CgORIPzH10Ws3e09dvA\/f\/bvHxBWpQalg425S5DVD6cL0yGLZPTUIi3Kcu+cJjnO1G5NQLzpSx7IWXxnSk86S71vtGsqOU86H4f\/ksGHQV9A8p6t\/poWk\/tBKOdID\/dEjW4bXAJT0H+2Q2schG601Imnywksf\/f8THazPOEcCN2dDDQuzs3BWJIFBXhX1cwBVWK2PrQ\/E\/TKr+5z9adr8icv2Hu0UuOj3nz7WVuDBmrb2spouZtb5jOxb\/vYtE3DwxmOOFHKlG7eYLzJTXnA2oyp2XLYqdMdvIxb+0Nmy\/CEpdguWPdvFdgjb4wl0RhMZU7u7Mp39Zxb5X2cDd9SYHS0jVLXqEPphDaT+6VxcXBI+2kSKRAuycjV0Dxcj+OYZhIl6N1iF07WojGOCnnA5474iE\/B4xwl4XNFqJbOV+IiDf\/Fqh4yrj1qYwsbNhv4zuatsKfNSjxxwMmSLEXcedHxAQNf3A9fwD64CRauPnxtI8iXLYEogGOjX3zJBMF6oy7VGxEyCVt1hG2PWmBSUd1cAlQjmvt\/sJRYwNZ21mlwvQwQDgg+wNUDTislkwZZQQWVtYeKParYH8R5n8GNqFUEZINDtWrJORbhfPNR4VFBGJ3HFWEGZ+SxpoCjgXNndSNTYutzd0ch7s0R42PRxraYQWA+oh5FuzNn3ijXwQcz3+yP0dh3FmlqeoDDo\/lRld4+VDSzS7EZWc5SE9QMSCUgpfoy340\/g6o1c3bJRphxcLTkH5d1sOp560ym7D6B2HPO9596qoMD4C6X2MxixEo8\/OduHV4aoXgwZG0mas4KjTiLp4QsrvbnTCJDdxp866IaotBQ=="}
 02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644251989260652,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1396,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1396,"pkt_l4_len":1358,"thread_ts_usec":1644251989260652,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAFYgACQABxEaKg1coHGgq9ekcBu+xsBU5w1QAHq\/m9vTr7O5IAzcdS9wk7Ddox7LZfFBxkY2AqLA6FdJac+irakSOuazN4u6hF1R+\/y2HQI+W+79jJkogrQXvngngx2k8dz0wx\/N3Epp4s2\/DhaDZbD7E8nnX2GV2f+ArjgYIr++2bCze927VDqUt6Y\/68rP90Dg5aiaouPSp1+ZMB+0priHJ21yHSthsfaaRWkLP8bV2MAUFf6i5R0YWAgrrRmAwwogiVZQe09Es154tnRchNEu98YkbAfLLvcPbpracl43kyDxfL+\/8jl\/gKgFzMYaHqP6XWb8PJMKxHtKpSfHFxOBwTV0XDOI75sw\/BZKR1W4z0Nsb4mdVi0sIFKhMB3fXrHgitYLfiaaoDrP9DeqAkU6dMZmBDCrMo5HdnJyEpOXJ1UbeQ7eYYxcanlqt8Fj\/Y3gwsRDKXE22Ok4hD9r52oj5au9bvsrCgT6XypMW5pRd6wjMO3QOua1tHWohCjg\/krUjbJarjnPYdrtoltjrSw\/C0+rFmBNxuxUNvwo0bHNhAf+8XyrjYG2JtluYIvbu1YwvVWMlBRk\/YVRI8e4XK\/ehJHdoci9motArqGvfVOjJ4i+2Gywd4FF2DaiGP6hAsLnVHdDNaiTRAYEyr2EIRLQgPZqDTaKDnMFicXzhGn+vl9g0GXP+fRolWnHkCpYK8mkbBruef4DpgBfyw1yiJrQ5biSh+7Txw1UNXcTvLRcH3SQ1wGFFsLAwlOqKq\/O18uxaWbuDNkf7Tutjjn3rQE76FKl6GoLaLKweX1GuQi8HIqoUAix35NM\/ju7+cTbahGDl2CxcErvOq6UNJPYSWobPEoX49OLRB0qtIyS\/wM2XFnQkNdQUCOBkzCMd0J01rLbY4Lr7s0iuVUr63CZDK1dgOwmVLXv61JXHWu4sT1tJ84McL3p\/\/k36EhzDX0MYq9JgXRber3t4ia2auuqfnTuTlnw\/kpFdbENgipApABNauXwGnbI+vQABkmrYVkjcMWAXcDTLz+aRlN1XeZuC13IkWEo7R3ty3KHiCMDYIay9tAIBcEFuUyFCrYhPNbCmDs+969TJUnuqMAyRDWqPCg8mIz8Okt9fcwEoVuiA44iMsYi5LYE9lXm16iKO8KPDjuRYtdBDd8EgpmnjfXDlKdurHbkfaeBwEaSVPWpmaqX0rxrsfFoo7fxpCPutb6bVmrXAfC6MSgWy9H+oW11QeAHTH+iZO+FqGj5bdQFbSu7QfMTLmw9nr093b3rzaHOYG5o54g3jVj1aZzWVb99OR9XQd3UCxHElmXwmfrvYQAVt4Eb97Q05XlEBP9cFasgBmlDsX4l1xr9Yp2xS3u81yyfr2ipR22A+06D8pe8rJ5E6Fs7Yhj\/aleRleF7Mu0+LDx4nFdkGwlrCw7laAkIOZfJW2bIKe+vV9WUQ3qA3aj+wmD7AYUslve3YPjBjGHUrs6Qu8tl\/d\/2eUGn5J4x8S3NMSQJtrnvl5hukCYgkNOvWZhd+iz4tenCYr9\/PG21ldnyflnyWr1zBHEzKnFkceryn\/\/t+CUSLFfvYY\/P\/J41LIrJ8d3PaSJJTdOuT8WyPs3mJe9AIJHowDSLwFWfKsLi\/VfBNzyT3POBy69MGQGwAKcfsb3uHjVmhSQpmhexTOAyMqbuowRQAwPDkotu5vUw\/9ez4kPcjsBfw5DSjmAd6Wso0OWTaLSpB\/ZI6im+FBMfwKlNfirWLGUYp+tN7x7zIzgQhKbgMusNCyPeL8tfUXei+VO8gqS5XXJQZsAhiqrHuYWyEiuverFKZLBXushLyqd1P2W0n5f+jWkfek4A=="}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251989197119,"flow_src_last_pkt_time":1644251989290808,"flow_dst_last_pkt_time":1644251989197119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251989290808,"l3_proto":"ip4","src_ip":"213.202.7.26","dst_ip":"10.189.122.71","src_port":443,"dst_port":60524,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1644251989290808}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/gquic_only_from_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":38360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1644251989290808}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498843 bytes
-~~ total memory freed........: 5498843 bytes
+~~ total memory allocated....: 5498867 bytes
+~~ total memory freed........: 5498867 bytes
 ~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 563 chars
diff --git a/test/results/default/gre.pcapng.out b/test/results/default/gre.pcapng.out
index 6b6716a2b..30dcf482b 100644
--- a/test/results/default/gre.pcapng.out
+++ b/test/results/default/gre.pcapng.out
@@ -1,10 +1,10 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483501349095788}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483501349095788}
 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5}
 00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
 00891{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1483501349095788}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1483501349095788}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 971 chars
-~~ json message avg len.......: 755 chars
+~~ json message avg len.......: 754 chars
diff --git a/test/results/default/gtp_c.pcap.out b/test/results/default/gtp_c.pcap.out
index 573c3634b..90c84c5ce 100644
--- a/test/results/default/gtp_c.pcap.out
+++ b/test/results/default/gtp_c.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614767558813421}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614767558813421}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1614767558813421,"pkt":"5kBKB+riApXG95NLCABFAAETmxkAAIARAAAKZQACCmYAAgQACEsA\/wAASCAA8wAAAABLVGIAAQAIAIlnRREiM0T1TAAGAJh2VBI0VksACAA0VniQEgEC81YADQAYmHZUEjSYdlQSNFZ4UwADAIlHVlIAAQAGTQACAAAAVwAJAIY1UpIECmUAAkcACQAIaW50ZXJuZXSAAAEAAGMAAQABTwAFAAEhFxcBfwABAAJIAAgAAAAnDwAAJw9JAAEABV0APQBJAAEABVQADQAhMQEJEMCoAQH\/\/\/8AVwAJAoQ1UpIFCmUAAlAAFgAYBwAAAAAAAAAAAAAAAAAAAAAAAAAAhAAHAAGsEGtxAAGEAAcBAawQa3IAAXIAAgAAAF8AAgAAAQ=="}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -7,7 +7,7 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558814579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1614767558814595,"pkt":"5kBKB+riApXG95NLCABFAAA+mxoAAIARAAAKZQACCmYAAgQACEsAKgAASCQAHjVSkgZLVGIASQABAAVWAA0AGJh2VBI0mHZUEjRWeA=="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1614767558815505,"pkt":"ApXG95NL5kBKB+riCABFAAAzmxIAAH8Ri9kKZgACCmUAAghLBAAAHwAASCUAEzVSkgRLVGIAAgACABAAAwABAAE="}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1614767558815505,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614767558815505}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614767558815505}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498089 bytes
-~~ total memory freed........: 5498089 bytes
+~~ total memory allocated....: 5498113 bytes
+~~ total memory freed........: 5498113 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/gtp_false_positive.pcapng.out b/test/results/default/gtp_false_positive.pcapng.out
index 5a4a7bee9..c49419a22 100644
--- a/test/results/default/gtp_false_positive.pcapng.out
+++ b/test/results/default/gtp_false_positive.pcapng.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638856441836839}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638856441836839}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856441836839,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856441836839,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638856442050829,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856442050829,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"}
@@ -7,19 +7,19 @@
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638856501912725,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501912725,"pkt":"AAAAAAAAAAEAm1OyCABFAABL0zoAAD8RtgQYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1638856511476253,"pkt":"AAAAAAAAAAEAm1OyCABFAABKCqAAAD8RfqAYASFCPjh66HJHDToANrRYLgAAAAIpAwDIADJepW\/TFLeVlbt0kwAAAAAAAAAAAAAAAAAAAAB\/vnSTfQEAAA=="}
 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856511476253,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1639664897536021}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1639664897536021}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1639664897536021,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="}
 01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1640630605457589}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1640630605457589}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1640630605457589,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="}
 01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1640630605457589}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1640630605457589}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -28,8 +28,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502520 bytes
-~~ total memory freed........: 5502520 bytes
+~~ total memory allocated....: 5502576 bytes
+~~ total memory freed........: 5502576 bytes
 ~~ total allocations/frees...: 85889/85889
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/gtp_prime.pcapng.out b/test/results/default/gtp_prime.pcapng.out
index 17c727302..f23a667a0 100644
--- a/test/results/default/gtp_prime.pcapng.out
+++ b/test/results/default/gtp_prime.pcapng.out
@@ -1,8 +1,8 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1424882324190538}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1424882324190538}
 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1424882324190538,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538}
 00699{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"thread_ts_usec":1424882324190538,"pkt":"tjL\/AAFBtij\/AAFBgQAAZIEAAGcIAEXAARYAAAAAPxEI+QoKNgEKCicK\/EQNOgEC27Eu8AD0AAR+AfwA7wEBHAYA6b9gggDkgAFggwgTACEAAAAA8KQGgAQKCjUBhQQHkAAAhwVlaHJwZIgC8SGpCKAGgAQBAAAGiwEBrIIAKjAogwIDSIQCA0iFAQKGCRUCJRY4RCsAAKkQgQEIhgEJhwNMS0CIA0xLQI0JFQIlFjgBKwAAjgErjwEAsCKkIAYOKwYBBAGyfwMBAkYEAQCBAQCiCzAJAgEBAgEBgQEOkgpBTFUtTk9ERTAxlAEBlQEAlwIBAJgBA54BA58iAQG\/JAaABAoKBgOfJQMTIBCfJgkVAiUWOAArAACfJwkVAiUWOEQrAACfKAQHkAAA"}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1424882324190538}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1424882324190538}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/0
 ~~ skipped flows.............: 0
@@ -11,8 +11,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 304 chars
diff --git a/test/results/default/h323-overflow.pcap.out b/test/results/default/h323-overflow.pcap.out
index 325ad01ea..9c60fed39 100644
--- a/test/results/default/h323-overflow.pcap.out
+++ b/test/results/default/h323-overflow.pcap.out
@@ -1,10 +1,10 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":946681200000000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500050 bytes
-~~ total memory freed........: 5500050 bytes
+~~ total memory allocated....: 5500074 bytes
+~~ total memory freed........: 5500074 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
 ~~ json message max len.......: 1078 chars
-~~ json message avg len.......: 784 chars
+~~ json message avg len.......: 783 chars
diff --git a/test/results/default/h323.pcap.out b/test/results/default/h323.pcap.out
index 35e8bfc6d..ff643089a 100644
--- a/test/results/default/h323.pcap.out
+++ b/test/results/default/h323.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1198747079978922}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1198747079978922}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1198747079978922,"pkt":"ABj+bZZlABMh8GpfCABFAABCx9cAAIART7MRAgB8EQIAoQfyBrcALv7LAiAAAAYACJFKAAQAEQIAfAfyIgCuAQA9AAEDAIXImlEggAMBQAA="}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747080010123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1198747080010123,"pkt":"ABMh8GpfABj+bZZlCABFAABviRAAAIARjk0RAgChEQIAfAa3B\/IAWwaKBIAAAAYACJFKAAQ+AE8AcABlAG4ASAAzADIAMwAgAEcAYQB0AGUAawBlAGUAcABlAHIAIABvAG4AIABtAGYAbwB0AHQAZQBrAGkAbgARAgChBrc="}
@@ -13,7 +13,7 @@
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1198747081402254,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747080556295,"flow_dst_last_pkt_time":1198747160184990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1198747081344407,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":46,"midstream":1,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1198747160184990}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1198747160184990}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -22,8 +22,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500493 bytes
-~~ total memory freed........: 5500493 bytes
+~~ total memory allocated....: 5500533 bytes
+~~ total memory freed........: 5500533 bytes
 ~~ total allocations/frees...: 85883/85883
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 561 chars
diff --git a/test/results/default/h323_tcp.pcap.out b/test/results/default/h323_tcp.pcap.out
index 46717394e..c4d72eed1 100644
--- a/test/results/default/h323_tcp.pcap.out
+++ b/test/results/default/h323_tcp.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1027664341627057}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1027664341627057}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1027664341627057,"flow_src_last_pkt_time":1027664341627057,"flow_dst_last_pkt_time":1027664341627057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1027664341627057,"l3_proto":"ip4","src_ip":"10.1.6.18","dst_ip":"10.1.3.143","src_port":1720,"dst_port":32803,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1027664341627057,"flow_dst_last_pkt_time":1027664341627057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1027664341627057,"pkt":"AAR2IiAXANBQEAFmCABFAAAwcyoAAEAG6fsKAQYSCgEDjwa4gCPda6+9y3ElYnASIABBlAAAAgQFtAEDAwA="}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1027664341627057,"flow_dst_last_pkt_time":1027664341627122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1027664341627122,"pkt":"ANBQEAFmAAR2IiAXCABFAAAopKpAAEAGeIMKAQOPCgEGEoAjBrjLcSVi3WuvvlAQFtB2iAAA"}
@@ -8,7 +8,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1027664341806699,"flow_dst_last_pkt_time":1027664341644134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1027664341806699,"pkt":"AAR2IiAXANBQEAFmCABFCAAocywAAEAG6fkKAQYSCgEDjwa4gCPda6++y3EmAlAQH2RtVAAAAAAAAAAA"}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1027664341866798,"flow_dst_last_pkt_time":1027664341644134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1027664341866798,"pkt":"AAR2IiAXANBQEAFmCABFCABocy4AAEAG6bcKAQYSCgEDjwa4gCPda6++y3EmAlAYIAChxgAAAwAAQAgC9\/QCfgA0BSGABgAIkUoAAyLAAAAAAAMzMTBpAFIA8MARAMD++T7NntYRmrIABHYiIBcBAAEACIABAA=="}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1027664341627057,"flow_src_last_pkt_time":1027664342671881,"flow_dst_last_pkt_time":1027664342671930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":97,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1027664342671930,"l3_proto":"ip4","src_ip":"10.1.6.18","dst_ip":"10.1.3.143","src_port":1720,"dst_port":32803,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1027664342671930}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/h323_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1027664342671930}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498263 bytes
-~~ total memory freed........: 5498263 bytes
+~~ total memory allocated....: 5498287 bytes
+~~ total memory freed........: 5498287 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/haproxy.pcap.out b/test/results/default/haproxy.pcap.out
index bf1dd19ed..77b786d92 100644
--- a/test/results/default/haproxy.pcap.out
+++ b/test/results/default/haproxy.pcap.out
@@ -1,10 +1,10 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687864379191181}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687864379191181}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1687864379191181,"pkt":"+hY+jaKQ+hY+\/yO1CABFAAFpvu5AAD8GAgoBAQEBAgICAr12Abu3rOLhYNsr0IAYAebcfgAAAQEICj6dk6a+omhcUFJPWFkgVENQNCAxMS4xMTEuMTEuMTExIDIyMi4yMjIuMjIyLjIyIDUyMTc2IDQ0Mw0KFgMBAP0BAAD5AwNlfFlZ28HZabWEzRLxYxkQw8ZEWOpFUKuCCl2ET+sPiyCZoEcV\/EP3q9ibNr\/\/S8YKnRMNZ3pfRaKXBGknrdMLPAAkEwETAhMDwC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAjAAAABgAFgAAE2FhYWFhYWFhYWFhYWFhYWEueHgAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIC9wHtbeNV7Yhsp5eQYXtT7TM0R+9NA5\/A60gExAg7ZMAC0AAgEBACsABQQDBAMD"}
 00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1687864379191181}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1687864379191181}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500050 bytes
-~~ total memory freed........: 5500050 bytes
+~~ total memory allocated....: 5500074 bytes
+~~ total memory freed........: 5500074 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 967 chars
-~~ json message avg len.......: 754 chars
+~~ json message avg len.......: 753 chars
diff --git a/test/results/default/hart_ip.pcap.out b/test/results/default/hart_ip.pcap.out
index cdc663492..1f94c5c58 100644
--- a/test/results/default/hart_ip.pcap.out
+++ b/test/results/default/hart_ip.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332169969950823}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332169969950823}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1332169969950823,"pkt":"ACYWAADSAAwpUKn8CABFAAApAABAAEARuQTAqABlwKgACsLxE+YAFXSoAQAAAAACAA0BAAB1MA=="}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332169969950823,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -21,7 +21,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332169969950823,"flow_src_last_pkt_time":1332169969950823,"flow_dst_last_pkt_time":1332169969950823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49905,"dst_port":5094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1332169969956063,"flow_src_last_pkt_time":1332170004665691,"flow_dst_last_pkt_time":1332170004664457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":173,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.101","src_port":5095,"dst_port":49905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":14,"flow_first_seen":1332170006682110,"flow_src_last_pkt_time":1332170040778581,"flow_dst_last_pkt_time":1332170040778475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1332170040778581,"l3_proto":"ip4","src_ip":"192.168.0.101","dst_ip":"192.168.0.10","src_port":49559,"dst_port":5094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HART-IP","proto_id":"72","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":65,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1332170040778581}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hart_ip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":65,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1332170040778581}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 65/65
 ~~ skipped flows.............: 0
@@ -30,8 +30,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504202 bytes
-~~ total memory freed........: 5504202 bytes
+~~ total memory allocated....: 5504258 bytes
+~~ total memory freed........: 5504258 bytes
 ~~ total allocations/frees...: 85947/85947
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/heuristic_tcp_ack_payload.pcap.out b/test/results/default/heuristic_tcp_ack_payload.pcap.out
index 272d310a6..bf1faeb94 100644
--- a/test/results/default/heuristic_tcp_ack_payload.pcap.out
+++ b/test/results/default/heuristic_tcp_ack_payload.pcap.out
@@ -1,5 +1,5 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1681478090730262}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1681478090730262}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681478090730262,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090730262,"pkt":"QHGDrEAwoDafLnO8CABFAAA0UOtAAH0GbxHC4scVNBJ\/veMrAbsAeoaaAAAAAIAC+vDKXAAAAgQFtAEDAwgBAQQC"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090780521,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAAOkGU\/w0En+9wuLHFQG74yuLkuWcAHqGm4ASaQPrCQAAAgQFtAEBBAIBAwMI"}
@@ -7,7 +7,7 @@
 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1681478090781920,"pkt":"QHGDrEAwoDafLnO8CABFAAItUO1AAH0GbRbC4scVNBJ\/veMrAbsAeoabi5LlnVAYAgHa5QAAFgMBAgABAAH8AwO2b8k+LCOftweDZWjvdeyR90vCYVJRMgT0j8Pik75VmCBg6yWVhOtcb9ut7Hy59sTpKH6uJec\/kZz0GzKsEDEcaAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAbAAMCAAIAIwBp+6R1+qIJHZG7jowoeY3hRbjOQoOBSjubfpFQW9nxqfD0S5qRCzYtZk0T2UZ7jb\/+pwGkVmJwdmFtm3YHm6ODfcntPcAS93\/vLSJrkHutEM1HolLRM4QVmCnTlceE8Q\/R5iQVvIN9NJOjABIAAAALAAIBAAAKAAoACIqKAB0AFwAYADMAKwApiooAAQAAHQAg0bBrRvkzsBdk4f0tRyz\/mG183djoFkcSb2nq6iq3WmBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAFAAUBAAAAAAAtAAIBAQAXAAAAAAAQAA4AAAtiaXRyaXguaW5mbwANABIAEAQDCAQEAQUDCAUFAQgGBgEAKwAHBnp6AwQDA7q6AAEAABUAYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090832249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681478090832249,"pkt":"oDafLnO8QHGDrEAwCABFAAAuXV1AAOkG9qQ0En+9wuLHFQG74yuLkuWdAHqIoFAQAG6SZwAAAAAAAAAA"}
 01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1860474.4,"max":28647677,"stddev":7030273.0,"var":49424738811904.0,"ent":1.1,"data": [50259,51105,553,51728,128,0,97,51293,1354,0,1851,500,202,193,0,51721,0,48,140,50129,407,8135,0,8098,85064,28647677,19,62,28613926,13,0]},"pktlen": {"min":42,"avg":308.7,"max":2960,"stddev":576.0,"var":331721.9,"ent":3.6,"data": [52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]},"bins": {"c_to_s": [6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1],"entropies": [4.700937748,4.839770317,4.678030014,5.790879726,4.390829086,5.801830769,7.220153809,7.298819065,4.678030014,7.385129929,4.797285557,4.725648880,6.228291035,6.284518242,7.567343235,7.646277905,6.609186172,5.432500839,6.074527264,4.434307575,4.678030014,5.448187351,7.460664272,5.370555878,4.678030014,4.477785587,5.985470772,5.565127373,7.818080425,4.434307575,4.477785587,5.465760708]}}
-00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":64,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1681887368538349}
+00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":64,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1681887368538349}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887368538349,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368538349,"pkt":"QHGDrEAwoDafLnO8CABFAAA0sahAAEAGEuHC4sfiCPfifoU1AFBr1P3sAAAAAIAC+vAOnwAAAgQFtAEBBAIBAwMH"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368549865,"pkt":"oDafLnO8QHGDrEAwCABFAAA0+VoAADkGEi8I9+J+wuLH4gBQhTVLutKfa9T97YASpWRFuwAAAgQFtAEBBAIBAwMM"}
@@ -25,7 +25,7 @@
 01987{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7320.3,"max":29949,"stddev":11049.8,"var":122098208.0,"ent":3.5,"data": [24068,24393,353,24974,2405,0,38,27411,305,4695,29949,0,24556,1245,0,54,26487,9,288,44,25578,893,503,1582,287,1013,999,1290,1231,1003,1277]},"pktlen": {"min":42,"avg":672.8,"max":2864,"stddev":1000.3,"var":1000640.1,"ent":3.7,"data": [52,52,42,258,46,2088,2088,462,42,42,133,318,109,42,217,361,78,46,78,364,1452,42,1452,2864,42,42,2864,42,2864,42,2864,42]},"bins": {"c_to_s": [11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.585552692,5.017560482,4.686327934,5.680439472,4.505982876,7.413378239,7.563780785,7.408977032,4.733946800,4.686327934,5.833590031,7.044709682,5.829442978,4.715973377,6.852140903,7.372029781,5.280656338,4.505982876,5.229373932,7.303534985,7.876083851,4.582791805,7.885684490,7.924335957,4.733946800,4.781565666,7.928474426,4.781565666,7.931355953,4.781565666,7.921189308,4.638709068]}}
 00983{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1682070081976502}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1682070081976502}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070081976502,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081976502,"pkt":"QHGDrEAwoDafLnO8CABFAAA01rdAAH4G1SvC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081986323,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"}
@@ -54,7 +54,7 @@
 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":303,"packets-processed":303,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1682070140596749}
+00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":303,"packets-processed":303,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1682070140596749}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 303/303
 ~~ skipped flows.............: 0
@@ -63,8 +63,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529992 bytes
-~~ total memory freed........: 5529992 bytes
+~~ total memory allocated....: 5530096 bytes
+~~ total memory freed........: 5530096 bytes
 ~~ total allocations/frees...: 86227/86227
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/hislip.pcap.out b/test/results/default/hislip.pcap.out
index 71d769bb3..85db9f59c 100644
--- a/test/results/default/hislip.pcap.out
+++ b/test/results/default/hislip.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1395234992923478}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1395234992923478}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992923478,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923478,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0O7NAAIAGAAAKQAB\/CkAASMdtExCcmBGeAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923722,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RotAAIAGnvIKQABICkAAfxMQx23MdkTbnJgRn4ASIACfsgAAAgQFtAEDAwgBAQQC"}
@@ -36,7 +36,7 @@
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":16,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395235239784812,"flow_dst_last_pkt_time":1395235239784744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":20,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235237017565,"flow_dst_last_pkt_time":1395235237017484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":23,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235237016961,"flow_dst_last_pkt_time":1395235237016867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":313,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":184,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1395235239785411}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":184,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1395235239785411}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 184/184
 ~~ skipped flows.............: 0
@@ -45,8 +45,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509825 bytes
-~~ total memory freed........: 5509825 bytes
+~~ total memory allocated....: 5509897 bytes
+~~ total memory freed........: 5509897 bytes
 ~~ total allocations/frees...: 86077/86077
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/hl7.pcap.out b/test/results/default/hl7.pcap.out
index b500c3829..fc291f8b5 100644
--- a/test/results/default/hl7.pcap.out
+++ b/test/results/default/hl7.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517275422250397}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517275422250397}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422250397,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422250397,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422250397,"pkt":"CAAnHabCAAwptbZICABFAAA0emVAAIAGa0YKAACbCgAAfsBaGgVdWCFsAAAAAIACIADg0wAAAgQFtAEDAwgBAQQC"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1517275422250397,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1517275422251429,"pkt":"AAwptbZICAAnHabCCABFAAA0Xc5AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXRXVghbYASIAAVPwAAAgQFtAEDAwgBAQQC"}
@@ -8,7 +8,7 @@
 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422251429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1517275422252881,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1517275422252881,"flow_dst_last_pkt_time":1517275422273295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1517275422273295,"pkt":"AAwptbZICAAnHabCCABFAADQXc9AAIAGAAAKAAB+CgAAmxoFwFq\/ZRXSXVgjSlAYAQAV2wAAC01TSHxeflwmfFJFQ0VJVklOR19BUFBMSUNBVElPTnxSRUNFSVZJTkdfRkFDSUxJVFl8U0VORElOR19BUFBMSUNBVElPTnxTRU5ESU5HX0ZBQ0lMSVRZfDIwMTgwMTI5MTkyMzQyLjI0NXx8QUNLfDIwMTgwMTI5MTkyMzQyLjI0NXxQfDIuMw1NU0F8QUF8OTM0NTc2MTIwMTEwNjEzMDgzNjE3DRwN"}
 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1517275422250397,"flow_src_last_pkt_time":1517275422285397,"flow_dst_last_pkt_time":1517275422284848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":477,"flow_dst_max_l4_payload_len":168,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1517275422285397,"l3_proto":"ip4","src_ip":"10.0.0.155","dst_ip":"10.0.0.126","src_port":49242,"dst_port":6661,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HL7","proto_id":"380","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1517275422285397}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hl7.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1517275422285397}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500282 bytes
-~~ total memory freed........: 5500282 bytes
+~~ total memory allocated....: 5500306 bytes
+~~ total memory freed........: 5500306 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/hots.pcapng.out b/test/results/default/hots.pcapng.out
index 58d391629..23a1e497c 100644
--- a/test/results/default/hots.pcapng.out
+++ b/test/results/default/hots.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654637718943449}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654637718943449}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637718943449,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/EkAAIARAADAqABJGGk4DdVGDowAIBGZ5l00AJcnFPc\/largPjZAABq8Y7Mqyf2l"}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -9,7 +9,7 @@
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654637719137613,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637719137613,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/E0AAIARAADAqABJGGk4DdVGDowAIBGZ5l00AE+Qups7r8mPrXxAABrIY9cLO2D3"}
 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811243833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":540,"midstream":0,"thread_ts_usec":1654637811243833,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3612,"avg":2995064.8,"max":91418317,"stddev":16143814.0,"var":260622725939200.0,"ent":0.2,"data": [39885,24383,63734,66162,61944,34445,30828,61113,3612,33342,62853,57422,6903,91418317,63443,62525,36602,26359,63168,62882,63116,62919,63469,62673,63217,32441,30200,63038,62887,26082,37046]},"pktlen": {"min":48,"avg":54.9,"max":60,"stddev":5.0,"var":25.2,"ent":5.0,"data": [52,48,52,52,52,52,48,52,48,52,52,52,48,52,60,60,60,48,60,60,60,60,60,60,60,60,48,60,60,60,48,60]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.946224213,4.767892838,4.792377472,4.869300842,4.946224213,4.946224213,4.809559822,4.869300842,4.767892838,4.907762527,4.946224213,4.907762527,4.752166748,4.946224213,4.432916641,4.366249561,4.366250038,3.700824261,4.366250038,4.432916641,4.332916737,4.399583340,4.199582577,4.302914619,4.287001610,4.366250038,3.742490768,4.353668213,4.366249561,4.399583340,3.742490768,4.366249561]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654637811370381,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654783675054709}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654783675054709}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1654783675054709,"pkt":"HIcsX1wrXKbmnXAsCABFAAAwCHlAADMRLDMYaTm3wKgASQRfxbEAHHLGAAAAAAAAAAAAAAAAAABAAAnvZd4="}
 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -18,7 +18,7 @@
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1654783675117304,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675117304,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CIBAADMRK+YYaTm3wKgASQRfxbEAYiR2AAAAAAAAAAAAAAAAAABAAAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1654783675154334,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675154334,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CJ1AADMRK8kYaTm3wKgASQRfxbEAYiRmAAAAAAAAAAAAAAAAAABAEAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654783675999278,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1654785317878340}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1654785317878340}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1654785317878340,"pkt":"HIcsX1wrXKbmnXAsCABFAABvGAZAADMRHQ4YaTkQwKgASQ6MxbEAW4bbAAAAAAAAAAAAAAAAAABAAEsqg3hSe3s95phNudnvfQibOs38xR2pLkVG09Ss9ri5OJJni8tOOzlPJsNzb+raB889CpbXTuIgbs4COoyi16z\/8Gg="}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -29,7 +29,7 @@
 02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785318886180,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785318886180,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1113,"avg":32511.0,"max":62822,"stddev":18812.4,"var":353907232.0,"ent":4.7,"data": [31758,14744,16286,4737,58380,5040,58167,42440,20509,62822,16348,46993,45239,18003,62811,27060,19191,16374,50151,13098,1113,62335,31570,31017,31934,30736,13221,50259,34089,29278,62137]},"pktlen": {"min":48,"avg":105.5,"max":150,"stddev":33.5,"var":1124.4,"ent":4.9,"data": [111,111,48,132,132,103,103,121,121,103,109,109,103,48,150,109,109,48,109,48,150,150,146,48,129,48,138,138,121,48,123,109]},"bins": {"c_to_s": [7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.727404118,5.736169815,3.659157991,5.974259377,6.029637337,5.373315811,5.410210133,5.896153450,5.877972126,5.645791054,5.660812855,5.713362217,5.521955967,3.700824261,6.180423737,5.754983425,5.770836353,3.742490768,5.748058796,3.700824261,6.267391682,6.252244949,6.277539730,3.742491007,6.034878731,3.742490768,6.026935577,6.097950459,5.911030293,3.700824499,5.963339806,5.665075302]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675999278,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785319138383,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1654785319138383}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1654785319138383}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -38,8 +38,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505217 bytes
-~~ total memory freed........: 5505217 bytes
+~~ total memory allocated....: 5505273 bytes
+~~ total memory freed........: 5505273 bytes
 ~~ total allocations/frees...: 85982/85982
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/hpvirtgrp.pcap.out b/test/results/default/hpvirtgrp.pcap.out
index f7eee05fe..28e1275e5 100644
--- a/test/results/default/hpvirtgrp.pcap.out
+++ b/test/results/default/hpvirtgrp.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614852331255737}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614852331255737}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331255737,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614852331255737,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614852331284558,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
@@ -7,7 +7,7 @@
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614852331296153,"pkt":"eJS0JASgYDjgxTWgCABFAACs5ERAAD8GMYzAqAJkoCzCQrXqFGfdahKKAppmxVAY\/\/8HHQAAFgCEAKqIQmLfq0myi1Ms5EEjm+6cqoVS+bxA3bvOHHc5Gr2Pc4fCkAGOamMfQ3uS+B4J5cuhz68jJKVEgot70CvKeNsy83XzEd14C9vITFbQomfEQv2BBG44aXbDk7QFABdKzsf570s20zguGi2FIzxy4bDOl\/aEx4b8vTDa5Lopbwqr"}
 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331296153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331324408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614852331324408,"pkt":"YDjgxTWgeJS0JASgCABFAAAoPalAADQG46ugLMJCwKgCZBRnteoCmmbF3WoTDlAQchD0HgAAAAAAAAAA"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614861892925577}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614861892925577}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861892925577,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614861892925577,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892952589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614861892952589,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
@@ -23,7 +23,7 @@
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614861998769322,"pkt":"eJS0JASgYDjgxTWgCABFAACsbURAAD8GqIzAqAJkoCzCQue8FGe3KQNadGbIs1AY\/\/+TrQAAFgCEAAiEIm75Zy9VjUl+5IerSq31im9iiLiR7yC1EKTt3UZUDIvzmJzS8h4KLbNPThmQ1QigRVFIS+UyNjRfUWaAtxQmjZpmMmOXCehX0iRvSqjyAHMyTpdZ0ZK8tTSp4KvvS4Z8D9n4XXG7+pf9mkL4Vd7qfMcpPZN7co6napRCuwTA"}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861998769322,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998797954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614861998797954,"pkt":"YDjgxTWgeJS0JASgCABFAAAoFkhAADQGCw2gLMJCwKgCZBRn57x0ZsiztykD3lAQchAkAwAAAAAAAAAA"}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1614876808445263}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1614876808445263}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614876808445263,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614876808445263,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808474414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614876808474414,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
@@ -33,7 +33,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1614876811615624,"flow_dst_last_pkt_time":1614876811644558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614876811644558,"pkt":"YDjgxTWgeJS0JASgCABFAAAoo01AADQGfgegLMJCwKgCZBRn6hA0hHo6h+Mp3lAQchC5UAAAAAAAAAAA"}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861898114372,"flow_dst_last_pkt_time":1614861898108226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614862060685520,"flow_dst_last_pkt_time":1614862060713776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1614877863379823}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1614877863379823}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863379823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614877863379823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614877863406025,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
@@ -41,7 +41,7 @@
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614877863430508,"pkt":"eJS0JASgYDjgxTWgCABFAACsnQRAAD8GeMzAqAJkoCzCQpzYFGd4ZLUT\/nJevFAY\/\/9h2wAAFgCEAFeCoLQYkZVucFSlTilhAUO4J2Gc\/xNv4bSVAhSEOKUK9H1p9TyCs4HXw0uhyo2PPSWpxWiXGIKnoP1IQOXwjxvjoWs1kUpThTMlaAQYVgOcRiK1tZrmLAdDEfrq3WNHZxnudDyECwqpv67F1VqOqftf2asba7gyuRDMInsQPi\/4"}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863430508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863456632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614877863456632,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPZAADQGdF6gLMJCwKgCZBRnnNj+cl68eGS1l1AQchDb3QAAAAAAAAAA"}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1614880256676767}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1614880256676767}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256676767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614880256676767,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614880256703598,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
@@ -49,7 +49,7 @@
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614880256732594,"pkt":"eJS0JASgYDjgxTWgCABFAACs7gVAAD8GJ8vAqAJkoCzCQosyFGf2oDFfiaoPnFAY\/\/8f0QAAFgCEAJPbSCaIgYJAv72t6+9wMSbhbGCpMIHq4QEiFn9cVpoUpAzAhIkL4Drs1AaCxzLUFgA09j+Bl+RpSUp6DtaLWuhIO9Gnvu5XUzJAq3+jgAYYgyeP7mDgv3z04Kw3cGmW8nIjjnTadh4CWlfCP+aNEWF\/psIZrRbRsmwZNT1hV3yi"}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256732594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256758583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614880256758583,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIFAADQGqNOgLMJCwKgCZBRnizKJqg+c9qAx41AQchC25AAAAAAAAAAA"}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1614892184461059}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1614892184461059}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614892184461059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184461059,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1614892184487051,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184487051,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
@@ -60,7 +60,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876926772711,"flow_dst_last_pkt_time":1614876907442799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880490543211,"flow_dst_last_pkt_time":1614880490568599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877864310689,"flow_dst_last_pkt_time":1614877864559887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":621,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1614894888601792}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1614894888601792}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888601792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614894888601792,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614894888628926,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
@@ -68,7 +68,7 @@
 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614894888640676,"pkt":"eJS0JASgYDjgxTWgCABFAACsczhAAD8GopjAqAJkoCzCQqY4FGfLLz4Z1Us2RlAY\/\/9TSQAAFgCEALAY6sFBRYGCJimG0Yasbc4USwZsJQL+15UsYRSuD34UJT0hT\/I2HwIAh0S2LuxxZ9L1ox\/LsKTAy33IDcyC7gG8qaAvQ8rXlqULmrLWq5FGmibZ+6UKLMjpqZv1GBBNOyGaMw5A5AWqgUlWQ\/HDmuJLLH3YYviE23k6BUVyxAi7"}
 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888640676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888667157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614894888667157,"pkt":"YDjgxTWgeJS0JASgCABFAAAojUpAADQGlAqgLMJCwKgCZBRnpjjVSzZGyy8+nVAQchBISgAAAAAAAAAA"}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1614898090218683}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1614898090218683}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614898090218683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614898090218683,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090245916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614898090245916,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
@@ -79,7 +79,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614895277741473,"flow_dst_last_pkt_time":1614895277767885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898324146735,"flow_dst_last_pkt_time":1614898324173693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892314018583,"flow_dst_last_pkt_time":1614892314046506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1614898324173693}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1614898324173693}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 135/135
 ~~ skipped flows.............: 0
@@ -88,8 +88,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5537724 bytes
-~~ total memory freed........: 5537724 bytes
+~~ total memory allocated....: 5537876 bytes
+~~ total memory freed........: 5537876 bytes
 ~~ total allocations/frees...: 86093/86093
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out
index 905340431..b0b8ce030 100644
--- a/test/results/default/hsrp0.pcap.out
+++ b/test/results/default/hsrp0.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1126551970888102}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1126551970888102}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -16,7 +16,7 @@
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1126551971931931}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1126551971931931}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504493 bytes
-~~ total memory freed........: 5504493 bytes
+~~ total memory allocated....: 5504565 bytes
+~~ total memory freed........: 5504565 bytes
 ~~ total allocations/frees...: 85893/85893
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/hsrp2.pcap.out b/test/results/default/hsrp2.pcap.out
index de2869436..6021619ed 100644
--- a/test/results/default/hsrp2.pcap.out
+++ b/test/results/default/hsrp2.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643795481192281}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643795481192281}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643795481192281,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643795481220314}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643795481220314}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500147 bytes
-~~ total memory freed........: 5500147 bytes
+~~ total memory allocated....: 5500187 bytes
+~~ total memory freed........: 5500187 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 966 chars
-~~ json message avg len.......: 762 chars
+~~ json message avg len.......: 761 chars
diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out
index f53c1a249..46966541b 100644
--- a/test/results/default/hsrp2_ipv6.pcapng.out
+++ b/test/results/default/hsrp2_ipv6.pcapng.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589369101819741}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589369101819741}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"}
 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -20,7 +20,7 @@
 01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1589369240383629}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1589369240383629}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 36/36
 ~~ skipped flows.............: 0
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501133 bytes
-~~ total memory freed........: 5501133 bytes
+~~ total memory allocated....: 5501173 bytes
+~~ total memory freed........: 5501173 bytes
 ~~ total allocations/frees...: 85905/85905
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 560 chars
diff --git a/test/results/default/http-crash-content-disposition.pcap.out b/test/results/default/http-crash-content-disposition.pcap.out
index 6f1d0d769..19e423295 100644
--- a/test/results/default/http-crash-content-disposition.pcap.out
+++ b/test/results/default/http-crash-content-disposition.pcap.out
@@ -1,5 +1,5 @@
-00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492518365663977}
+00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492518365663977}
 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365663977,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365663977,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365767814,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"}
@@ -8,7 +8,7 @@
 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365809063,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh","http": {"url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"text\/plain"}}}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":99,"pkt_l4_len":79,"thread_ts_usec":1492518365809375,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365968183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":2369,"midstream":0,"thread_ts_usec":1492518365968183,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492518365968183}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492518365968183}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498384 bytes
-~~ total memory freed........: 5498384 bytes
+~~ total memory allocated....: 5498408 bytes
+~~ total memory freed........: 5498408 bytes
 ~~ total allocations/frees...: 85876/85876
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/http-lines-split.pcap.out b/test/results/default/http-lines-split.pcap.out
index a67d825fa..ee283d6bf 100644
--- a/test/results/default/http-lines-split.pcap.out
+++ b/test/results/default/http-lines-split.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593713340401681}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593713340401681}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340401681,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401681,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401724,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401724,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
@@ -9,7 +9,7 @@
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593713340402042,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1593713340402061,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVdAALIGChPAqAAUwKgAAXppmUT8ca\/BK6JZ2FAQAfaBgAAA"}
 01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340402236,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340402236,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan","http": {"url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":"uclient-fetch"}}}
 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340404575,"flow_dst_last_pkt_time":1593713340404597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":1632,"midstream":0,"thread_ts_usec":1593713340404597,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1593713340404597}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1593713340404597}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498437 bytes
-~~ total memory freed........: 5498437 bytes
+~~ total memory allocated....: 5498461 bytes
+~~ total memory freed........: 5498461 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/http-manipulated.pcap.out b/test/results/default/http-manipulated.pcap.out
index 1df985e25..8099e456c 100644
--- a/test/results/default/http-manipulated.pcap.out
+++ b/test/results/default/http-manipulated.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946727901369326}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946727901369326}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369326,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369326,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369648,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"}
@@ -7,7 +7,7 @@
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":946727901369701,"pkt":"0h+5iIqPABjzZLGICABFAAB0umtAAI8Gr6zAqAAUwKgAB4NgH5BugXMfildOJFAYAfaB0gAAR0VUIC8gSFRUUC8xLjENCmhPc1Q6d3d3dy5sYW46ODA4MA0KVXNlci1BZ2VudDogY3VybC83LjY0LjANCkFjY2VwdDogKi8qDQoNCg=="}
 01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369701,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan","http": {"url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946727901369854,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoC+pAAEAGrXrAqAAHwKgAFB+Qg2CKV04kboFza1AQA+vNJAAAAAAAAAAA"}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":946729142063151}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":946729142063151}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946729142063151,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063151,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063378,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"}
@@ -17,7 +17,7 @@
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946729142063498,"flow_dst_last_pkt_time":946729142063714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946729142063714,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoDhZAAEAGq07AqAAHwKgAFB+Qg5SNfRmcETdutlAQA+pgUwAAAAAAAAAA"}
 01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901370537,"flow_dst_last_pkt_time":946727901370531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":577,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142137542,"flow_dst_last_pkt_time":946729142137586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":5840,"flow_src_tot_l4_payload_len":721,"flow_dst_tot_l4_payload_len":41457,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":946729142137586}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":946729142137586}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 40/40
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501550 bytes
-~~ total memory freed........: 5501550 bytes
+~~ total memory allocated....: 5501590 bytes
+~~ total memory freed........: 5501590 bytes
 ~~ total allocations/frees...: 85922/85922
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/http-proxy.pcapng.out b/test/results/default/http-proxy.pcapng.out
index fb5c05872..e2e129e58 100644
--- a/test/results/default/http-proxy.pcapng.out
+++ b/test/results/default/http-proxy.pcapng.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631403550651097}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631403550651097}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550651097,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651097,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0dTpAAIAGAUDAqAFnwKgBkgTZH5Av6J9fAAAAAIAC+vD8JAAAAgQFtAEDAwgBAQQC"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651156,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBNkyQHzDL+ifYIAS+vCEcAAAAgQFtAEBBAIBAwMH"}
@@ -8,7 +8,7 @@
 01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550652392,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com","http": {"url":"http:\/\/http.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550654092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631403550654092,"pkt":"KBaoBOm8AAwpTU5kCABFAAAoVkZAAEAGYEDAqAGSwKgBZx+QBNkyQHzEL+ighlAQAfWEZAAA"}
 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403555894600,"flow_dst_last_pkt_time":1631403555894620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":716,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":716,"midstream":0,"thread_ts_usec":1631403555894620,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631403555894620}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631403555894620}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498440 bytes
-~~ total memory freed........: 5498440 bytes
+~~ total memory allocated....: 5498464 bytes
+~~ total memory freed........: 5498464 bytes
 ~~ total allocations/frees...: 85876/85876
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/http.pcapng.out b/test/results/default/http.pcapng.out
index 688082818..6e23aef65 100644
--- a/test/results/default/http.pcapng.out
+++ b/test/results/default/http.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643129441023341}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643129441023341}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="}
@@ -8,7 +8,7 @@
 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"}
 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643129441065505}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643129441065505}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498301 bytes
-~~ total memory freed........: 5498301 bytes
+~~ total memory allocated....: 5498325 bytes
+~~ total memory freed........: 5498325 bytes
 ~~ total allocations/frees...: 85874/85874
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/http2.pcapng.out b/test/results/default/http2.pcapng.out
index 5dbf4c0ae..7ae5fe60c 100644
--- a/test/results/default/http2.pcapng.out
+++ b/test/results/default/http2.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591863460344658}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591863460344658}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":132,"pkt_l4_len":96,"thread_ts_usec":1591863460344658,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAHTWREAAQAZmPX8AAAF\/AAABk8BzThxFL\/aifuWbgBgCAP5oAAABAQgK5nwLseZ8C7FQUkkgKiBIVFRQLzIuMA0KDQpTTQ0KDQoAABIEAAAAAAAAAgAAAAAABABAAAAABgCgAAAAAAQIAAAAAABAAAAA"}
 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -8,7 +8,7 @@
 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":101,"pkt_l4_len":65,"thread_ts_usec":1591863460344901,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAFUcL0AAQAYgcn8AAAF\/AAABc06TwKJ+5ZscRTEsgBgCAP5JAAABAQgK5nwLseZ8C7EAABgEAAAAAAAABQAQAAAAAwAAAPoABgAQAUAABAAQAAA="}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344921,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":90,"pkt_l4_len":54,"thread_ts_usec":1591863460344921,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAEocMEAAQAYgfH8AAAF\/AAABc06TwKJ+5bwcRTEsgBgCAP4+AAABAQgK5nwLseZ8C7EAAAAEAQAAAAAAAAQIAAAAAAAADwAB"}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460346370,"flow_dst_last_pkt_time":1591863460348007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":272,"midstream":1,"thread_ts_usec":1591863460348007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1591863460348007}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1591863460348007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500311 bytes
-~~ total memory freed........: 5500311 bytes
+~~ total memory allocated....: 5500335 bytes
+~~ total memory freed........: 5500335 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 962 chars
-~~ json message avg len.......: 758 chars
+~~ json message avg len.......: 757 chars
diff --git a/test/results/default/http_asymmetric.pcapng.out b/test/results/default/http_asymmetric.pcapng.out
index 68ba30759..0b933b1ca 100644
--- a/test/results/default/http_asymmetric.pcapng.out
+++ b/test/results/default/http_asymmetric.pcapng.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -17,7 +17,7 @@
 01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 01303{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01090{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1631378215504945}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1631378215504945}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 23/23
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501428 bytes
-~~ total memory freed........: 5501428 bytes
+~~ total memory allocated....: 5501468 bytes
+~~ total memory freed........: 5501468 bytes
 ~~ total allocations/frees...: 85913/85913
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/http_auth.pcap.out b/test/results/default/http_auth.pcap.out
index 30007d6fa..510a21e9d 100644
--- a/test/results/default/http_auth.pcap.out
+++ b/test/results/default/http_auth.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1381844050222515}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1381844050222515}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
@@ -10,7 +10,7 @@
 01452{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050802943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1381844050802943,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"browserspy.dk","http": {"url":"browserspy.dk\/password-ok.php","code":401,"content_type":"text\/html","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36","detected_os":"Intel Mac OS X 10_8_5"}}}
 02423{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01194{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057320871,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1381844057320871}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1381844057320871}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499175 bytes
-~~ total memory freed........: 5499175 bytes
+~~ total memory allocated....: 5499199 bytes
+~~ total memory freed........: 5499199 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/http_connect.pcap.out b/test/results/default/http_connect.pcap.out
index 3cf78c466..560299495 100644
--- a/test/results/default/http_connect.pcap.out
+++ b/test/results/default/http_connect.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631454722864133}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631454722864133}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722864133,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864133,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864165,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"}
@@ -25,7 +25,7 @@
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1631454722867400,"flow_src_last_pkt_time":1631454722867400,"flow_dst_last_pkt_time":1631454722867500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":30,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722977215,"flow_dst_last_pkt_time":1631454722977251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":1701,"flow_dst_tot_l4_payload_len":30951,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":22,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722976969,"flow_dst_last_pkt_time":1631454722977036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5536,"flow_src_tot_l4_payload_len":1904,"flow_dst_tot_l4_payload_len":22723,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Connect","proto_id":"130","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1631454722977251}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1631454722977251}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -34,8 +34,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5520932 bytes
-~~ total memory freed........: 5520932 bytes
+~~ total memory allocated....: 5520988 bytes
+~~ total memory freed........: 5520988 bytes
 ~~ total allocations/frees...: 85992/85992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/http_guessed_host_and_guessed.pcapng.out b/test/results/default/http_guessed_host_and_guessed.pcapng.out
index bf05aadc2..931fc0feb 100644
--- a/test/results/default/http_guessed_host_and_guessed.pcapng.out
+++ b/test/results/default/http_guessed_host_and_guessed.pcapng.out
@@ -1,10 +1,10 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1662455432036237}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1662455432036237}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1662455432036237,"pkt":"AAEC+XM\/AAAA511OCABFSABtI0VAAOcG+C2qIQ0FwKgAAQBuALMAAGWhAAAAxaD\/\/\/9CugAAAgT+OgQCCArnAWpiC3VqYgEDAw6Eya9BxX8AAPZJNc84IkHxNiBIVFRQLzEuMQ0KSG9zdDogcG9ybmh1Yi5jb20NCg0K"}
 01338{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"POP3","proto_id":"2","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}}
 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1662455432036237}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1662455432036237}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500070 bytes
-~~ total memory freed........: 5500070 bytes
+~~ total memory allocated....: 5500094 bytes
+~~ total memory freed........: 5500094 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 593 chars
+~~ json message min len.......: 591 chars
 ~~ json message max len.......: 1343 chars
-~~ json message avg len.......: 926 chars
+~~ json message avg len.......: 925 chars
diff --git a/test/results/default/http_invalid_server.pcap.out b/test/results/default/http_invalid_server.pcap.out
index 68d1402b0..2f1bbd2c2 100644
--- a/test/results/default/http_invalid_server.pcap.out
+++ b/test/results/default/http_invalid_server.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1689351610492040}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1689351610492040}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="}
@@ -9,7 +9,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"}
 01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}}
 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1689351610530140}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1689351610530140}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498427 bytes
-~~ total memory freed........: 5498427 bytes
+~~ total memory allocated....: 5498451 bytes
+~~ total memory freed........: 5498451 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 557 chars
diff --git a/test/results/default/http_ipv6.pcap.out b/test/results/default/http_ipv6.pcap.out
index 6db446066..eabdf1a32 100644
--- a/test/results/default/http_ipv6.pcap.out
+++ b/test/results/default/http_ipv6.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1448269123954061}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1448269123954061}
 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269123954061,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123954061,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123971846,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="}
@@ -108,13 +108,13 @@
 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00968{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01008{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
+01126{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1448269146970056}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1448269146970056}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 193/193
 ~~ skipped flows.............: 0
@@ -123,10 +123,10 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5618781 bytes
-~~ total memory freed........: 5618781 bytes
-~~ total allocations/frees...: 86287/86287
+~~ total memory allocated....: 5619042 bytes
+~~ total memory freed........: 5619042 bytes
+~~ total allocations/frees...: 86288/86288
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2386 chars
-~~ json message avg len.......: 1478 chars
+~~ json message avg len.......: 1477 chars
diff --git a/test/results/default/http_on_sip_port.pcap.out b/test/results/default/http_on_sip_port.pcap.out
index 72c9da69b..cf19dcead 100644
--- a/test/results/default/http_on_sip_port.pcap.out
+++ b/test/results/default/http_on_sip_port.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744016209720}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744016209720}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744016209720,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744016209720,"pkt":"AAAAAAAAAAsAxhT1CABFAAA8sxJAAD4GBd5Ssm\/dLTqUAhPEIrha1ycbAAAAAKAC\/\/9M3wAAAgQFUAQCCAoQxK6EAAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016342703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744016342703,"pkt":"AAAAAAAAAAUAQPTMCABFAAA0AABAADMGw\/gtOpQCUrJv3SK4E8QPDztmWtcnHIAS\/\/\/oTwAAAgQFtAEBBAIBAwMI"}
@@ -8,7 +8,7 @@
 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1618744016532140,"pkt":"AAAAAAAAAAUAQPTMCABFAAV45dJAADMG2OEtOpQCUrJv3SK4E8QPDztnWtcn+1AQAQUxMQAASFRUUC8xLjEgNDAzIEZvcmJpZGRlbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMTowNDo0MCBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxMTY3DQpTZXJ2ZXI6IEZsdXNzb25pYw0KWC1Sb3V0ZS1UaW1lOiAxMTINClgtUnVuLVRpbWU6IDI0MQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQsIFBVVCwgREVMRVRFLCBPUFRJT05TDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLCByYW5nZSwgWC1SdW4tVGltZSwgQ29udGVudC1MZW5ndGgsIExvY2F0aW9uDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXZzYWFzLXNlc3Npb24sIHgtbm8tcmVkaXJlY3QsIG9yaWdpbiwgYXV0aG9yaXphdGlvbiwgeC1yZWFsLWlwLCBhY2NlcHQsIHJhbmdlDQpYLURlbnktUmVhc29uOiBjYWNoZWRfbmVnYXRpdmUNCg0KPCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICA8dGl0bGU+Rmx1c3NvbmljIHN0cmVhbWluZyBzZXJ2ZXI8L3RpdGxlPgogIDxtZXRhIG5hbWU9ImZyYWdtZW50IiBjb250ZW50PSIhIiAvPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICA8bWV0YSBjaGFyc2V0PSJ1dGY4Ij4KPC9oZWFkPgo8Ym9keT4KCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkgewogIGZvbnQtZmFtaWx5OiAiSGVsdmV0aWNhIE5ldWUiLCBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNlcmlmOwogIGZvbnQtc2l6ZTogMTRweDsKICBsaW5lLWhlaWdodDogMS40Mjg1NzE0Mjk7CiAgY29sb3I6ICMzMzMzMzM7Cn0KLmNvbnRhaW5lciB7CiAgbWFyZ2luLXJpZ2h0OiBhdXRvOwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIHBhZGRpbmctbGVmdDogMTVweDsKICBwYWRkaW5nLXJpZ2h0OiAxNXB4Owp9CkBtZWRpYSAobWluLXdpZHRoOiA3NjhweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA3NTBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiA5OTJweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA5NzBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiAxMjAwcHgpIHsgLmNvbnRhaW5lciB7IG1heC13aWR0aDogMTE3MHB4OyB9IH0KLnBhZ2UtaGVhZGVyIHsKICBwYWRkaW5nLWJvdHRvbTogOXB4OwogIG1hcmdpbjogNDBweCAwIDIwcHg7CiAgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICNlZWVlZWU7Cn0KaDEgewogIGZvbnQtc2l6ZTogMzZweDsKICBtYXJnaW4tdG9wOiAyMHB4OwogIG1hcmdpbi1ib3R0b206IDEwcHg7CiAgZm9udC13ZWlnaHQ6IDUwMDsKICBsaW5lLWhlaWdodA=="}
 01526{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2","http": {"url":"45.58.148.2\/star-123456\/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374","code":403,"content_type":"","user_agent":"exoplayer-codelab"}}}
 01329{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744016532140}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744016532140}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498633 bytes
-~~ total memory freed........: 5498633 bytes
+~~ total memory allocated....: 5498657 bytes
+~~ total memory freed........: 5498657 bytes
 ~~ total allocations/frees...: 85874/85874
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 558 chars
diff --git a/test/results/default/http_origin_different_than_host.pcap.out b/test/results/default/http_origin_different_than_host.pcap.out
index 1287ea1e4..67a7aa419 100644
--- a/test/results/default/http_origin_different_than_host.pcap.out
+++ b/test/results/default/http_origin_different_than_host.pcap.out
@@ -1,5 +1,5 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666211829809412}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666211829809412}
 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829809412,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829809412}
 00479{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwAGCpgAAAQBGTHgqGGQUKhA+wCGgIaABMB\/0w\/wA8B+ApokUAADz3BkAAPQaM8QqMzkoSh85mhugAUDlR2BoAAAAAoAL\/\/8ZVAAACBAW0BAIICgAlLxwAAAAAAQMDCA=="}
 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829952951,"packet_id":2,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829952951}
@@ -8,7 +8,7 @@
 01273{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":717,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":717,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwArevqQAAQBGKngqGGQUKhA+wCGgIaAKjA08w\/wKTB+ApokUAApP3CEAAPQaKmAqMzkoSh85mhugAUDlR2Bva3fe5gBgBVxwmAAABAQgKACUvS\/xqn1tHRVQgLz90b3ByZWZlcmVyPW9wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20gSFRUUC8xLjENCkhvc3Q6IGNzYi5wZXJmb3JtZ3JvdXAuaW8NCkNvbm5lY3Rpb246IFVwZ3JhZGUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgSktNLUxYMSBCdWlsZC9IVUFXRUlKS00tTFgxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzEwNi4wLjUyNDkuMTE4IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpVcGdyYWRlOiB3ZWJzb2NrZXQNCk9yaWdpbjogaHR0cDovL29wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBhci1PTSxhcjtxPTAuOSxlbi1VUztxPTAuOCxlbjtxPTAuNw0KU2VjLVdlYlNvY2tldC1LZXk6IHNiOUgzWXpZc1ZQUi9xUGdtaUxlRVE9PQ0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiBwZXJtZXNzYWdlLWRlZmxhdGU7IGNsaWVudF9tYXhfd2luZG93X2JpdHMNCg0K"}
 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211830159716,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211830159716}
 00685{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":276,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAAP4wwgAAOxEQbwqED7AKhhkFCGgIaADqAAAw\/wDa39WxhkUAANrwJ0AA3wbxMRKHzmYKjM5KAFCG6Nrd97k5Udp6gBgAbjGkAAABAQgK\/GqgKwAlL0tIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KRGF0ZTogV2VkLCAxOSBPY3QgMjAyMiAyMDozNzoxMCBHTVQNCkNvbm5lY3Rpb246IHVwZ3JhZGUNClVwZ3JhZGU6IHdlYnNvY2tldA0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IHhFNmRMWHh4TWFpSGFsYzcrTFFoQ01HdzNYST0NCg0K"}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1666211830159716}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1666211830159716}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/0
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 324 chars
diff --git a/test/results/default/http_starting_with_reply.pcapng.out b/test/results/default/http_starting_with_reply.pcapng.out
index 25927fcf1..7ed1b6210 100644
--- a/test/results/default/http_starting_with_reply.pcapng.out
+++ b/test/results/default/http_starting_with_reply.pcapng.out
@@ -1,5 +1,5 @@
-00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210397220}
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210397220}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1631378210397220,"pkt":"KBaoBOm8AAwpTU5kCABFAAXcUgZAAEAGXszAqAGSwKgBZwBQBBTvVdXBMy1lhFAQAfUyfwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDExIFNlcCAyMDIxIDE2OjM2OjUwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDA2IFNlcCAyMDIxIDAyOjAyOjE5IEdNVA0KRVRhZzogIjJhYTYtNWNiNGEwOWZmM2I5YS1nemlwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDMxMzgNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NSwgbWF4PTEwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCg0KH4sIAAAAAAAAA71a63PbNhL\/7r8CVafTJCeRlpO6siJ7JvFj0pmk8STK3fWTDyIhCWOI4AGgZDXt\/367AEjxJcrJNdXEkUgC+8Lubx\/S0eS7q\/eX099ur8nSrAS5\/fT67S+XpDcIw389vwzDq+kV+feb6bu3ZBgck6miieaGy4SKMLz+tUd6S2PScRhuNptg8zyQahFOP4QPSGuIm\/3HgSntDGIT9y6OJpbhw0ok+ryFzPDs7MzthrWETL4bDOCNkHcy5nPOYjJXckXMkpErNuM0IVLxBQfyZC4V+TTLEpPZDW+pNiRLY2pYPCYnx8PTwXA4GJ7ahx8ZGxNkroG7oFkSLVMaBwkz4Sxb6HB4Mhqdnh3D2sHAirFkNL6wWycrZqjdO2D\/zfj6vHcpE8MSM5huU9Yjkbs67xn2YEJU5CWJllRpZs4\/TW8Gox4JPSXDjWAXr1IaLdmJlx3UmtNMGHJLFyDjL4ZspLrXk9Atdhu12QpGDPDzbCKte2TFYk7PezpSjCXWes\/IZ7thRRXYaEyO04fy30v7EBSPebJoffrnEfw3k\/G27\/zkc3XHc1hZ+nt5ZB\/PaHS\/UDJL4kEkhVRj8v3V6Or19Yl\/PgcLDeZ0xcV2TP7JVEwT2icaPGWgmeLzl7tVmv8ORhgOU+NuorIDKvgClInAykwVUsZ8HawoT+5SMFwuqHTONyaKCWr4mjkyMdepoMDd0JlgXqwNj81yTEbHx4Umzm6DmTRGrsZOxdJ9weZmTGhmZOU2OOSycn+\/hZ29pIqZGnj+JzkTfzs34cnw5Ofno8oj6wZjoqXg8X7b39iXf37AgGi7O\/R1prwJl8xpc3aWy+XlHB4f\/9DB9Keb05uf99LWKURu1TeHP5WM89POOmU\/GCHL4ubGizaTIt7Lia8WNUbPS3xe1E9h3BoBSNS6yp2c3\/kA155sJBiFbegLudeAD+SH2XCmLwiavQfneHXJdscNW+0VsHmCuWwv2h30gGz5zWP7akbqY+WltZM6LUlzWjsOv\/NOswgjvOWM\/2Ib1xje4eI6HqL5RuhW7r3DPGWvPnZe3c0pVaym48hbZtQK5iP\/ZFQRpQo1wxrUeDyJAe5Y3ApCuQqHwr6ko6PJDdg1eoSaFSUL5D1w+m5vJvr7HwredVjDOoN8bwULK3nv1LvXaZd7ja7PLl+f1Pwg97m9QFZLfic\/PCr5VUW+U1Arfd4n1+XVyfDFTdf2hWLb\/fvPbs6ej06L\/cFcSEivyeKOCbYC0Q7kX7v8C3Ch33XsOWpY88Qskoo6nolMWIeVD3IdC57c9w8tWnPQkcUH19EI9c8xuQEJh6VZynXhiS1HUgnNpqt1h05V1z1LSpp2Laso2lYLXl7dXJ\/uxcZDgn6NGXKWJeprCCToDaQj9aerq0OLVrbgD\/OKf4Llr6+7YSOkU6qhcylKzZ57Vn1arkDqsVFsgC1YnWgVnfdCDurqMLM9wEDIhQzSZNEjVEAn4TuDt3C3l3M="}
 01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
@@ -11,7 +11,7 @@
 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"thread_ts_usec":1631378210486956,"pkt":"AAwpTU5kKBaoBOm8CABFAAGFWfBAAIAGAADAqAFnwKgBkgQUAFAzLWWE71XjVlAYBAKFwQAAR0VUIC9pY29ucy91YnVudHUtbG9nby5wbmcgSFRUUC8xLjENCkhvc3Q6IHByb3h5LndpcmVzaGFya2Zlc3QuYWNyb3BvbGlzLmxvY2FsDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjANCkFjY2VwdDogaW1hZ2Uvd2VicCwqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vcHJveHkud2lyZXNoYXJrZmVzdC5hY3JvcG9saXMubG9jYWwvDQoNCg=="}
 01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":557,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":3477,"flow_dst_tot_l4_payload_len":349,"midstream":1,"thread_ts_usec":1631378210486956,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local","http": {"url":"proxy.wiresharkfest.acropolis.local\/icons\/ubuntu-logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}}
 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378215504662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":688,"midstream":1,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1631378215504945}
+00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1631378215504945}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 18/18
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498765 bytes
-~~ total memory freed........: 5498765 bytes
+~~ total memory allocated....: 5498789 bytes
+~~ total memory freed........: 5498789 bytes
 ~~ total allocations/frees...: 85887/85887
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out
index 4f2324d88..655d14ad9 100644
--- a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out
+++ b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out
@@ -1,5 +1,5 @@
-00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1506664814072079}
+00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1506664814072079}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1506664814072079,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814072079,"pkt":"AAAAgIP1SEb77F8hCABFAAA81NpAAD8GNx7+fYeAQphnLVNvAFDG58bVAAAAAKAC\/\/8jsQAAAgQFeAQCCAoBPBIPAAAAAAEDAwc="}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814272267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814272267,"pkt":"AAAAgIP1SEb77F8hCABFAAA8AABAAOcGY\/hCmGct\/n2HgABQU28gJ4bfxufG1qASaN\/42QAAAgQFtAQCCAonS\/NXATwSDwEDAwg="}
@@ -10,7 +10,7 @@
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1506664814304061,"flow_dst_last_pkt_time":1506664814506288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1506664814506288,"pkt":"AAAAgIP1SEb77F8hCABFAAC1dXxAAOcG7gJCmGct\/n2HgABQU28gJ4bgxufNVYAYAHwEBgAAAQEICidL854BPBI6SFRUUC8xLjEgMjAwIA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpEYXRlOiBGcmksIDI5IFNlcCAyMDE3IDA2OjAwOjE0IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
 02283{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664884688466,"flow_dst_last_pkt_time":1506664884891709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":16613,"flow_dst_tot_l4_payload_len":1748,"midstream":0,"thread_ts_usec":1506664884891709,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2278,"avg":4562452.0,"max":23451757,"stddev":7140164.0,"var":50981941280768.0,"ent":3.5,"data": [200188,228774,3208,234021,1087486,3262,1090830,5345683,5834,5351689,23448878,3179,23451757,8290030,3196,8292329,1123787,3421,1127523,8802271,4342,8806776,19530296,2278,19532387,1784873,3657,1788814,938512,3420,943316]},"pktlen": {"min":60,"avg":626.3,"max":1440,"stddev":557.2,"var":310424.4,"ent":4.5,"data": [60,60,1440,327,181,1440,259,181,1440,535,410,1440,257,181,1440,327,181,1440,257,181,1440,461,410,1440,258,181,1440,313,181,1440,259,181]},"bins": {"c_to_s": [1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0],"s_to_c": [1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.739262104,5.106893539,5.867009163,5.823337078,5.714051723,5.877876282,5.739666462,5.708738327,5.861988068,5.999320984,5.770567417,5.882071018,5.723089695,5.732763290,5.864256382,5.841103554,5.697688103,5.890019894,5.735716343,5.730837822,5.881994724,5.957257271,5.801627636,5.887722969,5.723830700,5.705350399,5.852463722,5.804970741,5.650331974,5.849934578,5.692368984,5.757890701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":39,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506665200702631,"flow_dst_last_pkt_time":1506665200902775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":62424,"flow_dst_tot_l4_payload_len":6280,"midstream":0,"thread_ts_usec":1506665200902775,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":115,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1506665200902775}
+00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":115,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1506665200902775}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 115/115
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501314 bytes
-~~ total memory freed........: 5501314 bytes
+~~ total memory allocated....: 5501338 bytes
+~~ total memory freed........: 5501338 bytes
 ~~ total allocations/frees...: 85976/85976
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 582 chars
diff --git a/test/results/default/i3d.pcap.out b/test/results/default/i3d.pcap.out
index 6300d51be..60c8fc641 100644
--- a/test/results/default/i3d.pcap.out
+++ b/test/results/default/i3d.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643566147188000}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643566147188000}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643566147188000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU1sAAH8R+EzAqAJk1aNXL+w8w1QAUphQAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95U="}
 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -7,7 +7,7 @@
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643566147224000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1643566147224000,"pkt":"eJS0JASgYDjgxTWgCABFAACoU10AAH8R+AjAqAJk1aNXL+w8w1QAlAApkHiUJQdnxvIAA8+ovt4AAfZr38uFzZsIi8ZCCYTQPXHtOHv0CzWfwBUspYBgwVoFrs7CIolbntTbNC\/JUzHrMPTo+XsMJQLsyF07SXVZB\/s4ty9sKDXZEitaLRpRsI4IOF0cfX+Uc0Uf1VgbctkHIRIB7WkAQW7E9Ft4IwjFcGTVfDpX71058AMMAIA="}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643566147248000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1643566147248000,"pkt":"eJS0JASgYDjgxTWgCABFAACrU14AAH8R+ATAqAJk1aNXL+w8w1QAl9LykHiUJgdnyrIAA8+ovt4AAUA1qdRM+p5pr\/oqX0DhEzCeQnh79unVEDHbUO6dzrEHo2ZrwkpnXYNjri9KSft0NfMTwIic7YV89\/hFWxptbKzflgOcvR8B2Shl\/WZiU1Z\/KdIDbewpUyY21lOye5L\/XBpzfqg5wywFSTueNycE9miVE9BmO5SMOudQFQQMAIA="}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643566147266000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1643566147266000,"pkt":"eJS0JASgYDjgxTWgCABFAACpU18AAH8R+AXAqAJk1aNXL+w8w1QAlT\/NkHiUJwdnznIAA8+ovt4AAaP5Ah92yNJfzjWLY8WE\/BTJnxusxn0vEFtrrFPiJ6xYLwBoyHyq9NbUJFz9dnZHmE98BUSEEm1g\/uLK67zcvjWDSrCKLxOx4sj+Tlk9Iq149UdWaGtJ\/sUWb\/A24Vz1gJvdeF4k3J4DeZ1+PNY96GPVMAZTD3\/NwRsFDACA"}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643572927206000}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643572927206000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643572927206000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU0sAAH8R+FzAqAJk1aNXL9elw1QAUhLaAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkaM="}
 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -16,7 +16,7 @@
 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643572927260000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_usec":1643572927260000,"pkt":"eJS0JASgYDjgxTWgCABFAAGIU08AAH8R9zbAqAJk1aNXL9elw1QBdHLBkHjAYRrNp\/IAA8+ovt4AAQHk2SbeSru+vmqqbBAlqKnhi8VOiprTRfevAGdGL56u0jSjwF44BlGyfOIsOe9k0bILizQNN9KH2Zs3ouDH7gMA9MStaqggeVFFdLPjTFIOSwvUil8bbIvJDO17475aYHIEDMOMgQstUnNA1RgrYS2\/2kVGl7KJZGY\/L7D3V\/CVrqy8Mdz69R1bcRh4OUlMGYs20rRHySB1Dhuk3gj5oX3QZZFzW5+1AKlyFgaMG20J+gfaDs7fR+LJlT0e6ZIGmglv7IbxFn2ezOoMl1oHeUBvAHNKh2tBHj\/gvzBn3\/p9RQD7uVLnyG8g2NlN1VCjLyvFh8dNYVS+\/1yAqn2zPJoP+JrJzw9WOJbDrEms0RCwLivIgUxmOAjwuWkis3CQGN4xLBnm5cm+kzvuz3uOJtKDlrGmtcqqXSMQb0l4w2rAPaz+w\/ddGa7GkvH8mbylSiRSECJE2x\/+OAYZgA=="}
 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643572927277000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1643572927277000,"pkt":"eJS0JASgYDjgxTWgCABFAAGSU1AAAH8R9yvAqAJk1aNXL9elw1QBfqV4kHjAYhrNq7IAA8+ovt4AAaUWvsT0DCayFUbzabzV8jrCDKi9xfLgbBSBd+F0MC5A+pFm70pntapcdGBWkcOJ2oBsj+J4Zj69ESkk995NOgz4qWa9pVXVwvtTkiJzlG54oXs0w5VAZ2rxJEg5VEqP+nv1E5RDoKP2xPW8K5HGyKJiu0\/uTpIYXdCxbJI2WdJND01cc6LoQfKwTvwIAKPWe0VI5agSTTuy7uGlybczfeWU99AcaDWIBivRoBkrqFIBd4hohB5csBM+jGqze6sHojZJ+Bp84hb\/kpOEfRWPRRuFJYkInwdmn\/rgt0qrGDGY7Nx6Q+l4Q7yCAdXGlZZvWRHal998LFuUaEsGR7CY01GlVfOg284fA6pzmM3AdmuhBDB+OioFOQS1sl\/4XCLOCRDdbDU7EeqPTo7TztdlkwgXxffBx0jewOZjWR3XfjE5CAFbhNK9B1i9zRJljHex1EUOznrGM6z2tTbOvpxOAz0IvjkGGYA="}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147407000,"flow_dst_last_pkt_time":1643566147319000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2349,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1643572927312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1643574967215000}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1643574967215000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643574967215000,"pkt":"eJS0JASgYDjgxTWgCABFAABm4pkAAH8RaQ7AqAJk1aNXL\/Scw1QAUnfBAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8U="}
 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -34,7 +34,7 @@
 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643575387255000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1643575387255000,"pkt":"eJS0JASgYDjgxTWgCABFAATb+uwAAH8RTEbAqAJk1aNXL\/P9w1QEx8XFkGfzn+7YC1wAA8+pvt4AA8\/rBnO98lR\/HxLTpIP\/EbMQx2RnswfttY95fPW12k+sMZPRUpXQ6rdFgdvebGO7p1UVM3QV79HT48Lutvo7rBD1EQGn3G1lnzMH\/HYoOApYSztH3SoK71xEoS1y8yXoqwttVhKJwdDpP0dYo+6JgRJC8a80fv+q8dukV27\/jVfVPNuEOGAKsYLKK3d3pDVBr3zFRvp+CUrx4k8Q3SmQ3FdvyBKUErJJCQMDIji2wBw\/6oOgUQdC4DfvZgCq2ehheOE\/QsbTet00OotAumju1CQN9Ie6XatcDMZEuVkd\/D\/4BNSUP8nLk2iECQ5jtpH0za6z9XycB9r30SzB4diSF71CS3FM8x6aWeAPxHuthE+qizcIjWCTi+uD+tksuJ3IgwTOIYtLJAmqBWmSSbw6uqz8LcdkStr7tMJaqmyNp0jfhJUWKXSVLeeaB7dE8vLAU\/AaDLNlX7cI97Q9sT4yJ7Ck0Xf38Wbaf70ad0+uLgBbGKMZzc0Qinka6L0063NVp3KQEb0W7+ZtTH+F7khBVzSgEGbYSk5P6L4+w1W84JNRtMzWLexqMRbia63\/XlTmx3sjYEiOU7SeNg\/VV7tUmAh00XrF94xyB5IuISYVkB63iOTwwjLGd+XPIC+xHPrVpy7d5\/0MnalC+TtBhFqQnVaipTWP5pTB6aF4HDpdAG\/Rsi\/jlYTPiwR\/+06YhuScTKbIDskrucwHhjvSpnvj6KdX7eJb+0f\/dGV1IR6XpjxXnm16GYSfek2plgRY7BcmryqhO8+u57C4lQPTdhp9tFjWMl1dmpGwleRQLABunADSt5n52m5UHlaEuruXoTSXj9yg5uc8GO3+7UV8mGSRFe35dZLCx1fvxLHAWLieOXgy10+sPWgTzBqbHdVA8G9uU1gL0jJCQ+ge4NIeEvEK2v26py+DrxUZ60wRYOUn0g+EctdA6BkYQ7axrLaAByXKmU+xaI8PcDwzjV5piTIMfvW5xrMWnuL8uImiF2SPyss62VgrI3kAwzdR1oqaEPB3uwvPTduUQ+N4uIEjkeW8TelrAHdYXTVkcW+KD\/qD9R4sMNfYyWoSviEKw0OOIkW3\/U0JwSQqOjw1KSUDkqHq\/KyJv++I37PjSRk9mkJHQKggsRDYpWzlCTtryb8Uw1N9dk2juxtTHXxH5dFsqFyNr7JLXTkJTh7bfr6gqnKuzSbbt6h0jpTjdtLTrNwDnd+cljHqP32B+son64QJeY+jueVGuppoG7wUpq9JyqWs0peerVl4SqbRUoTVTImfH4YMaQgSagkAM1uLSfdEHTdncPe4QqZpCf6Ay8IVOgBWQUUUGJ5tOIqcY9sNHfHZj+UXJJzimbNgyQmLAVgGyrWp1k3cCO9aHcm70ZW\/fksx8g38UefAJrWV5AcZKxBoIRLhAQKQrUJrNFP2Yu7+3wkMjdrjMpb0eLnX749AFyY0EfVxc8EaD1Zvrdq9MJLJbzBl00Bvh3hnjWjJNNa8ogp\/jNsv03rLCsySZbzzJq10nEyw\/TWESfJ1nM1aVj21VveY1DdXxYRzhGtEydneMsYwjGJ8zEkLQm++YbhIJDKJH2vuRum8N8aCn074\/\/PAqyWA"}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643575387216000,"flow_src_last_pkt_time":1643575387266000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1216,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":15879,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967460000,"flow_dst_last_pkt_time":1643574967246000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1210,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":4511,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1643575387266000}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1643575387266000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -43,10 +43,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506229 bytes
-~~ total memory freed........: 5506229 bytes
+~~ total memory allocated....: 5506301 bytes
+~~ total memory freed........: 5506301 bytes
 ~~ total allocations/frees...: 85953/85953
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 565 chars
+~~ json message min len.......: 563 chars
 ~~ json message max len.......: 2172 chars
-~~ json message avg len.......: 1358 chars
+~~ json message avg len.......: 1357 chars
diff --git a/test/results/default/iax.pcap.out b/test/results/default/iax.pcap.out
index c06fbc7cb..d14e062a5 100644
--- a/test/results/default/iax.pcap.out
+++ b/test/results/default/iax.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1123840005963862}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1123840005963862}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1123840005963862,"pkt":"AMDwli5rAOCBJ2JwCABFEABeAABAAEARAJ1SbiRUwKgCeBHZEdYASpLMgAQAAAAAAAEAAAYBCwIAAgEMNDQyMDg4MjA1MTU1Agw0NDc3ODIyNjc5NDkEAAoCZW7\/BAAAAAIMAgAAHwQLDFXW"}
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -9,7 +9,7 @@
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1123840005971515,"flow_dst_last_pkt_time":1123840005995531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1123840005995531,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV79AAEARqSPAqAJ4Um4kVBHWEdkAFBz1gBcABAAAAB8BAQQE"}
 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006456930,"flow_dst_last_pkt_time":1123840006059195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3882,"flow_dst_tot_l4_payload_len":372,"midstream":0,"thread_ts_usec":1123840006456930,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":948,"avg":18980.7,"max":51403,"stddev":10969.1,"var":120322248.0,"ent":4.7,"data": [2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140]},"pktlen": {"min":40,"avg":161.5,"max":200,"stddev":59.5,"var":3538.2,"ent":4.9,"data": [94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192]},"bins": {"c_to_s": [3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006472888,"flow_dst_last_pkt_time":1123840006489877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":4046,"flow_dst_tot_l4_payload_len":3008,"midstream":0,"thread_ts_usec":1123840006489877,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1123840006489877}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1123840006489877}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499423 bytes
-~~ total memory freed........: 5499423 bytes
+~~ total memory allocated....: 5499447 bytes
+~~ total memory freed........: 5499447 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 524 chars
diff --git a/test/results/default/icmp-tunnel.pcap.out b/test/results/default/icmp-tunnel.pcap.out
index 9ae0df537..ec865677a 100644
--- a/test/results/default/icmp-tunnel.pcap.out
+++ b/test/results/default/icmp-tunnel.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1360227866458898}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1360227866458898}
 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227866459330,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.703333}}
@@ -20,7 +20,7 @@
 01078{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":98,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228358273374,"flow_dst_last_pkt_time":1360228358272926,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20874,"flow_dst_tot_l4_payload_len":16482,"midstream":0,"thread_ts_usec":1360228358273374,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":107,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228402597860,"flow_dst_last_pkt_time":1360228402596581,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22210,"flow_dst_tot_l4_payload_len":17950,"midstream":0,"thread_ts_usec":1360228402597860,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":109,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228442640689,"flow_dst_last_pkt_time":1360228442640274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22290,"flow_dst_tot_l4_payload_len":18030,"midstream":0,"thread_ts_usec":1360228442640689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1360228467662193}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1360228467662193}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":114,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228485957206,"flow_dst_last_pkt_time":1360228485957682,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22995,"flow_dst_tot_l4_payload_len":18623,"midstream":0,"thread_ts_usec":1360228485957682,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":154,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228522817624,"flow_dst_last_pkt_time":1360228522818134,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":28272,"flow_dst_tot_l4_payload_len":23795,"midstream":0,"thread_ts_usec":1360228522818134,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":192,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228557159010,"flow_dst_last_pkt_time":1360228557159568,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33486,"flow_dst_tot_l4_payload_len":28699,"midstream":0,"thread_ts_usec":1360228557159568,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -36,7 +36,7 @@
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":371,"flow_dst_packets_processed":337,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228942890883,"flow_dst_last_pkt_time":1360228942891404,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":51973,"flow_dst_tot_l4_payload_len":46675,"midstream":0,"thread_ts_usec":1360228942891404,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01079{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":423,"flow_dst_packets_processed":390,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228984799284,"flow_dst_last_pkt_time":1360228984799441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":57434,"flow_dst_tot_l4_payload_len":52234,"midstream":0,"thread_ts_usec":1360228984799441,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":448,"flow_dst_packets_processed":415,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228988973603,"flow_dst_last_pkt_time":1360228988973740,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":83334,"flow_dst_tot_l4_payload_len":78134,"midstream":0,"thread_ts_usec":1360228988973740,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1360228988973740}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1360228988973740}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 961/863
 ~~ skipped flows.............: 0
@@ -45,10 +45,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523000 bytes
-~~ total memory freed........: 5523000 bytes
+~~ total memory allocated....: 5523024 bytes
+~~ total memory freed........: 5523024 bytes
 ~~ total allocations/frees...: 86723/86723
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 2372 chars
-~~ json message avg len.......: 1471 chars
+~~ json message avg len.......: 1470 chars
diff --git a/test/results/default/iec60780-5-104.pcap.out b/test/results/default/iec60780-5-104.pcap.out
index bf93bd3df..0404e1f2d 100644
--- a/test/results/default/iec60780-5-104.pcap.out
+++ b/test/results/default/iec60780-5-104.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1219992231267238}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1219992231267238}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231267238,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
@@ -45,12 +45,12 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819944348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1219992852463357}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1219992852463357}
 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992781349438,"flow_dst_last_pkt_time":1219992781349461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1219992910077446,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992818955088,"flow_dst_last_pkt_time":1219992818955112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":6,"midstream":0,"thread_ts_usec":1219992961194617,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992991664467,"flow_dst_last_pkt_time":1219992991860370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":207,"midstream":0,"thread_ts_usec":1219992991860370,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":133,"avg":11085131.0,"max":32516052,"stddev":10877058.0,"var":118310385483776.0,"ent":4.1,"data": [133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039]},"pktlen": {"min":40,"avg":51.6,"max":104,"stddev":11.5,"var":132.4,"ent":5.0,"data": [48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1],"entropies": [4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":19,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219993055118751,"flow_dst_last_pkt_time":1219993055118603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1219993055118751,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1219993055118751}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1219993055118751}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 147/147
 ~~ skipped flows.............: 0
@@ -59,8 +59,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513096 bytes
-~~ total memory freed........: 5513096 bytes
+~~ total memory allocated....: 5513200 bytes
+~~ total memory freed........: 5513200 bytes
 ~~ total allocations/frees...: 86062/86062
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/ieee_c37118.pcap.out b/test/results/default/ieee_c37118.pcap.out
index b8a641848..8021f838c 100644
--- a/test/results/default/ieee_c37118.pcap.out
+++ b/test/results/default/ieee_c37118.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1218021007698753}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1218021007698753}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007698753,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007698753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1218021007698753,"pkt":"ADCnAA06AAlrk3uDCABFAAA846tAAEAG1LrAqAAUwKgA8Y\/jEmgIDYWkAAAAAKACFtAWCwAAAgQFtAQCCAoCxGYPAAAAAAEDAwY="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1218021007698753,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1218021007699989,"pkt":"AAlrk3uDADCnAA06CABFAABAZWQAAEAGkv7AqADxwKgAFBJoj+PZe3k4CA2FpbASIfAmuQAAAgQFtAEDAwABAQQCAQEICnGgDcwCxGYP"}
@@ -8,7 +8,7 @@
 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007699989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218021007700230,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1218021007700230,"flow_dst_last_pkt_time":1218021007701832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1218021007701832,"pkt":"AAlrk3uDADCnAA06CABFAAA0ZWUAAEAGkwnAqADxwKgAFBJoj+PZe3k5CA2Ft4AQId5ngwAAAQEICnGgDcwCxGYQ"}
 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021007982488,"flow_dst_last_pkt_time":1218021007965319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":890,"midstream":0,"thread_ts_usec":1218021007982488,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":207,"avg":17751.6,"max":40001,"stddev":13277.6,"var":176295104.0,"ent":4.5,"data": [1236,1270,207,1843,699,2315,976,1753,1047,20120,38956,19861,2840,19920,19921,20016,39141,19972,20168,38019,19966,20020,40000,19866,22584,20167,20073,37505,19862,19977,40001]},"pktlen": {"min":52,"avg":81.6,"max":186,"stddev":31.5,"var":989.7,"ent":4.9,"data": [60,64,52,70,52,186,52,70,52,106,106,52,106,52,106,52,106,52,106,106,52,106,106,52,106,52,106,106,52,106,106,52]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0],"entropies": [4.496836185,5.048533440,4.931210041,4.651202679,4.969671726,4.443276405,4.931210041,4.690558434,4.969671249,5.657071114,5.579102516,4.969671249,5.555610657,4.969671726,5.699430466,4.969671726,5.692310333,5.008132935,5.652293205,5.602812290,4.931209564,5.597970963,5.583358288,4.931209564,5.605093002,4.931209564,5.657070637,5.635706902,5.008132935,5.642828465,5.594747066,5.008132935]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":418,"packets-processed":417,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1218023578251598}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":418,"packets-processed":417,"total-skipped-flows":0,"total-l4-payload-len":13796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1218023578251598}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1218023578251598,"pkt":"AKD0AaNIAB1gY4VACABFAAAualcAAIARTtHAqAAKwKgAPBJoEmkAGlB5qkEAEgA8SJmQmgA0LtUAAVYL"}
 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578251598,"flow_dst_last_pkt_time":1218023578251598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1218023578251598,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -19,7 +19,7 @@
 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":29,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023578622812,"flow_dst_last_pkt_time":1218023579169239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1718,"midstream":0,"thread_ts_usec":1218023579169239,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":19796,"avg":41576.0,"max":318010,"stddev":73009.0,"var":5330315264.0,"ent":3.9,"data": [316833,318010,54381,59605,20198,20004,19807,20001,20003,20201,19799,19994,20205,19798,20210,19796,20005,19991,20008,20200,19801,19996,20004,20000,20202,19800,20004,20000,20002,20201,19796]},"pktlen": {"min":46,"avg":83.4,"max":402,"stddev":57.9,"var":3351.1,"ent":4.8,"data": [46,46,402,46,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76,76]},"bins": {"c_to_s": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,28,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.419025898,4.245112896,4.107680798,4.419026375,4.914726734,4.888411045,4.977291107,4.801239491,4.941042423,4.941042423,4.977291107,4.950975418,4.950975418,4.941042423,5.003606796,4.860224247,4.898343563,4.924659729,4.977291107,4.950975418,5.024288177,4.814043045,4.950975418,4.902923107,5.076920033,4.801239491,4.814043045,4.929238796,4.924659729,4.898343563,4.925475597,4.899159908]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":258,"flow_first_seen":1218021007698753,"flow_src_last_pkt_time":1218021012734335,"flow_dst_last_pkt_time":1218021012734317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":13742,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.241","src_port":36835,"dst_port":4712,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":357,"flow_first_seen":1218023578251598,"flow_src_last_pkt_time":1218023585746411,"flow_dst_last_pkt_time":1218023585729395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":374,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":17462,"midstream":0,"thread_ts_usec":1218023585746411,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.60","src_port":4712,"dst_port":4713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEEE-C37118","proto_id":"367","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":778,"packets-processed":778,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1218023585746411}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":778,"source":"cfgs\/default\/pcap\/ieee_c37118.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":778,"packets-processed":778,"total-skipped-flows":0,"total-l4-payload-len":31330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1218023585746411}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 778/778
 ~~ skipped flows.............: 0
@@ -28,8 +28,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5522707 bytes
-~~ total memory freed........: 5522707 bytes
+~~ total memory allocated....: 5522747 bytes
+~~ total memory freed........: 5522747 bytes
 ~~ total allocations/frees...: 86649/86649
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/imap-starttls.pcap.out b/test/results/default/imap-starttls.pcap.out
index 748161592..01813652a 100644
--- a/test/results/default/imap-starttls.pcap.out
+++ b/test/results/default/imap-starttls.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437584567812552}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437584567812552}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437584567812552,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1437584567812552,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584568002342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437584568002342,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"}
@@ -12,7 +12,7 @@
 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584568767550,"flow_dst_last_pkt_time":1437584568769690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":5492,"midstream":0,"thread_ts_usec":1437584568769690,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 02540{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":188486.4,"max":1677753,"stddev":378167.8,"var":143010873344.0,"ent":3.3,"data": [189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432]},"pktlen": {"min":40,"avg":235.2,"max":1500,"stddev":424.6,"var":180326.2,"ent":3.6,"data": [64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46]},"bins": {"c_to_s": [15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1],"entropies": [4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01337{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1437584570828629}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1437584570828629}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 32/32
 ~~ skipped flows.............: 0
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517297 bytes
-~~ total memory freed........: 5517297 bytes
+~~ total memory allocated....: 5517321 bytes
+~~ total memory freed........: 5517321 bytes
 ~~ total allocations/frees...: 85904/85904
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/imap.pcap.out b/test/results/default/imap.pcap.out
index 0503495d2..95a08d43d 100644
--- a/test/results/default/imap.pcap.out
+++ b/test/results/default/imap.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213095262213846}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213095262213846}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213095262213846,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213846,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213972,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="}
@@ -9,7 +9,7 @@
 01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266594138,"flow_dst_last_pkt_time":1213095262264097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":65,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1213095266594138,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","imap": {"user":"samir","password":"pfres","auth_failed":0}}}
 02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780228,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780369,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":88,"avg":294609.8,"max":4331408,"stddev":1060070.4,"var":1123749068800.0,"ent":1.4,"data": [126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190]},"pktlen": {"min":52,"avg":101.9,"max":748,"stddev":125.9,"var":15857.5,"ent":4.4,"data": [60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748]},"bins": {"c_to_s": [18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1],"entropies": [4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780387,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780387,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1213095266780387}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1213095266780387}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501006 bytes
-~~ total memory freed........: 5501006 bytes
+~~ total memory allocated....: 5501030 bytes
+~~ total memory freed........: 5501030 bytes
 ~~ total allocations/frees...: 85895/85895
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/imaps.pcap.out b/test/results/default/imaps.pcap.out
index f04561e93..0a39ca2b2 100644
--- a/test/results/default/imaps.pcap.out
+++ b/test/results/default/imaps.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590857744659641}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590857744659641}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744659641,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1590857744659641,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1590857744706356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
@@ -9,7 +9,7 @@
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744749621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1590857744749621,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NrtAADQGz1CnY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfwWAAAAAQEICqnD6BkUTZ1k"}
 01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1590857744765146,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1590857744765232,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1610477173150912}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1610477173150912}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477173150912,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173150912,"pkt":"AAAAAAAAAAUA1\/WMCABFAABAAABAAEAGZgTAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82MwAAAgQFggEDAwUBAQgKD7SLwQAAAAAEAgAA"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1610477173152406,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173152406,"pkt":"AAAAAAAAAAwAMjBoCABFAABAAABAAD4GaATAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82PQAAAgQFeAEDAwUBAQgKD7SLwQAAAAAEAgAA"}
@@ -20,7 +20,7 @@
 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1610477173366776,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744949604,"flow_dst_last_pkt_time":1590857744987000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3308,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":2776,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1610477173366841}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1610477173366841}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 28/28
 ~~ skipped flows.............: 0
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514772 bytes
-~~ total memory freed........: 5514772 bytes
+~~ total memory allocated....: 5514812 bytes
+~~ total memory freed........: 5514812 bytes
 ~~ total allocations/frees...: 85912/85912
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/imo.pcap.out b/test/results/default/imo.pcap.out
index 59686f8d3..5a276d778 100644
--- a/test/results/default/imo.pcap.out
+++ b/test/results/default/imo.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646579366752245}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646579366752245}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646579366752245,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_usec":1646579366752245,"pkt":"CL6sCxdumt9Y+uvcCABFAADkB2xAAEARIpLAqAypuZuJHsA3jrcA0NESgTwOaEjDNFXzxmxamfOGor3xFD3A7FnCXNc+hJhFKrJOPpMIHUdqj1x7ZYe+fmL104ZlZ8QSGjgMDxxGQ47M5ARZG9YmBTkKmoomp0C2r5k7+UuqXgkHofa9I06kfQJKjgPnNwBdZocQSlex2Z6G1oBdByRvxIbfLnB1AU5Z2+ssSUPzcUN05190AJa8ogAW0Cie1vmNKFuiNZVeV2v82D2eARVTcN232VacWZMHJ\/PcqQx4XLqiWe9HSh0LDQkCIZoCAAAAAAA="}
 00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646579366752641,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1646579366752641,"pkt":"CL6sCxdumt9Y+uvcCABFAAFlB21AAEARIhDAqAypuZuJHsA3jrcBUW71gkcNAABefWxEZ6P52eWWE1NsVUgX\/f\/SEU49gh0z128SrDnndBBJ7Xzv30Qrd+KJJN6jW88s97nwOxW1SXOJ19HPmvCIhrHR5EVDIS67bqqmEITlpL2AWZxihzDdfZ9+dgCuOQIy4YhI67L+NII4MlG7p6wa+Z43u8VCM7MQ94E5SdjxWl3zDFPxVycVf7KV2xCPfzi+nLVEj6bW7qHP3SW0XSDmXsZYCq\/fkVzkG6GD9VCFwOzRvPlMFOvXxrdNScJnQTp3jwA9ixJO\/EZEvZGmxF8KX1lLWK60\/AnhsK8ResfH4lG\/M+7QsKf8h+0F6\/JreyOlSKUahDlCIMAkz9CNbMMyQvDt1lT9Ujr+5G5FKQSNp7Os7CbxgGOrC+XUDj1qcRw+csAXbivPEt1405allpHSrfAa3hDWEw734vz46COasfJjrLY="}
@@ -18,7 +18,7 @@
 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579368878172,"flow_dst_last_pkt_time":1646579368918568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":11806,"flow_dst_tot_l4_payload_len":720,"midstream":0,"thread_ts_usec":1646579368918568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":138459.7,"max":1002796,"stddev":305661.1,"var":93428727808.0,"ent":2.8,"data": [396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553]},"pktlen": {"min":38,"avg":419.4,"max":1252,"stddev":488.9,"var":239046.1,"ent":4.1,"data": [228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39]},"bins": {"c_to_s": [0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1],"entropies": [6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":37,"flow_first_seen":1646579366870607,"flow_src_last_pkt_time":1646579370069590,"flow_dst_last_pkt_time":1646579370091576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1052,"flow_dst_max_l4_payload_len":1039,"flow_src_tot_l4_payload_len":6713,"flow_dst_tot_l4_payload_len":11506,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579369944784,"flow_dst_last_pkt_time":1646579369921382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":12230,"flow_dst_tot_l4_payload_len":731,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1646579370091576}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1646579370091576}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -27,9 +27,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503045 bytes
-~~ total memory freed........: 5503045 bytes
-~~ total allocations/frees...: 85971/85971
+~~ total memory allocated....: 5503098 bytes
+~~ total memory freed........: 5503098 bytes
+~~ total allocations/frees...: 85972/85972
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 512 chars
 ~~ json message max len.......: 2199 chars
diff --git a/test/results/default/instagram.pcap.out b/test/results/default/instagram.pcap.out
index 2ff62d3e7..87c79219a 100644
--- a/test/results/default/instagram.pcap.out
+++ b/test/results/default/instagram.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436720898354402}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436720898354402}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898354402,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720898354402,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720898386781,"flow_dst_last_pkt_time":1436720898386781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1365,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720898386781,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -200,7 +200,7 @@
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1436720906017091,"flow_src_last_pkt_time":1436720906024293,"flow_dst_last_pkt_time":1436720906017091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906022462,"flow_src_last_pkt_time":1436720906022462,"flow_dst_last_pkt_time":1436720906022462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":103,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":635,"packets-processed":633,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1568796253770116}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":635,"packets-processed":633,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":12,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1568796253770116}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253770116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796253770116,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1568796253782515,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
@@ -242,7 +242,7 @@
 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1436720908531495,"flow_src_last_pkt_time":1436720908567842,"flow_dst_last_pkt_time":1436720908567720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1436720908531495,"flow_src_last_pkt_time":1436720908567842,"flow_dst_last_pkt_time":1436720908567720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1436720952561555,"flow_src_last_pkt_time":1436720952561891,"flow_dst_last_pkt_time":1436720952561555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":20,"flow_first_seen":1436720901182283,"flow_src_last_pkt_time":1436720908544038,"flow_dst_last_pkt_time":1436720908543916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":26795,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01079{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":20,"flow_first_seen":1436720901182283,"flow_src_last_pkt_time":1436720908544038,"flow_dst_last_pkt_time":1436720908543916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":26795,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":20,"flow_first_seen":1436720901182283,"flow_src_last_pkt_time":1436720908544038,"flow_dst_last_pkt_time":1436720908543916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":26795,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720908523744,"flow_src_last_pkt_time":1436720908523744,"flow_dst_last_pkt_time":1436720908570222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":263,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":38,"flow_first_seen":1436720942530885,"flow_src_last_pkt_time":1436720942620332,"flow_dst_last_pkt_time":1436720942621370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":52029,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","proto_id":"7.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
@@ -250,7 +250,7 @@
 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1436720908464754,"flow_src_last_pkt_time":1436720911139558,"flow_dst_last_pkt_time":1436720908464754,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1436720906017091,"flow_src_last_pkt_time":1436720906024293,"flow_dst_last_pkt_time":1436720906017091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1436720908581361,"flow_src_last_pkt_time":1436720908735963,"flow_dst_last_pkt_time":1436720908769563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":701,"flow_dst_tot_l4_payload_len":7369,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00968{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":26,"flow_dst_packets_processed":14,"flow_first_seen":1436720950909974,"flow_src_last_pkt_time":1436720950927186,"flow_dst_last_pkt_time":1436720950927431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1398,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36348,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01086{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":26,"flow_dst_packets_processed":14,"flow_first_seen":1436720950909974,"flow_src_last_pkt_time":1436720950927186,"flow_dst_last_pkt_time":1436720950927431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1398,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36348,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":26,"flow_dst_packets_processed":14,"flow_first_seen":1436720950909974,"flow_src_last_pkt_time":1436720950927186,"flow_dst_last_pkt_time":1436720950927431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1398,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36348,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1436720908572816,"flow_src_last_pkt_time":1436720908746828,"flow_dst_last_pkt_time":1436720908741762,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":877,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720952611482,"flow_src_last_pkt_time":1436720952611482,"flow_dst_last_pkt_time":1436720952611635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
@@ -262,7 +262,7 @@
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720952563081,"flow_src_last_pkt_time":1436720952563081,"flow_dst_last_pkt_time":1436720952563081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720899158632,"flow_dst_last_pkt_time":1436720899122651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":165,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1436720908466005,"flow_src_last_pkt_time":1436720908723359,"flow_dst_last_pkt_time":1436720910950960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":949,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":949,"flow_dst_tot_l4_payload_len":3722,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00965{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952593324,"flow_dst_last_pkt_time":1436720952591005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35450,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01083{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952593324,"flow_dst_last_pkt_time":1436720952591005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35450,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1436720952553865,"flow_src_last_pkt_time":1436720952593324,"flow_dst_last_pkt_time":1436720952591005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1418,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35450,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":40,"flow_first_seen":1436720900690339,"flow_src_last_pkt_time":1436720908566530,"flow_dst_last_pkt_time":1436720908566347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":518,"flow_dst_tot_l4_payload_len":47384,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","proto_id":"7.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1436720906070589,"flow_src_last_pkt_time":1436720908431856,"flow_dst_last_pkt_time":1436720908431917,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":949,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":949,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -271,7 +271,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1436720908524019,"flow_src_last_pkt_time":1436720908524019,"flow_dst_last_pkt_time":1436720908575624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00865{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00965{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01083{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":705,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1436720942507631,"flow_src_last_pkt_time":1436720942524171,"flow_dst_last_pkt_time":1436720942524385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":605,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1418,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21875,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1568796254728873,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265146962,"flow_dst_last_pkt_time":1568796265146962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796265146962,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1568796265146962,"flow_dst_last_pkt_time":1568796265146962,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796265146962,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
@@ -296,7 +296,7 @@
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254552721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":2243,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265177487,"flow_dst_last_pkt_time":1568796265178429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":6430,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265178757,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":847,"packets-processed":846,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":299,"global_ts_usec":1568796268054084}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":847,"packets-processed":846,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":299,"global_ts_usec":1568796268054084}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 847/846
 ~~ skipped flows.............: 0
@@ -305,9 +305,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5742391 bytes
-~~ total memory freed........: 5742391 bytes
-~~ total allocations/frees...: 87237/87237
+~~ total memory allocated....: 5743059 bytes
+~~ total memory freed........: 5743059 bytes
+~~ total allocations/frees...: 87241/87241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
 ~~ json message max len.......: 2493 chars
diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out
index 670a17dd0..1acc5020a 100644
--- a/test/results/default/ip_fragmented_garbage.pcap.out
+++ b/test/results/default/ip_fragmented_garbage.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534244024697756}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534244024697756}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244024697756,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"}
 00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792}
@@ -48,7 +48,7 @@
 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025305644,"flow_src_last_pkt_time":1534244025305644,"flow_dst_last_pkt_time":1534244025305644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025305644,"flow_src_last_pkt_time":1534244025305644,"flow_dst_last_pkt_time":1534244025305644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244025609837,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1252,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1534244025612419}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1252,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1252,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1534244025612419}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1252/4
 ~~ skipped flows.............: 0
@@ -57,8 +57,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504493 bytes
-~~ total memory freed........: 5504493 bytes
+~~ total memory allocated....: 5504565 bytes
+~~ total memory freed........: 5504565 bytes
 ~~ total allocations/frees...: 85893/85893
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 333 chars
diff --git a/test/results/default/iphone.pcap.out b/test/results/default/iphone.pcap.out
index b29d0744f..4d59d0d9b 100644
--- a/test/results/default/iphone.pcap.out
+++ b/test/results/default/iphone.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454552576659}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454552576659}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -353,7 +353,7 @@
 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354550,"flow_src_last_pkt_time":1582454599568888,"flow_dst_last_pkt_time":1582454595354550,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599930239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":356,"global_ts_usec":1582454600748726}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":356,"global_ts_usec":1582454600748726}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 500/486
 ~~ skipped flows.............: 0
@@ -362,8 +362,8 @@
 ~~ total active/idle flows...: 51/51
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6023272 bytes
-~~ total memory freed........: 6023272 bytes
+~~ total memory allocated....: 6024096 bytes
+~~ total memory freed........: 6024096 bytes
 ~~ total allocations/frees...: 87176/87176
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/ipp.pcap.out b/test/results/default/ipp.pcap.out
index 49e7efc9d..c570d2c5f 100644
--- a/test/results/default/ipp.pcap.out
+++ b/test/results/default/ipp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1210953938216729}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1210953938216729}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217203,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217203,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217778,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="}
@@ -25,7 +25,7 @@
 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938237615,"flow_dst_last_pkt_time":1210953938237601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":430,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01232{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":84,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953939433071,"flow_dst_last_pkt_time":1210953939433061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":201,"flow_src_tot_l4_payload_len":227621,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939492942,"flow_dst_last_pkt_time":1210953939492928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":267,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1210953939492942}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1210953939492942}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 279/277
 ~~ skipped flows.............: 0
@@ -34,8 +34,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510557 bytes
-~~ total memory freed........: 5510557 bytes
+~~ total memory allocated....: 5510613 bytes
+~~ total memory freed........: 5510613 bytes
 ~~ total allocations/frees...: 86171/86171
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/ipsec_isakmp_esp.pcap.out b/test/results/default/ipsec_isakmp_esp.pcap.out
index 77e37302f..7f5d2e8ae 100644
--- a/test/results/default/ipsec_isakmp_esp.pcap.out
+++ b/test/results/default/ipsec_isakmp_esp.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946744635161000}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946744635161000}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_usec":946744635161000,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -16,13 +16,13 @@
 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946744683923000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946744683923000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUf9AAD8R+g7AqAJkbe27wSkEAfQDEIC\/ptvAsDZxz3MAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKPdYigCp+92KcKsuEXZlhnHEhuifLSZc8ZATBK6Am\/FFkwLlLxi01\/su8846WqabjAARNRwfB5z5193Pwphmzmp266RnBoUl\/3pz4mlU\/n9muh+gHNxHK+YFKeysDnwZmLXN750iFjSq5jxx6VyhfOwRA8rRoUTc\/7ouz932qxpKQAAJLQ7vRlmydL+Ul7bbDT08bC8+Hw80zjeO6j+Uiw0ZsUfKQAAHAAAQAQxxY4jLA7mgVTyahplR1WBbxOGLAAAABwAAEAFT\/jiVZwITEymCyywlo+4FnUs+\/Q="}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744638478000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946744683965000,"flow_dst_last_pkt_time":946744683994000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":946745300340000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":946745300340000}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745301909000,"flow_dst_last_pkt_time":946745301906000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":11540,"flow_dst_tot_l4_payload_len":3360,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745300381000,"flow_dst_last_pkt_time":946745300411000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 02243{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745723299000,"flow_dst_last_pkt_time":946745723443000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":12356,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":946745723443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":70207096.0,"max":662067000,"stddev":185660096.0,"var":34469670203424768.0,"ent":2.0,"data": [122000,677000,771000,222000,34000,2372000,0,1000,23000,2387000,0,0,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,0,0,421000,0,4000,138000,188000,12771000,421390000,408766000]},"pktlen": {"min":108,"avg":528.1,"max":1360,"stddev":468.7,"var":219671.5,"ent":4.5,"data": [844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]},"bins": {"c_to_s": [0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0],"s_to_c": [0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1],"entropies": [7.741627216,6.965078831,6.116603374,5.779674053,6.059063911,7.410885334,7.860165119,7.863566875,7.772638798,7.854592800,6.636003017,6.657938480,6.612657070,7.764769077,6.596687317,7.754736900,6.881987095,6.222157478,5.801217556,6.004589081,7.442288876,7.852550507,7.852631569,7.794322968,6.638905048,6.506283283,6.772091866,7.817639828,6.695438385,5.748310089,7.756398201,6.820323944]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745725650000,"flow_dst_last_pkt_time":946745725647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":16260,"flow_dst_tot_l4_payload_len":5568,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":946747247312000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":946747247312000}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747248843000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7776,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747261671000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946747261671000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -34,7 +34,7 @@
 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":946747358471000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946747358471000,"pkt":"eJS0JASgYDjgxTWgCABFAAMky5lAAD8RgHTAqAJkbe27wSkEAfQDENE8Xx5ARHc3sUwAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALUzPvLATEvPAmt1+v3XgV5BrU6J8VIxBpzDlj7BbeRNWAeR+8a6CYsZa06yqW3zsF6dcdKcWUe6Yw5aaNYgBvSZpq61fWVMVSdZ8vTOeYSlweaX2ssPB\/CLmB1N5ipdRNjAgrEkk9c1K4SgeaBkstUpKGoCBtx3xfTXB+gmzf1VKQAAJNNNASfat4S6z1UcMvvGsu3JcFrPuvzdGt3NKTAK0PVQKQAAHAAAQASzXyQsxaFEsHhWCH0QAz432xWiKQAAABwAAEAFGLDWKxL5PHcyhK2S4pdCoubwZjU="}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747358511000,"flow_dst_last_pkt_time":946747358542000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":946748116878000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":946748116878000}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748252067000,"flow_dst_last_pkt_time":946748252067000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946748252067000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -61,11 +61,11 @@
 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":946748298621000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946748298621000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk81pAAD8RWLHAqAJkbe27wykEAfQDEL4wXlzqAsgd3NEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAABGkLDJYlvimMVikZIJao0l8nDn5kMqeV19l95wHRHg9qC4yVoqQEAO1wxZCuFKvX1LBIU3s3wsGe2N4evBpjao\/Pny14kuwEp6ydRCF3auK2xgcGKEllo4hRl7tYj+cK0SHIn+CMGzAqT3kd2PlYpMZaQJfJG+3Ev+EkkpdUOoeKQAAJP6NnJfRkTTcKCv\/VqdU4oNffpYomKHKD1rwmiNSWBc0KQAAHAAAQATpeanOKc+14oR62Hrez\/POQ4Wy9QAAABwAAEAF\/Ci4af9LO9\/uVfyqcmROV6J9p6c="}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748253414000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":946748870137000}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":946748870137000}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748266345000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748871538000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":946749778334000}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":946749778334000}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946749778334000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -81,13 +81,13 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":946749779343000,"flow_dst_last_pkt_time":946749779338000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946749779343000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8539AAD8RZzXAqAJkbe27wjikEZQAaLvWAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAwAAAFwnAABAaLDB2lNfq5sjiritMiyPVcJ5MmrNl4SJCasAkAUouZiTrZ8tDkbm1r1Trbr79D49MfumEFkLpOp1YiWs"}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748884718000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":946750800427000}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":946750800427000}
 01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946749778401000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946750802633000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkr8NAAD8RnEnAqAJkbe27wikEAfQDELXOkEkalVBl\/K0AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAPyiRqRb\/A0IFjOXjhDiq5RFCImpZ68NNwcQxBZvgJzrKNK3+3xuRAJ7jQNQpEgz+2L\/Td5c14rGxSZM6w9sUYgwqqMGXpA72jiv\/4czuKxD6SbMc+8pGVZ\/1CSN9hccLjaN\/KNarwgaRjmkaTYnGsewHe4MLp6coknVTYnEyT2TKQAAJEJGvKF8VnGtvSnxxMrOeTU3kL1E+nVj3FJ6ZUXX52S9KQAAHAAAQATEmVA1Ayed3Mzf6OPwNFqxXeNCkgAAABwAAEAFVSBGs\/2jTbJ\/AAS7m7ud3qwGOy8="}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802633000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750900940000,"flow_dst_last_pkt_time":946750900970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":946752053636000}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":946752053636000}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946752053636000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -118,11 +118,11 @@
 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":946752615801000,"flow_dst_last_pkt_time":946752615796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946752615801000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8YjtAAD8R7LjAqAJkbe27gzikEZQAaKKDAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAwAAAFwnAABAYgQABklwqk19f3RLLUrXcdZeQThgHvokOw7ZgiIiV+xRm\/Vegbdr0vddHFArr2AxvmIdMXYfOPpikICD"}
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946752053740000,"flow_src_last_pkt_time":946752055364000,"flow_dst_last_pkt_time":946752068592000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053676000,"flow_dst_last_pkt_time":946752053697000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":1576,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":946753056378000}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":946753056378000}
 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":946753056378000,"flow_dst_last_pkt_time":946752614899000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946753056378000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk4A9AAD8RbDzAqAJkbe27gykEAfQDEL8VqoLIT\/EzCLAAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAOdvu1j09owjt9UvseK9VIuxoPZR\/bYWO5S4TN7oD3jev443nVodeHch6RFayzZEki5emMomRCrgNFuvlRgaeRpHEemxNYFdAWJKFtbMtNDl30\/geXBa5nSc5USTy9ixtngfOPCaTM957Vt8FfYS+xLvKJ1ZIlggi4aea4oqGzEWKQAAJB64swUSkLQn4x1pHHMTfvky6JcWpGBjhuSQsyO5UHP2KQAAHAAAQATXS05uAu8\/AgvnrnqUJli+KXDKcwAAABwAAEAFE4a6Haq4k5w5SGwuMbDqbj1ZWRI="}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753058095000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":946756085796000}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":946756085796000}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_usec":946756085796000,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -139,7 +139,7 @@
 01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":946756088542000,"flow_dst_last_pkt_time":946756088542000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":946756088542000,"pkt":"eJS0JASgYDjgxTWgCABFAAHsAt5AAP0RjGfAqAJkbe27wasjAfQB2PjuV1VaYDODcC0AAAAAAAAAACEgIggAAAAAAAAB0CIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAA4DAAAIBAAABQAAAAgEAAACKAABCAAOAAASaTFF62fUXHpfs421Rj\/gYaPc2AkWEe7D1IKcm3l6qaEq6h066W69gZ+A399DYsfZndmEGgax9bhjEGbDeL91KQ5kk8G\/ZkID33MXl58dgACMQOV2mwGoscE8xtRB+E32RcQuG7Nonwhc00cnnFpxVz54FULdUSbtCVV\/NJupUcqjc6oaj9SBnERU6TDP8ODv30ZRO8RPNYMJ\/Ci\/se1NSrmxSgCJbX4M7XFLRP+h1qNGc6gcZZyTDUYfAjaqE5Mcwoz2lDCUcBdmnuShzdw+sjHtwCatv+tdhBkIHppgjI3v+rdOmcf6h4xWdhiO2fobg7Zsnzmo+WEBgaX0p7s5KQAAGFc4NCc5\/VYp3Uji1ua\/t8i0d0i9KQAAHAAAQARFpSuayCZd17VHTR3uyF2NADufcwAAABwAAEAFsrc\/ZzzlOYJlIxNu77WxSEj0O24="}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753071332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":142,"global_ts_usec":946763512822000}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":142,"global_ts_usec":946763512822000}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946763512822000,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
@@ -318,7 +318,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":336,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":488,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1156,"flow_dst_max_l4_payload_len":1156,"flow_src_tot_l4_payload_len":3212,"flow_dst_tot_l4_payload_len":5544,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":336,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":488,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":834,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_usec":946763527783000}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":834,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":416694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_usec":946763527783000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 834/834
 ~~ skipped flows.............: 0
@@ -327,8 +327,8 @@
 ~~ total active/idle flows...: 36/36
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5598235 bytes
-~~ total memory freed........: 5598235 bytes
+~~ total memory allocated....: 5598819 bytes
+~~ total memory freed........: 5598819 bytes
 ~~ total allocations/frees...: 87081/87081
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 573 chars
diff --git a/test/results/default/ipv6_in_gtp.pcap.out b/test/results/default/ipv6_in_gtp.pcap.out
index d3903b229..014ebf98f 100644
--- a/test/results/default/ipv6_in_gtp.pcap.out
+++ b/test/results/default/ipv6_in_gtp.pcap.out
@@ -1,11 +1,11 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536839120404326}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536839120404326}
 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536839120404326,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326}
 00500{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1536840494424533}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1536840494424533}
 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536840494424533,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533}
 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1536840494424533}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1536840494424533}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/0
 ~~ skipped flows.............: 0
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 304 chars
-~~ json message max len.......: 638 chars
-~~ json message avg len.......: 470 chars
+~~ json message max len.......: 636 chars
+~~ json message avg len.......: 469 chars
diff --git a/test/results/default/irc.pcap.out b/test/results/default/irc.pcap.out
index bfaff9b12..be84efbdb 100644
--- a/test/results/default/irc.pcap.out
+++ b/test/results/default/irc.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387554241634815}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387554241634815}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387554241634815,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241634815,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241665525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241665525,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
@@ -8,7 +8,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387554241665610,"flow_dst_last_pkt_time":1387554241695656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387554241695656,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"}
 01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241695673,"flow_dst_last_pkt_time":1387554241695929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1387554241695929,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}}
 01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554256171358,"flow_dst_last_pkt_time":1387554256201831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":6901,"midstream":0,"thread_ts_usec":1387554256201831,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387554256201831}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387554256201831}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 29/29
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500889 bytes
-~~ total memory freed........: 5500889 bytes
+~~ total memory allocated....: 5500913 bytes
+~~ total memory freed........: 5500913 bytes
 ~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/iso9506-1-mms.pcap.out b/test/results/default/iso9506-1-mms.pcap.out
index a9d196a41..8c0b51677 100644
--- a/test/results/default/iso9506-1-mms.pcap.out
+++ b/test/results/default/iso9506-1-mms.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1216384411913551}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1216384411913551}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1216384411913551,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411913551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1216384411913551,"pkt":"AAAjBjHKABshAvedCABFAAAwHcpAAIAGunKsEABlrBDKBQVBAGaSqRQbAAAAAHAC\/\/+0KAAAAgQFtAEBBAI="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1216384411913551,"flow_dst_last_pkt_time":1216384411916598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1216384411916598,"pkt":"ABshAvedAAAjBjHKCABFAAAsDFVAAEAGC+ysEMoFrBAAZQBmBUFKLAn9kqkUHGASIABU9QAAAgQFtAAA"}
@@ -8,7 +8,7 @@
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1216384411916691,"flow_dst_last_pkt_time":1216384411922643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1216384411922643,"pkt":"ABshAvedAAAjBjHKCABFAAAoDFZAAEAGC++sEMoFrBAAZQBmBUFKLAn+kqkUMlAQH+5srgAAAAAAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384411923486,"flow_dst_last_pkt_time":1216384411923392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":189,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1216384411923486,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1216384411913551,"flow_src_last_pkt_time":1216384412526501,"flow_dst_last_pkt_time":1216384412526472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":374,"flow_dst_tot_l4_payload_len":283,"midstream":0,"thread_ts_usec":1216384412526501,"l3_proto":"ip4","src_ip":"172.16.0.101","dst_ip":"172.16.202.5","src_port":1345,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ISO9506-1-MMS","proto_id":"366","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1216384412526501}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/iso9506-1-mms.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1216384412526501}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 22/22
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500659 bytes
-~~ total memory freed........: 5500659 bytes
+~~ total memory allocated....: 5500683 bytes
+~~ total memory freed........: 5500683 bytes
 ~~ total allocations/frees...: 85883/85883
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/default/ja3_lots_of_cipher_suites.pcap.out
index d4c454aec..74e0b8369 100644
--- a/test/results/default/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/default/ja3_lots_of_cipher_suites.pcap.out
@@ -1,5 +1,5 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557818846743554}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557818846743554}
 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846743554,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554}
 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="}
 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846744536,"packet_id":2,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536}
@@ -22,7 +22,7 @@
 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="}
 00315{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846965822,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822}
 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1557818846965822}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1557818846965822}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/0
 ~~ skipped flows.............: 0
@@ -31,8 +31,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 318 chars
diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
index 2d45c2081..778a217f9 100644
--- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -1,5 +1,5 @@
-00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505724520744830}
+00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505724520744830}
 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830}
 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -34,7 +34,7 @@
 00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639}
 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1505724526702991}
+00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1505724526702991}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
 ~~ skipped flows.............: 0
@@ -43,8 +43,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498756 bytes
-~~ total memory freed........: 5498756 bytes
+~~ total memory allocated....: 5498780 bytes
+~~ total memory freed........: 5498780 bytes
 ~~ total allocations/frees...: 85887/85887
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 371 chars
diff --git a/test/results/default/jabber.pcap.out b/test/results/default/jabber.pcap.out
index e1bce7c76..fd8a599cb 100644
--- a/test/results/default/jabber.pcap.out
+++ b/test/results/default/jabber.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502379693992994}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502379693992994}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502379723841804,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502379723841804,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502379723841804,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAZ6hAAEAGAACsEAA+rBABit8GFGbDqJX1AAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgMEJwAAAAAEAgAA"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723842248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1502379723842248,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3wagxQKCw6iV9qASOJCmRgAAAgQFtAQCCAoAGMyaTgMEJwEDAwc="}
@@ -30,7 +30,7 @@
 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1502380249631374,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1502380249634488,"pkt":"aFs1pN2oTl6SKSKGCABFAAE1Pq1AAEAGoS2sEAGKrBAAPhRm3ylj1cyM0mps5oAYALXYFQAAAQEICgAg0ohOCwBMPGlxIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY3MteG1wcC5sYW4nIHR5cGU9J3Jlc3VsdCcgaWQ9J3B1cnBsZWRkZTgwZmRhJz48Y29tbWFuZCBzdGF0dXM9J2NvbXBsZXRlZCcgc2Vzc2lvbmlkPScyMDE3LTA4LTEwVDE1OjUxOjAxLjI1MjkxMlonIG5vZGU9J3BpbmcnIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcyc+PG5vdGU+UG9uZzwvbm90ZT48L2NvbW1hbmQ+PC9pcT4="}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1502380249634544,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380249634544,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YMNAAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAQH+9aDwAAAQEICk4LAE8AINKI"}
 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1502380277582533,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1502380277582533,"pkt":"Tl6SKSKGaFs1pN2oCABFAADNNV5AAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAYIABaqAAAAQEICk4LbPsAINKIPGlxIHR5cGU9J3NldCcgaWQ9J3B1cnBsZWRkZTgwZmRiJyB0bz0ndG9tQGNzLXhtcHAubGFuL2RhcmtzdGFyJz48Y29tbWFuZCB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvY29tbWFuZHMnIG5vZGU9J3BpbmcnIGFjdGlvbj0nZXhlY3V0ZScvPjwvaXE+"}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":192,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1502380393542116}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":192,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1502380393542116}
 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1502380213387324,"flow_src_last_pkt_time":1502380213388002,"flow_dst_last_pkt_time":1502380213388141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1502380400412342,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502380724652555,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502380724652555,"pkt":"Tl6SKSKGaFs1pN2oCABFAABA60NAAEAGAACsEAA+rBABit87FGY\/5vETAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKThI3ywAAAAAEAgAA"}
@@ -47,9 +47,9 @@
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1502380915486271,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486271,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0E55AAEAGAACsEAA+rBABit89FGZwJ5T3nxoW8IAQH+ZaDwAAAQEICk4VHZ0AKvuW"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1502380915486274,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486274,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YBZAAEAGAACsEAA+rBABit89FGZwJ5T3nxoXaIAQH99aDwAAAQEICk4VHZ0AKvuW"}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380725074115,"flow_dst_last_pkt_time":1502380725074074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":654,"flow_dst_tot_l4_payload_len":772,"midstream":0,"thread_ts_usec":1502380919392608,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":260,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1502381519875958}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":260,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1502381519875958}
 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381566576939,"flow_dst_last_pkt_time":1502381566616902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":2076,"midstream":1,"thread_ts_usec":1502381566616902,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":42007464.0,"max":600487770,"stddev":147104800.0,"var":21639823353708544.0,"ent":1.4,"data": [5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992]},"pktlen": {"min":52,"avg":150.8,"max":515,"stddev":117.9,"var":13893.8,"ent":4.6,"data": [291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52]},"bins": {"c_to_s": [9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":289,"packets-processed":270,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1504181789350325}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":289,"packets-processed":270,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1504181789350325}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1504181789350325,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789350325,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789365849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789365849,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"}
@@ -61,7 +61,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":42,"flow_first_seen":1502380175298881,"flow_src_last_pkt_time":1502380177456026,"flow_dst_last_pkt_time":1502380177455920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":611,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2785,"flow_dst_tot_l4_payload_len":11026,"midstream":0,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1502380249631374,"flow_src_last_pkt_time":1502380673059689,"flow_dst_last_pkt_time":1502380673059601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":415,"flow_src_tot_l4_payload_len":1810,"flow_dst_tot_l4_payload_len":1679,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381571702000,"flow_dst_last_pkt_time":1502381571701912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":2292,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":302,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1642668994159000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":302,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1642668994159000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642668994159000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642668994159000,"pkt":"eJS0JASgYDjgxTWgCABFAAA800FAAD8GO9vAqAJkoCzJZoWqFGdT1L5OAAAAAKAC\/\/8mUQAAAgQFtAQCCAoBJke0AAAAAAEDAwg="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642668994188000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnhar53fA8U9S+T2ASchBjHgAAAgQFrAAA"}
@@ -70,7 +70,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642668994258000,"flow_dst_last_pkt_time":1642668994287000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642668994287000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoSzhAADQGzvigLMlmwKgCZBRnhar53fA9U9S+lFAQchB6jgAAAAAAAAAA"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994559000,"flow_dst_last_pkt_time":1642668994588000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642668994588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789417901,"flow_dst_last_pkt_time":1504181789418468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642669000423000,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":317,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642778258433000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":317,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642778258433000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642778258433000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642778258433000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d8hAAD8Gl1TAqAJkoCzJZpLuFGecNBm6AAAAAKAC\/\/9wIgAAAgQFtAQCCAoBEkznAAAAAAEDAwg="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642778258461000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnku46NBuqnDQZu2ASchBGSwAAAgQFrAAA"}
@@ -79,7 +79,7 @@
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1642778258489000,"flow_dst_last_pkt_time":1642778258516000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642778258516000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo48VAADQGNmugLMlmwKgCZBRnku46NBurnDQaAFAQchBduwAAAAAAAAAA"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258571000,"flow_dst_last_pkt_time":1642778258598000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642778258598000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642669300326000,"flow_dst_last_pkt_time":1642669300354000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1642778258609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":332,"packets-processed":313,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1643022225544000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":332,"packets-processed":313,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1643022225544000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643022225544000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643022225544000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zN5AAD8GQj7AqAJkoCzJZuQUFGd9pY4kAAAAAKAC\/\/92oQAAAgQFtAQCCAoAzZ+rAAAAAAEDAwg="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225570000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1643022225570000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRn5BT7kgHsfaWOJWASchD3qAAAAgQFrAAA"}
@@ -88,7 +88,7 @@
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1643022225794000,"flow_dst_last_pkt_time":1643022225820000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1643022225820000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCxAADQGfgSgLMlmwKgCZBRn5BT7kgHtfaWOalAQchAPGQAAAAAAAAAA"}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225968000,"flow_dst_last_pkt_time":1643022225994000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1643022225994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778652194000,"flow_dst_last_pkt_time":1642778652221000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1643022226078000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":347,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1644679789249000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":347,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1644679789249000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644679789249000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1644679789249000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86SVAAD8GJffAqAJkoCzJZqHMFGfTtLH2AAAAAKAC\/\/\/oLAAAAgQFtAQCCAoAcfbiAAAAAAEDAwg="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789279000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1644679789279000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnocwJMPUa07Sx92ASchC\/QwAAAgQFrAAA"}
@@ -97,7 +97,7 @@
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1644679789350000,"flow_dst_last_pkt_time":1644679789379000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1644679789379000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo8ipAADQGKAagLMlmwKgCZBRnocwJMPUb07SyPFAQchDWswAAAAAAAAAA"}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789719000,"flow_dst_last_pkt_time":1644679789612000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":305,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1644679789719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022526171000,"flow_dst_last_pkt_time":1643022526197000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1644679789757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":362,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":100,"global_ts_usec":1655985683694000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":362,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":100,"global_ts_usec":1655985683694000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655985683694000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655985683694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eV5AAD8Glb7AqAJkoCzJZoUWFGfmtmUZAAAAAKAC\/\/8wrwAAAgQFtAQCCAoAZQT+AAAAAAEDAwg="}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683717000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655985683717000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADQGGimgLMlmwKgCZBRnhRZwZZi25rZlGnASchD1\/AAAAgQFrAEBBAI="}
@@ -107,7 +107,7 @@
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683850000,"flow_dst_last_pkt_time":1655985683872000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1655985683872000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679824897000,"flow_dst_last_pkt_time":1644679789748000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":339,"flow_dst_tot_l4_payload_len":69,"midstream":0,"thread_ts_usec":1655985690292000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985963380000,"flow_dst_last_pkt_time":1655985963406000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1655985963406000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":376,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1655985963406000}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":376,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1655985963406000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 376/358
 ~~ skipped flows.............: 0
@@ -116,8 +116,8 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5556823 bytes
-~~ total memory freed........: 5556823 bytes
+~~ total memory allocated....: 5557023 bytes
+~~ total memory freed........: 5557023 bytes
 ~~ total allocations/frees...: 86351/86351
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/jsonrpc.pcap.out b/test/results/default/jsonrpc.pcap.out
index e6beb1c90..9890d2509 100644
--- a/test/results/default/jsonrpc.pcap.out
+++ b/test/results/default/jsonrpc.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702942987672326}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702942987672326}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987672326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672326,"pkt":"AAAAAAAAAAAAAAAACABFAAA8+WJAAEAGQ1d\/AAABfwAAAY8mH5DaosURAAAAAKACggD+MAAAAgT\/1wQCCAofUODzAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702942987672326,"flow_dst_last_pkt_time":1702942987672335,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702942987672335,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAR+QjyZvObaZ2qLFEqASggD+MAAAAgT\/1wQCCAofUODzH1Dg8wEDAwc="}
@@ -17,7 +17,7 @@
 01452{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"mdotti.dyndns.org","http": {"url":"mdotti.dyndns.org\/zabbix\/jsrpc.php?output=json-rpc","code":200,"content_type":"application\/json-rpc","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/39.0.2171.95 Safari\/537.36","request_content_type":"application\/json-rpc","detected_os":"Intel Mac OS X 10_9_2"}}}
 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987682387,"flow_src_last_pkt_time":1702942987682387,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1070,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"192.168.8.251","dst_ip":"179.99.210.200","src_port":51084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.JSON-RPC","proto_id":"7.375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702942987672326,"flow_src_last_pkt_time":1702942987682379,"flow_dst_last_pkt_time":1702942987682387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702942987682387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"JSON-RPC","proto_id":"375","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1702942987682387}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/jsonrpc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1791,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1702942987682387}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 16/16
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502995 bytes
-~~ total memory freed........: 5502995 bytes
+~~ total memory allocated....: 5503035 bytes
+~~ total memory freed........: 5503035 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/kafka.pcapng.out b/test/results/default/kafka.pcapng.out
index 2f49b7a01..f9bb67845 100644
--- a/test/results/default/kafka.pcapng.out
+++ b/test/results/default/kafka.pcapng.out
@@ -1,14 +1,14 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703132756328165}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703132756328165}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703132756328165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328165,"pkt":"AAAAAAAAAAAAAAAACABFAAA8Eq5AAEAGKgx\/AAABfwAAAbQ4I4TC+vYrAAAAAKACQQD+MAAAAgT\/1wQCCApRp0SoAAAAAAEDAwA="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703132756328165,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703132756328170,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASOEtDhFvmxLwvr2LKASyyD+MAAAAgT\/1wQCCApRp0SoUadEqAEDAwA="}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1703132756328175,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703132756328175,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Eq9AAEAGKhN\/AAABfwAAAbQ4I4TC+vYsRb5sTIAQQQD+KAAAAQEIClGnRKhRp0So"}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1703132756329238,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1703132756329238,"pkt":"AAAAAAAAAAAAAAAACABFAABsErBAAEAGKdp\/AAABfwAAAbQ4I4TC+vYsRb5sTIAYQQD+YAAAAQEIClGnRKlRp0SoAAAANAASAAMAAAADABBjb25zb2xlLXByb2R1Y2VyABJhcGFjaGUta2Fma2EtamF2YQYzLjYuMQA="}
-00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132756329238,"flow_dst_last_pkt_time":1703132756328170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703132756329238,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1703132756329238,"flow_dst_last_pkt_time":1703132756329244,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703132756329244,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HC9AAEAGIJN\/AAABfwAAASOEtDhFvmxMwvr2ZIAQyuj+KAAAAQEIClGnRKlRp0Sp"}
+00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132756329238,"flow_dst_last_pkt_time":1703132756329655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":446,"midstream":0,"thread_ts_usec":1703132756329655,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":7,"flow_first_seen":1703132756328165,"flow_src_last_pkt_time":1703132769960435,"flow_dst_last_pkt_time":1703132769960418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":307,"flow_dst_tot_l4_payload_len":660,"midstream":0,"thread_ts_usec":1703132769960435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46136,"dst_port":9092,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kafka","proto_id":"377","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1703132769960435}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/kafka.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1703132769960435}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498524 bytes
-~~ total memory freed........: 5498524 bytes
-~~ total allocations/frees...: 85879/85879
+~~ total memory allocated....: 5500596 bytes
+~~ total memory freed........: 5500596 bytes
+~~ total allocations/frees...: 85880/85880
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
 ~~ json message max len.......: 967 chars
-~~ json message avg len.......: 745 chars
+~~ json message avg len.......: 740 chars
diff --git a/test/results/default/kcp.pcap.out b/test/results/default/kcp.pcap.out
index 740d6adcb..5f30b93dc 100644
--- a/test/results/default/kcp.pcap.out
+++ b/test/results/default/kcp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1704996858262666}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1704996858262666}
 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1534,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1534,"pkt_l4_len":1480,"thread_ts_usec":1704996858262666,"pkt":"AAAAAAAAAAAAAAAAht1gD7F6BcgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABuPwfQAXIBdsKAAAAUQKAABQAAAAAAAAAAAAAAKgFAAAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmpw=="}
 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996858262666,"flow_src_last_pkt_time":1704996858262666,"flow_dst_last_pkt_time":1704996858262666,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996858262666,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47356,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -33,7 +33,7 @@
 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996867563690,"flow_src_last_pkt_time":1704996867563690,"flow_dst_last_pkt_time":1704996867563690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":61499,"dst_port":15990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996873963560,"flow_src_last_pkt_time":1704996873963560,"flow_dst_last_pkt_time":1704996873963560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47270,"dst_port":52845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1704996864362941,"flow_src_last_pkt_time":1704996864362941,"flow_dst_last_pkt_time":1704996864362941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1472,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1704996873963581,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":52761,"dst_port":8661,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"KCP","proto_id":"385","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1704996873963581}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/kcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":33184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1704996873963581}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
 ~~ skipped flows.............: 0
@@ -42,10 +42,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5512455 bytes
-~~ total memory freed........: 5512455 bytes
+~~ total memory allocated....: 5512575 bytes
+~~ total memory freed........: 5512575 bytes
 ~~ total allocations/frees...: 85976/85976
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 565 chars
+~~ json message min len.......: 563 chars
 ~~ json message max len.......: 2540 chars
-~~ json message avg len.......: 1551 chars
+~~ json message avg len.......: 1550 chars
diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out
index c4c269c51..7f216a623 100644
--- a/test/results/default/kerberos-error.pcap.out
+++ b/test/results/default/kerberos-error.pcap.out
@@ -1,11 +1,11 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515964250491}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515964250491}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"}
 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1645515964609203}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1645515964609203}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 576 chars
+~~ json message min len.......: 574 chars
 ~~ json message max len.......: 1027 chars
-~~ json message avg len.......: 791 chars
+~~ json message avg len.......: 790 chars
diff --git a/test/results/default/kerberos-login.pcap.out b/test/results/default/kerberos-login.pcap.out
index 1ec2b678b..4135c1298 100644
--- a/test/results/default/kerberos-login.pcap.out
+++ b/test/results/default/kerberos-login.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946716066779388}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946716066779388}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716066779388,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="}
 00992{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}}
@@ -55,7 +55,7 @@
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":946724453221239}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":946724453221239}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221239,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221239,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221278,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="}
@@ -77,7 +77,7 @@
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":1228,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453222354,"flow_dst_last_pkt_time":946724453222308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":3108,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":946724453222354}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":946724453222354}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 39/39
 ~~ skipped flows.............: 0
@@ -86,8 +86,8 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525196 bytes
-~~ total memory freed........: 5525196 bytes
+~~ total memory allocated....: 5525412 bytes
+~~ total memory freed........: 5525412 bytes
 ~~ total allocations/frees...: 86032/86032
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out
index c2642bf84..61c1e0d5d 100644
--- a/test/results/default/kerberos.pcap.out
+++ b/test/results/default/kerberos.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1549337929790448}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1549337929790448}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
 01008{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}}
@@ -126,9 +126,9 @@
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952282970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337952282970,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952282970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1549337952282970,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1549337952283232,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
-00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337951711983,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":516,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337951711983,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":516,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1549337930219494,"flow_src_last_pkt_time":1549337951711983,"flow_dst_last_pkt_time":1549337951711741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":516,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00873{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1549337940432879,"flow_src_last_pkt_time":1549337940433720,"flow_dst_last_pkt_time":1549337940433470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":579,"flow_dst_tot_l4_payload_len":284,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":278,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929811952,"flow_src_last_pkt_time":1549337929811952,"flow_dst_last_pkt_time":1549337929812641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":319,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":112,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -144,7 +144,7 @@
 00997{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":68,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931198672,"flow_src_last_pkt_time":1549337931198672,"flow_dst_last_pkt_time":1549337931199586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":68,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931210214,"flow_src_last_pkt_time":1549337931210214,"flow_dst_last_pkt_time":1549337931211149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1432,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":1452,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01002{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":136,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
+01120{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":136,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211741,"flow_src_last_pkt_time":1549337931211741,"flow_dst_last_pkt_time":1549337931213235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1064,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1064,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1064,"flow_dst_tot_l4_payload_len":136,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931218156,"flow_src_last_pkt_time":1549337931218156,"flow_dst_last_pkt_time":1549337931219086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":115,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -167,27 +167,27 @@
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952280187,"flow_src_last_pkt_time":1549337952280187,"flow_dst_last_pkt_time":1549337952281091,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":179,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00994{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282931,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":48,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"","username":""}}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282931,"flow_src_last_pkt_time":1549337952282931,"flow_dst_last_pkt_time":1549337952282964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":48,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00940{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01058{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929983344,"flow_src_last_pkt_time":1549337929983344,"flow_dst_last_pkt_time":1549337929983901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931189901,"flow_src_last_pkt_time":1549337931189901,"flow_dst_last_pkt_time":1549337931190653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931211848,"flow_src_last_pkt_time":1549337931211848,"flow_dst_last_pkt_time":1549337931213237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":242,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":242,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":242,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937690226,"flow_src_last_pkt_time":1549337937690226,"flow_dst_last_pkt_time":1549337937691075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337937700823,"flow_src_last_pkt_time":1549337937700823,"flow_dst_last_pkt_time":1549337937701643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":266,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952267129,"flow_src_last_pkt_time":1549337952267129,"flow_dst_last_pkt_time":1549337952267833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952273984,"flow_src_last_pkt_time":1549337952273984,"flow_dst_last_pkt_time":1549337952274576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":330,"flow_dst_tot_l4_payload_len":210,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00941{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01059{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337929817554,"flow_src_last_pkt_time":1549337929817554,"flow_dst_last_pkt_time":1549337929818281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01060{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01060{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 77/77
 ~~ skipped flows.............: 0
@@ -196,10 +196,10 @@
 ~~ total active/idle flows...: 36/36
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5627426 bytes
-~~ total memory freed........: 5627426 bytes
-~~ total allocations/frees...: 86347/86347
+~~ total memory allocated....: 5628179 bytes
+~~ total memory freed........: 5628179 bytes
+~~ total allocations/frees...: 86360/86360
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2499 chars
-~~ json message avg len.......: 1534 chars
+~~ json message avg len.......: 1533 chars
diff --git a/test/results/default/kerberos_fuzz.pcapng.out b/test/results/default/kerberos_fuzz.pcapng.out
index 094d2c48c..0dcaaf4b3 100644
--- a/test/results/default/kerberos_fuzz.pcapng.out
+++ b/test/results/default/kerberos_fuzz.pcapng.out
@@ -1,10 +1,10 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633884084000000}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633884084000000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_usec":1633884084000000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"}
 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}}
 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633884084000000}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633884084000000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5497974 bytes
-~~ total memory freed........: 5497974 bytes
+~~ total memory allocated....: 5497998 bytes
+~~ total memory freed........: 5497998 bytes
 ~~ total allocations/frees...: 85860/85860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 1044 chars
-~~ json message avg len.......: 789 chars
+~~ json message avg len.......: 788 chars
diff --git a/test/results/default/kismet.pcap.out b/test/results/default/kismet.pcap.out
index f20e4fda9..66ba8aca7 100644
--- a/test/results/default/kismet.pcap.out
+++ b/test/results/default/kismet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1144004385285325}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1144004385285325}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1144004385285325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285325,"pkt":"AAAAAAAAAAAAAAAACABFAAA0PIZAAIAGwDt\/AAABfwAAAYURCcWza5HWAAAAAIACf\/\/iowAAAgRADAEBBAIBAwMC"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285353,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIAG\/MF\/AAABfwAAAQnFhRGzPp6Js2uR14ASf\/+QygAAAgRADAEBBAIBAwMC"}
@@ -9,7 +9,7 @@
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1144004385285602,"flow_dst_last_pkt_time":1144004385285561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1144004385285602,"pkt":"AAAAAAAAAAAAAAAACABFAAAoPIhAAIAGwEV\/AAABfwAAAYURCcWza5HXsz6fUVAQIABrKAAA"}
 02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004397698680,"flow_dst_last_pkt_time":1144004398798485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1777,"midstream":0,"thread_ts_usec":1144004398798485,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":836339.2,"max":1099852,"stddev":406205.2,"var":165002641408.0,"ent":4.7,"data": [28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828]},"pktlen": {"min":40,"avg":128.9,"max":1085,"stddev":184.2,"var":33913.2,"ent":4.2,"data": [52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004399898338,"flow_dst_last_pkt_time":1144004399898316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1912,"midstream":0,"thread_ts_usec":1144004399898338,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1144004399898338}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1144004399898338}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 35/35
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501036 bytes
-~~ total memory freed........: 5501036 bytes
+~~ total memory allocated....: 5501060 bytes
+~~ total memory freed........: 5501060 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/kontiki.pcap.out b/test/results/default/kontiki.pcap.out
index ca7d2b68e..dc086e771 100644
--- a/test/results/default/kontiki.pcap.out
+++ b/test/results/default/kontiki.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213662195077813}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213662195077813}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662195077813,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1033,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1033,"pkt_l4_len":999,"thread_ts_usec":1213662195077813,"pkt":"\/\/\/\/\/\/\/\/ABVYKKDoCABFAAP7D3UAACARXSoKGSA7\/\/\/\/\/03sTewD53pePD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxaTWVzc2FnZSB0YXJnZXQ9IlpCQlAuMS5TdWJuZXRSZXF1ZXN0IiBtaW5vcj0iMjAiIHBhcmFtaGVhZGVybGVuZ3RoPSI0OTQiIHNpZ25hdHVyZT0iNE5QY0MyZTRZVGh2ZkFESUdPd2pNRFVENjl3NURpVTNsTWdZSFZCcVZGaUZKaXdTRXZ2Yit2cVVvUllHb25NdXd5c0lxWEIyZHJJNGR0aDNVR2ZSZ3lXbU9ES0JZYVVUVys1dzJRdWpYNk5ZQW5Vc3E1cGVWdnJQZ1ZJNFNqU1JhWjhkZXM3SkptU3RZRGtramVZR3hLblVsODUzZzFFSlVRZkVQVTdEY0RHQyIgc2lnbmVyPSI2UEJrWm50NHgzampVbFk2NjdXa2M5WFZESWh4YmZGbHI0VmE5UnE5WWdSZngzczhZWUw5cVp1ZXRCaXRqdytGRDU0T3hKcnF6TzBqMVlCc1YvaEFpL3d2UnlRcFVVdm52Z0pHejNVYTc5V1FXNDFURzZBTnhoWFl1TkZxRDMwZDFoakdDa1dRalhBK0Z0UFc2WFQ4UjB3NktkZk9sNjlhSHh0WG81eEIwY2I5Ij4NCjwvWk1lc3NhZ2U+DQo8WlBhcmFtU2V0Pg0KPHBhcmFtIG5hbWU9Il9fbXNnaGRyIiB0eXBlPSJtYXAiPg0KPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJtYXAiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0ibW9pZCIgdHlwZT0ic3RyaW5nIj5hMjQ1MmI5OC02MDdkLTIzM2MtMTFkOS1jN2MyNGRmMDQxYmY8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InNlbGZyZWYiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0iYWRkciIgdHlwZT0ic3RyaW5nIj4xMC4yNS4zMi41OTwvcGFyYW0+DQo8cGFyYW0gbmFtZT0iZXh0YWRkciIgdHlwZT0ic3RyaW5nIj42NS4yMDUuMjUxLjUxPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJwb3J0IiB0eXBlPSJ1aW50Ij44MDwvcGFyYW0+DQo8cGFyYW0gbmFtZT0idWRwcG9ydCIgdHlwZT0idWludCI+MTk5NDg8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InZlcnNpb24iIHR5cGU9InN0cmluZyI+djEuMjA8L3BhcmFtPg0KPC9wYXJhbT4NCjwvcGFyYW0+DQo8L1pQYXJhbVNldD4NCg=="}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198289399,"flow_dst_last_pkt_time":1213662198289399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289399,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -42,10 +42,10 @@
 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289778,"flow_src_last_pkt_time":1213662198289778,"flow_dst_last_pkt_time":1213662198289778,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00870{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00870{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00988{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":35412,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":35412,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 55/55
 ~~ skipped flows.............: 0
@@ -54,9 +54,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514744 bytes
-~~ total memory freed........: 5514744 bytes
-~~ total allocations/frees...: 85991/85991
+~~ total memory allocated....: 5514893 bytes
+~~ total memory freed........: 5514893 bytes
+~~ total allocations/frees...: 85992/85992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 520 chars
 ~~ json message max len.......: 2322 chars
diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out
index c10276d1e..785bbac1d 100644
--- a/test/results/default/line.pcap.out
+++ b/test/results/default/line.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00617{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00615{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689}
 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="}
 00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -8,7 +8,7 @@
 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"}
 02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"}
 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -48,7 +48,7 @@
 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 290/290
 ~~ skipped flows.............: 0
@@ -57,8 +57,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529508 bytes
-~~ total memory freed........: 5529508 bytes
+~~ total memory allocated....: 5529596 bytes
+~~ total memory freed........: 5529596 bytes
 ~~ total allocations/frees...: 86206/86206
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/linecall_falsepositve.pcap.out b/test/results/default/linecall_falsepositve.pcap.out
index 1afde5fe2..315958d69 100644
--- a/test/results/default/linecall_falsepositve.pcap.out
+++ b/test/results/default/linecall_falsepositve.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444966772848}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444966772848}
 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966772848,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966772848}
 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":191,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":191,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAKkwrEAAPhGgXAoNgR4KCtYG2+cT5QCV4AsAAA9iAAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkh9MSFhcnIweGckSj5BYG9WQXtmW2JTX1hbKTpAQ0dIOkAlTEBBRVJnWDFrVFdiZmNbJEo+QWRsaVR7YFtVYG9IPilKXVtmaF5bJV5ZXkVSSF0xZF9XW29cWSRnPkFFUkg+ewA="}
 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966785736,"packet_id":2,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966785736}
@@ -64,7 +64,7 @@
 00932{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":466,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":466,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAbwR40AAPhG+EgoNgR4KCtYG2+cT5QGo\/XgAAA92AAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkhuMShyZHwwcT4kSj4zNEUyKXtMQEM3PzQuKTktLzhAO0AlTEAtRFFHMDE7LjA0PzY9JEk9diUhJ257Ki4yJyI7MSk4PUBEYltRJVg9QERDOikxNisuLz40PSRJPVdYcWlUe0k9QGNvZF8pV1RPO2FiXyVaV1VgSCJ8MUk9QDc\/NDAkODEtNTw3PXtJPTMyPjgtKTksMi9FRz0lSTAuMUU2KDE3KS0wUUc9JDwrLTVBNyx7OykrRFFHLSk7LEBEUTs9JUk9M0RRRzAxPT1AREVHPSRJbW51LyNvezovI3RFOzApST1AJj43MSU8LC8jPDh+MTctLDMzMy4kLHx9MEM2LXs1MX0zPygvKUk9QEdUSkAlTEA0R1RKMTFMQEM4T0UxJEc7PjhPOzt7RzE+QkVFOylHO0NHVEg+JUpdW2ZoXlsxXlleRVJIXSRkX1dbb1xZe2c+QUVxYl8pYFReWW1lPiVKPmBfc15UMWdSXGJSSD4kSj5BAA=="}
 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673445117157636,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673445117157636}
 00706{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAARQvkwAAdhGpCgoK1gYKDYEeE+Xb5wEADn4AAA92AAAAAC0fSDcsMC0xQzl+eyp0QUVSX1spU0FdWGheUSVVTUFFUjQ9MUk9MzZCNy0kNyxARFF9fXt4fHElQjkgKXkxNDNRRz0lWlFUU1FHPTE7MCwxPzUoJDYqQERRXlF7aV9XRFFHXClnWmJSaFY0JVlYYlVrXFkxQHcgRFFHMCQ3KjMzRTQuezQtQERROispNi4wND85LCU8PUBERDUqMT0sKzI9NCkkST1ANz80Lns5LS42QDs9KUk9MDZARz0lSTFARFE6PTFJPTM4UUc9JD09QEQidW57J3hyNUMqbSk9MTNEUUc+JUo+NEVSSDExSj5BAA=="}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":42,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1673445117157636}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":42,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1673445117157636}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 42/0
 ~~ skipped flows.............: 0
@@ -73,8 +73,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 314 chars
diff --git a/test/results/default/lisp_registration.pcap.out b/test/results/default/lisp_registration.pcap.out
index 77eecb9d5..4aff63a70 100644
--- a/test/results/default/lisp_registration.pcap.out
+++ b/test/results/default/lisp_registration.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597152685554430}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597152685554430}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1597152685554430,"pkt":"qrvMAAEAqrvMAAIACABFwAB0AJYAAP8RsB8KAHsCCgB7ARD2EPYAYGa4MgABAWerkx+ei5dKAAEAFLdG1odgiOW+z\/RAIKtUGCaiNO0QAAAFoAEgEAAAAAABCgAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -32,7 +32,7 @@
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152709936562,"flow_src_last_pkt_time":1597152709936562,"flow_dst_last_pkt_time":1597152709943547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685555426,"flow_dst_last_pkt_time":1597152685560246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152687289150,"flow_src_last_pkt_time":1597152687645409,"flow_dst_last_pkt_time":1597152687439147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":452,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":467,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1597152712034854}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1597152712034854}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -41,8 +41,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509455 bytes
-~~ total memory freed........: 5509455 bytes
+~~ total memory allocated....: 5509527 bytes
+~~ total memory freed........: 5509527 bytes
 ~~ total allocations/frees...: 85925/85925
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/log4j-webapp-exploit.pcap.out b/test/results/default/log4j-webapp-exploit.pcap.out
index d71c739e0..a094bbb54 100644
--- a/test/results/default/log4j-webapp-exploit.pcap.out
+++ b/test/results/default/log4j-webapp-exploit.pcap.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639425815407353}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639425815407353}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815407353,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407353,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407439,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
@@ -64,7 +64,7 @@
 01350{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1639425815910226,"flow_src_last_pkt_time":1639425815918224,"flow_dst_last_pkt_time":1639425815918340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01350{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1639425834639606,"flow_src_last_pkt_time":1639425834642327,"flow_dst_last_pkt_time":1639425834642463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1639425815682954,"flow_src_last_pkt_time":1639425833591234,"flow_dst_last_pkt_time":1639425833591196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1639425834697105}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1639425834697105}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 426/422
 ~~ skipped flows.............: 0
@@ -73,8 +73,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529943 bytes
-~~ total memory freed........: 5529943 bytes
+~~ total memory allocated....: 5530063 bytes
+~~ total memory freed........: 5530063 bytes
 ~~ total allocations/frees...: 86374/86374
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 310 chars
diff --git a/test/results/default/lol_wild_rift_udp.pcap.out b/test/results/default/lol_wild_rift_udp.pcap.out
index 4b35e93f5..152a4ed01 100644
--- a/test/results/default/lol_wild_rift_udp.pcap.out
+++ b/test/results/default/lol_wild_rift_udp.pcap.out
@@ -1,33 +1,33 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710911302293916}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710911302293916}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911302293916,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302293916,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710911302293916,"pkt":"RaAAYWQaQABAEQQWCtetATMU5s+5ZjqcAE2CrwQAAACh9XQVvynm3jlTFezfZZqyfZoXyZsTCGjMLyjs+Y3tCAEUfeFcvT\/yKWqSsdjGNUvABjA9CDZgnH3gykdzsp0jgQ=="}
 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710911302381932,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6nLlmAW8AABAAAADTKHtCW8tRXckVVQkLpT\/aWfbg1Lmx7lculXBv4U0dQQZcx8zU\/q24iJtXX7sGEupLbx3GjC6mfunWQPiiCNqPo69FyyLtT\/tA+RZxBX66xbwWY5BugzEwtVbxMQCHCDFZWummpaHL0Qj8dD6KVzPystUdtEGtJihnqek1GPXpljG6Ety3qsU9X4nXcdT3eVz\/43SuquNG6d\/XAMAzNli7syQ9c5dFVn\/d2T9Iy6DGoeJOtrag8MXh1HhyrJe91tGEPgtsQIvG9FvBnb\/1rXrLGEzbCAemdMNenqnDO\/ue+cDxJL7gyVUTqMkNl21tpyI7dXmopr5pqntSmOHIk0I1ZDn\/ftXVx\/gC\/qz7yTT79NsVZORBwhSEFmcKGQzXmaRSJxaJzUJkIm8hPIC25WHoN1mqRY78rBple094RjMNz2I1Nqu7nGYcckXXMKuoaklHCuRLCMosRNx2TZQLmpAcJ1jw"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710911302381932,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1710946531679896}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1710946531679896}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946531679896,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531679896,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1710946531679896,"pkt":"RaAAYeWHQABAEbnVCtetAQ0z1YOqpjqfAE0i0AQAAAAhE+HV\/OESvjMRa9EQGci8CKwOM7i6HIRDu9XsSlqH420oYREY\/NhdqMY9iLOQjWQm2z\/45VJYnKqhlugCbIrYnA=="}
 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1710946531710705,"pkt":"RQABgwAAQABAEZ7bDTPVgwrXrQE6n6qmAW8AABAAAAAjmCl9zbSxZT2LhK\/0kLs0YAweDzs9Vagi0Uudkts7mDChXZpEk4H0Q6zPLQV84oQLChe53JwCr24wJyrgU2c6kx3nN35rITQV5kGmwXXou2V4iyaSshImtCozbrYH6tTo1cBsP4CDrdOHCWWiu2vFT2bqrsg7gXU0J3LHCYMURuPJvASKZ6mmhp12rbl1kwrk2vPOL+G7SATENzWYxsHd8sZ0OeAaq3GdR1YwicjlyJr3lQRZzAKoOZ4Rl0j\/i\/9HOZPJck4U7xF86ZzZGY6fYyHBinsuzC8vhIeq+uePSRb+juH2SNJFZsSsMX491JJQBx94W548vqB\/dsq7amx+tz+\/KIeOYLRtG+tYMCmo2VZb2Htj499t2dEZEu8MLyywkoFOepy1zfS+ErPMv1W5KXu3OTIlocbaoXN8tjs44z+CtaLNt\/8DpizZLEebDeNK8wZ84cILoJ7rsJonPfrx2019"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710911302293916,"flow_src_last_pkt_time":1710911302293916,"flow_dst_last_pkt_time":1710911302381932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1710946531710705,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":47462,"dst_port":15004,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1711107097463454}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1711107097463454}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711107097463454,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097463454,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":97,"pkt_l4_len":77,"thread_ts_usec":1711107097463454,"pkt":"RaAAYWulQABAEfyKCtetATMU5s+2bjqfAE3yWgQAAABkObg21AeJfuTSNfG+n9sxT5Ti\/xrRPIt\/\/gSOX2Ei5azZk+jNjaa16ReYrT1AZqjhbsD5bPvYW7XZqK\/CIPXArg=="}
 00990{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":387,"pkt_l4_len":367,"thread_ts_usec":1711107097538920,"pkt":"RQABgwAAQABAEWeuMxTmzwrXrQE6n7ZuAW8AABAAAADwPdK8Ol+RTuXwrJRgWUKTNvFNmNv68s\/3rogA\/tIc5B1eaa2qC9cdkQEKyGLMKXJ+Q5rzt5IaNlzS4DPUh6lqlzCdMSfRBucDYjyNulavYm2xWGQTE9VRb21wtDxvpkfoLEZ1aPcyV\/JA7h0PBFPNXCRs8lO0uNnoZ0wcad9B+JKlM9dDEi0V7Ppz0JKi3roz1oWOKRGZ0tNqlXFTGPwwiK16Jw18t2v\/fO2GG6LBuJOfAdbqGtN3lHxPRN76f2ltEKFTpZpK3nysHZU\/6bV2ej3lzSUBSqGpU7heakpEU+UnOoZ\/5p5r86FRaz\/pXa3wfebFrhyGSdY8cTc\/xO7D5LehUXK5Ui\/kyo+ci7kaYBQy+Sjp\/rfJFqbpYzPrtaLbERbwnSVgF3ccggGQSdoviAElTyq032pwFaUMXT0VoGAUUv46u2gBXCck9nIP+8Ra+Z6FsXffRLdeNuS0po2KFLuj"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1710946531679896,"flow_src_last_pkt_time":1710946531679896,"flow_dst_last_pkt_time":1710946531710705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711107097538920,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.51.213.131","src_port":43686,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1711524139588152}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1711524139588152}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711524139588152,"pkt":"RQAAMh6VQABAER0HCtetAQ01OhKt4UZRAB6\/kgECyEEAAAABAAEAAAAeAAQABEEwQjE="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1711107097463454,"flow_src_last_pkt_time":1711107097463454,"flow_dst_last_pkt_time":1711107097538920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":359,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":359,"midstream":0,"thread_ts_usec":1711524139588152,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"51.20.230.207","src_port":46702,"dst_port":15007,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1711534335502177}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1711534335502177}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1711534335502177,"pkt":"RQAAMhjdQABAESK\/CtetAQ01OhKh4EZRAB7LTQECyEEAAAABAAEAAABkAAQABEEwQjE="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711524139588152,"flow_src_last_pkt_time":1711524139588152,"flow_dst_last_pkt_time":1711524139588152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":44513,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1711534335502177,"flow_src_last_pkt_time":1711534335502177,"flow_dst_last_pkt_time":1711534335502177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1711534335502177,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"13.53.58.18","src_port":41440,"dst_port":18001,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LoLWildRift","proto_id":"407","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1711534335502177}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lol_wild_rift_udp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1328,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1711534335502177}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506893 bytes
-~~ total memory freed........: 5506893 bytes
+~~ total memory allocated....: 5506981 bytes
+~~ total memory freed........: 5506981 bytes
 ~~ total allocations/frees...: 85912/85912
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/long_tls_certificate.pcap.out b/test/results/default/long_tls_certificate.pcap.out
index 32cb501f4..e7270b806 100644
--- a/test/results/default/long_tls_certificate.pcap.out
+++ b/test/results/default/long_tls_certificate.pcap.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609756181300869}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609756181300869}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181300869,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181300869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181671657,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
@@ -11,7 +11,7 @@
 05419{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182035731,"flow_dst_last_pkt_time":1609756182035821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6858,"midstream":0,"thread_ts_usec":1609756182035821,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","ja4":"t12d6707h2_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}}
 02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182512712,"flow_dst_last_pkt_time":1609756182787262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":906,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1609756182787262,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":87039.9,"max":370939,"stddev":130477.0,"var":17024251904.0,"ent":3.4,"data": [370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6]},"pktlen": {"min":40,"avg":370.7,"max":1492,"stddev":546.6,"var":298744.2,"ent":3.7,"data": [64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1],"entropies": [4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756183156414,"flow_dst_last_pkt_time":1609756183162351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":11027,"midstream":0,"thread_ts_usec":1609756183162351,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1609756183162351}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1609756183162351}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 47/47
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5898655 bytes
-~~ total memory freed........: 5898655 bytes
+~~ total memory allocated....: 5898679 bytes
+~~ total memory freed........: 5898679 bytes
 ~~ total allocations/frees...: 86102/86102
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/lru_ipv6_caches.pcapng.out b/test/results/default/lru_ipv6_caches.pcapng.out
index dc000b614..990da62b9 100644
--- a/test/results/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/default/lru_ipv6_caches.pcapng.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473}
 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="}
@@ -37,6 +37,7 @@
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
+01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"}
@@ -64,10 +65,12 @@
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="}
 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="}
+01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="}
 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="}
+01147{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"}
 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"}
 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"}
@@ -78,12 +81,12 @@
 01278{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052954929738,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01273{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01277{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01277{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1639052981556623}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1639052981556623}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 88/88
 ~~ skipped flows.............: 0
@@ -92,10 +95,10 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5539252 bytes
-~~ total memory freed........: 5539252 bytes
-~~ total allocations/frees...: 86096/86096
+~~ total memory allocated....: 5539536 bytes
+~~ total memory freed........: 5539536 bytes
+~~ total allocations/frees...: 86099/86099
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 579 chars
+~~ json message min len.......: 577 chars
 ~~ json message max len.......: 2401 chars
-~~ json message avg len.......: 1489 chars
+~~ json message avg len.......: 1488 chars
diff --git a/test/results/default/malformed_dns.pcap.out b/test/results/default/malformed_dns.pcap.out
index f746b5007..651b56941 100644
--- a/test/results/default/malformed_dns.pcap.out
+++ b/test/results/default/malformed_dns.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591551760342902}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591551760342902}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551760342902,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -9,7 +9,7 @@
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551765342879,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
 02726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765355529,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551765355529,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
 01304{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765368813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1591551765368813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591551765368813}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591551765368813}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498219 bytes
-~~ total memory freed........: 5498219 bytes
+~~ total memory allocated....: 5498243 bytes
+~~ total memory freed........: 5498243 bytes
 ~~ total allocations/frees...: 85869/85869
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 559 chars
diff --git a/test/results/default/malformed_icmp.pcap.out b/test/results/default/malformed_icmp.pcap.out
index c341b794e..8fcd861d5 100644
--- a/test/results/default/malformed_icmp.pcap.out
+++ b/test/results/default/malformed_icmp.pcap.out
@@ -1,10 +1,10 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593066612951269}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593066612951269}
 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_usec":1593066612951269,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"}
 01019{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01058{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1593066612951269}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1593066612951269}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,8 +13,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 519 chars
diff --git a/test/results/default/malware.pcap.out b/test/results/default/malware.pcap.out
index 1f52c3ce2..1475ee03f 100644
--- a/test/results/default/malware.pcap.out
+++ b/test/results/default/malware.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569571466977364}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569571466977364}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1569571466977364,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="}
 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -10,7 +10,7 @@
 00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571470672893,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.297900}}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571476362891,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569571476362891,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569579408876326}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569579408876326}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1569579408876326,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
 01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","http": {"url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0","detected_os":"Windows 10"}}}
@@ -28,7 +28,7 @@
 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571467001085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1698873191201916}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1698873191201916}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191201916,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191201916,"pkt":"YDjgxTWgABjzZLGICABFAAA08cpAAJsGFlTAqAAUwW1Ve6EYAbv2WX9aAAAAAIAC+vDXywAAAgQFtAEBBAIBAwMH"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191268235,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADYGbR\/BbVV7wKgAFAG7oRhDPWNP9ll\/W4ASchBmPgAAAgQFrAEBBAIBAwMH"}
@@ -41,7 +41,7 @@
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":52,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873192090163,"flow_dst_last_pkt_time":1698873192090406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":793,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2794,"flow_dst_tot_l4_payload_len":46132,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417280185,"flow_dst_last_pkt_time":1569579417280169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":674,"flow_dst_tot_l4_payload_len":5344,"midstream":0,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579409087861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1698873192090406,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1698873192090406}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":55513,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1698873192090406}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -50,8 +50,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5557258 bytes
-~~ total memory freed........: 5557258 bytes
+~~ total memory allocated....: 5557362 bytes
+~~ total memory freed........: 5557362 bytes
 ~~ total allocations/frees...: 86084/86084
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/memcached.cap.out b/test/results/default/memcached.cap.out
index fadc7c65d..64b14a73e 100644
--- a/test/results/default/memcached.cap.out
+++ b/test/results/default/memcached.cap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534343745954071}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534343745954071}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534343745954071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954071,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954090,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="}
@@ -8,7 +8,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1534343745954238,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5VAAEAGNS1\/AAABfwAAASvL6NTLJnx7LJHe2IAQAVb+KAAAAQEICikge+4pIHvu"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954346,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954749,"flow_dst_last_pkt_time":1534343745954737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1534343745954749}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1534343745954749}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500311 bytes
-~~ total memory freed........: 5500311 bytes
+~~ total memory allocated....: 5500335 bytes
+~~ total memory freed........: 5500335 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
diff --git a/test/results/default/merakicloud.pcapng.out b/test/results/default/merakicloud.pcapng.out
index 8410d1ade..1dcfa8e3b 100644
--- a/test/results/default/merakicloud.pcapng.out
+++ b/test/results/default/merakicloud.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444916586594}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444916586594}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1673444916586594,"pkt":"AAAAAAAAAAEC+qKgCABFAACM6EcAAPkR334CJOqF0c47IrjFHLcAeI5V\/vcokQ0BAHAGihtOAAAAACpmyZcAAAAAAFYCCGO+vhsqCRUEAyQc8x5t8LeScWQ7JhVYfzr5StSHn5mSLCeBOnIKUwGFNtdHnBkECAAAAHcAUa57BQgAAIDsAACAXAcIAAAAAjgFaqcGAQQIA+DLvA=="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -16,7 +16,7 @@
 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445216593721,"flow_dst_last_pkt_time":1673445216785656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":1338,"midstream":0,"thread_ts_usec":1673445216785656,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00991{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445266594530,"flow_dst_last_pkt_time":1673445266791083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2455,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1673445266791083,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445316595722,"flow_dst_last_pkt_time":1673445316799009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2679,"flow_dst_tot_l4_payload_len":1522,"midstream":0,"thread_ts_usec":1673445316799009,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1673445316799009}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1673445316799009}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 44/44
 ~~ skipped flows.............: 0
@@ -25,10 +25,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499249 bytes
-~~ total memory freed........: 5499249 bytes
+~~ total memory allocated....: 5499273 bytes
+~~ total memory freed........: 5499273 bytes
 ~~ total allocations/frees...: 85904/85904
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 2307 chars
-~~ json message avg len.......: 1430 chars
+~~ json message avg len.......: 1429 chars
diff --git a/test/results/default/mgcp.pcap.out b/test/results/default/mgcp.pcap.out
index 096d7f446..5e85f0a60 100644
--- a/test/results/default/mgcp.pcap.out
+++ b/test/results/default/mgcp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1008850756991000}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1008850756991000}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850756991683,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -8,7 +8,7 @@
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1008850833713523,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1008850833713523,"pkt":"AJD4ADLsABCk62CzCABFAAAvAABAAEAR37KsEAF0rBABdwl7CXsAG7oNMjAwIDMxNjU2ODYwIG9rDQoNCg=="}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1008850833723445,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850833723445,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="}
 00963{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1008850837740350,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1463066849887905}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1463066849887905}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1463066849887905,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -17,23 +17,23 @@
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066853412310,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5IpMjAwIDI2MjY2MjEzNiAK"}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1463066853412475,"pkt":"AAtFuLlqAFBWWvA7CABFYABaAABAAEARTdQKCvQCCgrkSAl7CXsARu+2UlFOVCA4MCBBQUxOL1MyLzFAdmcyMjQgTUdDUCAwLjEKWDogMgpSOiBML2hkClE6IHByb2Nlc3MsbG9vcAo="}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686372010814355}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686372010814355}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686372010814355,"pkt":"ilE1KSR8ZJY1Gdp3CABFAABUWtAAAG4RuMu7KyW8xKc7fJ9eCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066856143684,"flow_dst_last_pkt_time":1463066856144135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":166,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1686543048544843}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1686543048544843}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686543048544843,"pkt":"K5AY5etoTv\/LX0MOCABFAABUkT8AAGwRhFxD6LT6unCAs5VeCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686675230897603}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686675230897603}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686675230897603,"pkt":"7\/8xXMRAPxLVY\/fxCABFAABUIe0AAG4R8bJcrabVU\/rvIcryCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1686675230897603}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1686675230897603}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 29/23
 ~~ skipped flows.............: 0
@@ -42,8 +42,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507328 bytes
-~~ total memory freed........: 5507328 bytes
+~~ total memory allocated....: 5507416 bytes
+~~ total memory freed........: 5507416 bytes
 ~~ total allocations/frees...: 85927/85927
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/mining.pcapng.out b/test/results/default/mining.pcapng.out
index 86854c8ca..89015e313 100644
--- a/test/results/default/mining.pcapng.out
+++ b/test/results/default/mining.pcapng.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484655421797845}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484655421797845}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421797845,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421797845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484655421797845,"pkt":"AASWHU4wHG9l2GloCABFAAA0A\/tAAIAGAACT5Q3euUdCJ8CbJw\/zdEGlAAAAAIACIACdWAAAAgQFtAEDAwIBAQQC"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1484655421797845,"flow_dst_last_pkt_time":1484655421816250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1484655421816250,"pkt":"HG9l2GloAASWHU4wCABFAAAoAABAADEGrJ65R0Ink+UN3icPwJv+A6hh83RBplASAABPdQAAAAAAAAAA"}
@@ -8,7 +8,7 @@
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1484655421843996,"pkt":"AASWHU4wHG9l2GloCABFAADWA\/1AAIAGAACT5Q3euUdCJ8CbJw\/zdEGm\/gOoYlAY\/3Cd+gAAeyJ3b3JrZXIiOiAiZXRoMS4wIiwgImpzb25ycGMiOiAiMi4wIiwgInBhcmFtcyI6IFsiMHg5Yzk5ZDIxMmY3ZTVkYWExOGFiNTA4MTBlMGZkMjU1ZDFmMDQzMDNiL3Rlc3Rlci53b3JrZXIxL3Z2ZXNlbHlAbWFpbGluYXRvciIsICJ4Il0sICJpZCI6IDIsICJtZXRob2QiOiAiZXRoX3N1Ym1pdExvZ2luIn0K"}
 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655421843996,"flow_dst_last_pkt_time":1484655421843933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484655421843996,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484655421797845,"flow_src_last_pkt_time":1484655452163379,"flow_dst_last_pkt_time":1484655451963831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":243,"flow_src_tot_l4_payload_len":646,"flow_dst_tot_l4_payload_len":2226,"midstream":0,"thread_ts_usec":1484655452163379,"l3_proto":"ip4","src_ip":"147.229.13.222","dst_ip":"185.71.66.39","src_port":49307,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1952629.6,"max":9791290,"stddev":3004713.0,"var":9028300177408.0,"ent":3.5,"data": [18405,18478,27683,27673,25791,11368,1,37175,8284,48338,236647,209260,12613,9755422,9791290,235473,2439803,2440063,7323703,7588500,64939,25659,10296,234651,3831832,3833133,885298,890088,5008744,5252462,238448]},"pktlen": {"min":40,"avg":131.1,"max":283,"stddev":104.0,"var":10823.6,"ent":4.6,"data": [52,46,40,46,214,46,79,283,40,121,283,40,283,40,121,283,40,283,40,188,46,121,46,283,40,283,40,283,40,121,283,40]},"bins": {"c_to_s": [11,0,4,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0],"entropies": [4.421030521,4.206097126,4.730641365,4.390829086,5.638098717,4.565871716,5.435059071,5.159528255,4.561769485,5.337047100,5.173661709,4.730641365,5.160906792,4.680641174,5.323744297,5.159528255,4.730641365,5.122583389,4.680641651,4.630837917,4.652828693,5.353575706,4.652828693,5.170008659,4.711769104,5.164538860,4.780641556,5.164218426,4.680641651,5.337047100,5.144396782,4.780641556]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196094240063}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":20268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196094240063}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="}
@@ -33,12 +33,12 @@
 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"}
 02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1514196703786322}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":88161,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1514196703786322}
 02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":673,"packets-processed":673,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1514197279769698}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/mining.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":673,"packets-processed":673,"total-skipped-flows":0,"total-l4-payload-len":177380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1514197279769698}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 673/673
 ~~ skipped flows.............: 0
@@ -47,8 +47,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5532198 bytes
-~~ total memory freed........: 5532198 bytes
+~~ total memory allocated....: 5532270 bytes
+~~ total memory freed........: 5532270 bytes
 ~~ total allocations/frees...: 86570/86570
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/modbus.pcap.out b/test/results/default/modbus.pcap.out
index b65d7e0b4..e98c62665 100644
--- a/test/results/default/modbus.pcap.out
+++ b/test/results/default/modbus.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1223541953927963}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1223541953927963}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541953927963,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -9,7 +9,7 @@
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1223541954942774,"flow_dst_last_pkt_time":1223541953930003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541954942774,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jABAAIAGEGXAqG6DwKhuiggaAfZB0ure4RU65FAY\/LAAGAAAANMAAAAGAQMAAQAB"}
 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541960939284,"flow_dst_last_pkt_time":1223541960940128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":176,"midstream":1,"thread_ts_usec":1223541960940128,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":835,"avg":452370.5,"max":1014211,"stddev":497296.8,"var":247304159232.0,"ent":3.8,"data": [1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912]},"pktlen": {"min":51,"avg":51.5,"max":52,"stddev":0.5,"var":0.2,"ent":5.0,"data": [52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":51,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541977036283,"flow_dst_last_pkt_time":1223541977037227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":561,"midstream":1,"thread_ts_usec":1223541977037227,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1223541977037227}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1223541977037227}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 102/102
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500931 bytes
-~~ total memory freed........: 5500931 bytes
+~~ total memory allocated....: 5500955 bytes
+~~ total memory freed........: 5500955 bytes
 ~~ total allocations/frees...: 85962/85962
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/monero.pcap.out b/test/results/default/monero.pcap.out
index 5795b78e7..4f7023ab6 100644
--- a/test/results/default/monero.pcap.out
+++ b/test/results/default/monero.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1701104895769153}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1701104895769153}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1701104895769153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895769153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895769153,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f\/1AAKYGzjLAqAJkn0UkQr7yRqCc4ZKwAAAAAIAC+vC4ZwAAAgQFtAEBBAIBAwMH"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1701104895769153,"flow_dst_last_pkt_time":1701104895788356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1701104895788356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADUGvzCfRSRCwKgCZEagvvI97mFBnOGSsYAS+vAZLwAAAgQFrAEBBAIBAwMH"}
@@ -32,7 +32,7 @@
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1701104939473517,"flow_src_last_pkt_time":1701104939579240,"flow_dst_last_pkt_time":1701104939579219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.56.22.89","src_port":39378,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1701104895769153,"flow_src_last_pkt_time":1701104895815129,"flow_dst_last_pkt_time":1701104895814555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":7260,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"159.69.36.66","src_port":48882,"dst_port":18080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1701104941587634,"flow_src_last_pkt_time":1701104941814971,"flow_dst_last_pkt_time":1701104941815016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":295,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":14520,"midstream":0,"thread_ts_usec":1701104941815016,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"100.42.27.58","src_port":38004,"dst_port":18085,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Monero","proto_id":"369","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1701104941815016}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":57808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1701104941815016}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -41,8 +41,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514421 bytes
-~~ total memory freed........: 5514421 bytes
+~~ total memory allocated....: 5514493 bytes
+~~ total memory freed........: 5514493 bytes
 ~~ total allocations/frees...: 85957/85957
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/mongo_false_positive.pcapng.out b/test/results/default/mongo_false_positive.pcapng.out
index 69a65881b..aa14ee907 100644
--- a/test/results/default/mongo_false_positive.pcapng.out
+++ b/test/results/default/mongo_false_positive.pcapng.out
@@ -1,5 +1,5 @@
-00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593581341477440}
+00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593581341477440}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593581341477440,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341477440,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0JV9AAH8G7i28S7gU+7Z4IMGGAbvEY9K7AAAAAIACIAAM3AAAAgQFUAEDAwgBAQQC"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341641115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341641115,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0AABAADIGYI37tnggvEu4FAG7wYZmWxUYxGPSvIAS\/\/+x9gAAAgQFtAEDAwYEAgAA"}
@@ -8,7 +8,7 @@
 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593581357451506,"flow_dst_last_pkt_time":1593581341827549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1248,"pkt_l4_len":1214,"thread_ts_usec":1593581357451506,"pkt":"AAAAAAAAAAUAoyAkCABFAATSKtxAAH8G5BK8S7gU+7Z4IMGGAbvEY9ZmZlsVoFAYAQP4xQAAS0UAAAIIAVUAAASeAQAAAI\/gqM9riCEBZYhSLZSYIvOnmKRFB1NH6SXBoy7HXkHy40xvUKjvN0P2kmQjQ6DOJ\/5cEoTXNc9mpVRRLoaSI0cG53iUIfmCUiYw+Y2Sl96EE3U2XAkcPoGzDfTJB\/4Q3V2JDnKBv7l1qffhqhUQAIC6t6pZb99IWuexXkN6yB+mvcOEgMwSBf+h+EUCXgsmqP0yLGzvhkgeX28Bw3eETrEPbqAcZrSLobMjufoukl580KLwDyb2crXEgXjGPeF78olOb7Pg6sYD\/BN2j6yyAilyS\/tsTsWdhE+MCi3x5py9sPxTra7gQ0k4JVWelsjoabSCP1lmKLze8v5MMRAJvDPMj62ID+lDhFnbLhlQC6f5chGBrpOPgdJC7YHTTF4Yaf6L2LV9kjRaUcpKIzDRzI4KZEonFYhWkM5vOOS0rSPo37Rv1SVkW2EcWQ2nQMbuDtjp\/0tfEZD2geTmvG3etyx+TgAVYG\/awgCrGTG3iBmJ7IP7zvy92HfzRnvpcGwV33VQOmQy5VfPpKlN52Cr9V1cGuATB5Vh71AWy+ZYpCZzbZfNP2tvigsP0wsvXvelhfciLnm+AL8wmySYqBybE3J8dIwFlfoj7ne6sMBf4pGb7AOGBSpiJm38MExrzCRihBJLXRJ7gyu6wZOC7RBoSZhJFfDca7WbjzMcnjgrHhyKz7epOIMZ8KKfdXHIH30WC1WQoyV\/9CDm5Ir6TpnIabDx8aCrVGR2AUJbloUstI06uyojdmfgzlH2RmIEF2wn3MlvapkeTrV1P4YJJdmxgPb+FA1\/KyNKbcQxAZocuyqW5naMFGfnn8cKSFj9nazboTcTzqdyByCcDm0GrOo3lrIAZtJkE4CvuhkCMnF\/7JeMLrrHxrPW\/dOVxglbGTGZaX4aT3qhzlyIFJZcUHvZNd3L8oPPptY03zEYYfgWCY4GCrFbxLpdYS7o3iQ6k\/DOgQDA40F9R\/6bQJtbjUri8cebmGyUgBOFyL4HK+5LP6+wjr7LJLwLOZr12rvbCPH8a5EH0l1+xVGuaHOLPsAloGyPylmUINBBTcC0sBxRxaBR\/z80E26qGGDqcQyyURDhKppNliDigSFs8+fsUbS5ChJOzYl3IpHKfgGOcDcCR3WpoBdqmuOu1DoFstMVlUlLCVIoZpzTcK\/pDo3hPn1LcKZJSo+8BwXkti9ovEfAleUdmchy9h9nbK2GihR4oEJcIGKAmAFjAQTS\/er1a5369himCid2qwxR2G7q+GqiY8Cn5xeTqwJbetF0TDu5o6tQyVaRc80I8hhALVCzmghQGdamem8nIsmKHrqNvthCPs+00k05hS685h68ipvQ5I1mMeEDxQq1lu8OpLGal1I9Y3xEuO7SPNISELRvLy4gXrN6aofFkqLD8VWXc4G\/cbiW1E9zBGFi1T+pcQFhf1bs\/6QwJKdFYF5BC7W4O+tHL6pVuEXRZVBwUo+m8l\/ua1HBIbsTdUY+YmTTIi21zXssBXBCMdMJdRVAPaXcfXoiCOAqgS9a86IMwkmsfZDP8haAQx+y3AlmY8zPj52JGBOc0NBkRzLhTZ25JePs"}
 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593581425923470}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593581425923470}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 26/26
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500747 bytes
-~~ total memory freed........: 5500747 bytes
+~~ total memory allocated....: 5500771 bytes
+~~ total memory freed........: 5500771 bytes
 ~~ total allocations/frees...: 85886/85886
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 560 chars
diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out
index 121b731be..5f6d2fc83 100644
--- a/test/results/default/mongodb.pcap.out
+++ b/test/results/default/mongodb.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483459978959064}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483459978959064}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
@@ -7,7 +7,7 @@
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1483558834969479}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1483558834969479}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
@@ -16,7 +16,7 @@
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1483726705497076}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1483726705497076}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
@@ -24,7 +24,7 @@
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1483737232974198}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1483737232974198}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
@@ -32,7 +32,7 @@
 00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1483814916005019}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1483814916005019}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
@@ -42,7 +42,7 @@
 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1483814916108514}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1483814916108514}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
 ~~ skipped flows.............: 0
@@ -51,8 +51,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509576 bytes
-~~ total memory freed........: 5509576 bytes
+~~ total memory allocated....: 5509664 bytes
+~~ total memory freed........: 5509664 bytes
 ~~ total allocations/frees...: 85935/85935
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 554 chars
diff --git a/test/results/default/mpeg-dash.pcap.out b/test/results/default/mpeg-dash.pcap.out
index f13db472d..ddc7d9f2f 100644
--- a/test/results/default/mpeg-dash.pcap.out
+++ b/test/results/default/mpeg-dash.pcap.out
@@ -1,12 +1,12 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744212035234}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744212035234}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212035234,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744212035234,"pkt":"AAAAAAAAAAQAk2VwCABFAAA8XJFAAEAGk4MKVAFRpviYCu3+AFDXU1UdAAAAAKAC\/\/+5fwAAAgQFtAQCCArQulhbAAAAAAEDAwo="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744212169869,"pkt":"AAAAAAAAAAMAbDnzCABFAAA0AABAADAGAB2m+JgKClQBUQBQ7f6v9cxW11NVHoASchAbdQAAAgQFeAEBBAIBAwMK"}
 00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_usec":1618744212202980,"pkt":"AAAAAAAAAAQAk2VwCABFAAFwXJNAAEAGkk0KVAFRpviYCu3+AFDXU1Uer\/XMV1AYAFYA8wAAR0VUIC9hcy9iaWdvLWFkLWNyZWF0aXZlcy8zczMvMmxPVEE3Lm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BNzE1RiBCdWlsZC9SUDFBLjIwMDcyMC4wMTI7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODkuMC40Mzg5LjEwNSBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KYmlnby1oYXNoOiBWRkJOek8zaVZjdkdwV05kDQpIb3N0OiBnZGwubmV3cy1jZG4uc2l0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212202980,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site","http": {"url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36","detected_os":"Android 11"}}}
 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1618744212338460,"pkt":"AAAAAAAAAAMAbDnzCABFAAWg4TBAADEGGICm+JgKClQBUQBQ7f6v9cxX11NWZlAQAB7VHwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMToxMDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogdmlkZW8vbXA0DQpDb250ZW50LUxlbmd0aDogNTczNDAyMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KS2VlcC1BbGl2ZTogdGltZW91dD0xODANCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzE1MzYwMDAwDQpBZ2U6IDUxMDMyMQ0KWC1CLUNIOiAxMg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCgAAABhmdHlwbXA0MgAAAABtcDQyaXNvbQAAJHhtb292AAAAbG12aGQAAAAA3Jn4utyZ+LoAAKxEAAoYKAABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAGGlvZHMAAAAAEICAgAcAT\/\/\/Aij\/AAAV1HRyYWsAAABcdGtoZAAAAAHcmfi63Jn4ugAAAAEAAAAAAAoYKAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAHgAAABDgAAAAAFUxtZGlhAAAAIG1kaGQAAAAA3Jn4utyZ+LoAAAPoAAA6mVXEAAAAAAAhaGRscgAAAAAAAAAAdmlkZQAAAAAAAAAAAAAAAAAAABUDbWluZgAAABR2bWhkAAAAAQAAAAAAAAAAAAAAJGRpbmYAAAAcZHJlZgAAAAAAAAABAAAADHVybCAAAAABAAAUw3N0YmwAAACXc3RzZAAAAAAAAAABAAAAh2F2YzEAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAHgAQ4AEgAAABIAAAAAAAAAAEOSlZUL0FWQyBDb2RpbmcAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAAxYXZjQwFkACj\/4QAaZ2QAKKzTAeAIn5YQAAADABAAAAMDKPGDE4ABAARo6qXLAAAAKHN0dHMAAAAAAAAAAwAAAXUAAAAoAAAAAQAAACkAAAABAAAAKAAABfBzdHN6AAAAAAAAAAAAAAF3AAB17QAATqoAADwfAABKDQAALQ8AADvvAAAXxQAAXEwAAC1ZAAAr5QAAJm4AACAKAABLlQAAQr8AAE0YAABOtQAAUW8AAFpkAABHZgAAUdsAAEcyAABAngAAZToAAFcgAAAsRQAAKiMAAExwAAA7HwAAQeIAAEQlAABNNwAAU+0AAGDfAABbEQAAWSoAAGbxAAA8+wAAa4YAAFSgAABeNwAAYlYAAGMnAABCmAAAUk0AACoeAABQmwAAKhUAAGFUAAAojwAAUS0AABpWAABcPAAAHkwAACT0AABL3QAAJLwAACcJAABcSwAAXB8AADEmAABYNQAAOTYAACO4AAAUHgAAE7AAABFSAAAVwgAAEFwAAAn+AABsdgAATC4AACvgAABNFgAAXQwAAFqsAABYdQAAVGMAAFgYAABUZgAAU8cAAFryAABg8AAAqyMAAFolAAAkVAAAY10AACpxAAAwBwAAZMwAACwZAABKewAAV54AAGyKAAB+PwAAQKUAADHWAAB1LQAANx0AAGBIAAAwugAASkMAAC3mAABZGQAAMMwAAGUbAABEVwAASzkAAGchAAA8YwAAbrIAAC2hAABElwAAYSgAAC2YAAA="}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1652784807797513}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1652784807797513}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807797513,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807797513,"pkt":"tKXvZygQwDiWIaSpCABFAAA8gI1AAEAGWyfAqAJpNqFlVecGAFDeWzbUAAAAAKAC+vAGuAAAAgQFtAQCCArGziP6AAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807901734,"pkt":"wDiWIaSptKXvZygQCABFAAA8AABAAOwGL7Q2oWVVwKgCaQBQ5waq30sm3ls21aASaN+YUwAAAgQFrAQCCAqvHVtJxs4j+gEDAwc="}
@@ -27,7 +27,7 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1652784814543352}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1652784814543352}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 13/13
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505593 bytes
-~~ total memory freed........: 5505593 bytes
+~~ total memory allocated....: 5505665 bytes
+~~ total memory freed........: 5505665 bytes
 ~~ total allocations/frees...: 85920/85920
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
diff --git a/test/results/default/mpeg.pcap.out b/test/results/default/mpeg.pcap.out
index 5b40c5526..eaa4dc31a 100644
--- a/test/results/default/mpeg.pcap.out
+++ b/test/results/default/mpeg.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434379491040018}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434379491040018}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491040018,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434379491040018,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1434379491117076,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="}
@@ -9,7 +9,7 @@
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1434379491158095,"pkt":"PBXCt3IOyGyHABajCABFAAA0obBAADIGye4uZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHamjgAAAQEICgC7m+0VKIZNJ8A="}
 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1434379491158121,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}}
 00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491221137,"flow_dst_last_pkt_time":1434379491221072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":9215,"midstream":0,"thread_ts_usec":1434379491221137,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434379491221137}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434379491221137}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498604 bytes
-~~ total memory freed........: 5498604 bytes
+~~ total memory allocated....: 5498628 bytes
+~~ total memory freed........: 5498628 bytes
 ~~ total allocations/frees...: 85883/85883
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out
index a4fbee196..460d9f755 100644
--- a/test/results/default/mpegts.pcap.out
+++ b/test/results/default/mpegts.pcap.out
@@ -1,10 +1,10 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435209297954335}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435209297954335}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1435209297954335}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1435209297954335}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5497974 bytes
-~~ total memory freed........: 5497974 bytes
+~~ total memory allocated....: 5497998 bytes
+~~ total memory freed........: 5497998 bytes
 ~~ total allocations/frees...: 85860/85860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 2798 chars
-~~ json message avg len.......: 1612 chars
+~~ json message avg len.......: 1611 chars
diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out
index 7179a8611..6e1071c0e 100644
--- a/test/results/default/mqtt.pcap.out
+++ b/test/results/default/mqtt.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643014009283854}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643014009283854}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643014009283854,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643014009283854,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009286927,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643014009286927,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"}
@@ -12,7 +12,7 @@
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014010067160,"flow_dst_last_pkt_time":1643014010972297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1643014349216221}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1643014349216221}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500406 bytes
-~~ total memory freed........: 5500406 bytes
+~~ total memory allocated....: 5500446 bytes
+~~ total memory freed........: 5500446 bytes
 ~~ total allocations/frees...: 85880/85880
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/mssql_tds.pcap.out b/test/results/default/mssql_tds.pcap.out
index c76925348..1952aa5ff 100644
--- a/test/results/default/mssql_tds.pcap.out
+++ b/test/results/default/mssql_tds.pcap.out
@@ -1,12 +1,12 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1240877917888015}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1240877917888015}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1240877917888015,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1240877917888358,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_usec":1240877917918653,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="}
 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877918029044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1240877918029044,"pkt":"AFBWwAABAAwpiUrKCABFAAGaA29AAIAGchAKAAABCm9vbwWZBFdZIVC0PuQw2IAYQImkmQAAAQEICgABW84EC7DnBAEBZgA1AQCBBAAAAAAACQDvPAAJBNAANARuAGEAbQBlAAAAAAAJAO88AAkE0AA0B3MAdQByAG4AYQBtAGUAAAAAAAkA71AACQTQADQEYwBpAHQAeQAAAAAACAA4AmkAZADRPAB6AHoAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAA8AGIAYgBiACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAYwB4AHgAeAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAACAAAA\/xEAwQABAAAAAAAAAHkAAAAArAAAAAEAAAAAAAAmBAQBAAAA\/gAA4AAAAAAAAAAAAA=="}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1259762400004437}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1259762400004437}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1259762400004437,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="}
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
@@ -37,7 +37,7 @@
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1259762482456090,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1278068444584977}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1278068444584977}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1278068444584977,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
@@ -62,7 +62,7 @@
 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1259762474884131,"flow_src_last_pkt_time":1259762474884730,"flow_dst_last_pkt_time":1259762474884131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8339,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444666075,"flow_src_last_pkt_time":1278068444666075,"flow_dst_last_pkt_time":1278068444666075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1278068444666075}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1278068444666075}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
 ~~ skipped flows.............: 0
@@ -71,8 +71,8 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525015 bytes
-~~ total memory freed........: 5525015 bytes
+~~ total memory allocated....: 5525215 bytes
+~~ total memory freed........: 5525215 bytes
 ~~ total allocations/frees...: 86020/86020
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 557 chars
diff --git a/test/results/default/mullvad_dns.pcap.out b/test/results/default/mullvad_dns.pcap.out
index 723e6efda..40aeaab78 100644
--- a/test/results/default/mullvad_dns.pcap.out
+++ b/test/results/default/mullvad_dns.pcap.out
@@ -1,12 +1,12 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989392454764}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989392454764}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1690989392454764,"pkt":"LpGu0BOrUqbfQmqICABFAABU8HEAAD8RPmLAqHoLCQkJCcnwADUAQE0XWYYBIAABAAAAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABAAApBNAAAAAAAAwACgAIwhcGhsoKkzM="}
 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1690989392507188,"pkt":"UqbfQmqILpGu0BOrCABFAABmAu0AADgRMtUJCQkJwKh6CwA1yfAAUpRhWYaBoAABAAIAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABwAwABQABAAAG1wACwBDAEAABAAEAAAALAAQtU9\/RAAApBNAAAAAAAAA="}
 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"45.83.223.209"}}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1690989392507188}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1690989392507188}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 1088 chars
-~~ json message avg len.......: 822 chars
+~~ json message avg len.......: 821 chars
diff --git a/test/results/default/mullvad_wireguard.pcap.out b/test/results/default/mullvad_wireguard.pcap.out
index cd0263409..9f66042b1 100644
--- a/test/results/default/mullvad_wireguard.pcap.out
+++ b/test/results/default/mullvad_wireguard.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989590945292}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989590945292}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989590945292,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989590945292,"pkt":"LpGu0BOrUqbfQmqICABFAAB83fQAAEARGDDAqHoLxjaDYlhDE8QAaITGBAAAABV2SXkTAAAAAAAAADvIU5XIGqFEsZ+W5jn7BLiciIB2fPEUKgOh7JJ8k\/FEcfAVrKf6uU7CHWMuDpSvWjtQYEvV9cMoDP4zIz5uBNzGTNEAB8QP+U4duw0xthm\/"}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989591192470,"pkt":"UqbfQmqILpGu0BOrCABFCAB8BUcAACsRBdbGNoNiwKh6CxPEWEMAaIuGBAAAALBIEBwPAAAAAAAAAAsITpzs3Nqj\/mngBcwLuctA0JbR014xS\/DoFTXDrk8w1scffwPGXVQhk89PWb8vtw+pOPrZNyooWu5tHm9KcXVq4hier14EKnEpPtrq0py+"}
@@ -8,7 +8,7 @@
 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1690989591192829,"pkt":"LpGu0BOrUqbfQmqICABFAAC83hIAAEARF9LAqHoLxjaDYlhDE8QAqIUGBAAAABV2SXkVAAAAAAAAAJ2fNtGME5zwSTdTMQkGmaiCH+Wo\/9gCMeD01GNIb8pBUhJF3FFtz4RVJRfxx9PzIa8nYPqq4P5DoSH+YsbbogMXQb97+TfgyZWaD5D38iAu+73Y9mXDRYIdZgkSk3b17pGL+yVTFX7rQWUh\/xcnUYDcXFPo8xpMcVnDhl\/Gv\/0VmzIFSzjVfEcbvM2LkUIVmw=="}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591426538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1690989591426538,"pkt":"UqbfQmqILpGu0BOrCABFCABsBWYAACsRBcfGNoNiwKh6CxPEWEMAWOEUBAAAALBIEBwQAAAAAAAAAOmugALEfSDtPyEnUa4GVP4WD6vx6vmcdq74p5uWI8wZndweTg2aIL6E2AQEi74KoRmz+vx\/BmWI2O6toM6+Rk0="}
 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989591911796,"flow_dst_last_pkt_time":1690989591911742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":672,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":928,"midstream":0,"thread_ts_usec":1690989591911796,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Mullvad","proto_by_ip_id":348,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1690989591911796}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1690989591911796}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498286 bytes
-~~ total memory freed........: 5498286 bytes
+~~ total memory allocated....: 5498310 bytes
+~~ total memory freed........: 5498310 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 579 chars
+~~ json message min len.......: 577 chars
 ~~ json message max len.......: 1123 chars
-~~ json message avg len.......: 840 chars
+~~ json message avg len.......: 839 chars
diff --git a/test/results/default/mumble.pcapng.out b/test/results/default/mumble.pcapng.out
index d292cb894..0993e0d4c 100644
--- a/test/results/default/mumble.pcapng.out
+++ b/test/results/default/mumble.pcapng.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705621398492193}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705621398492193}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398492193,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398492193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1705621398492193,"pkt":"SKmKCiNtCAAniDE8CABFAAAo21MAAIARAADAqFjQBSe5osOl\/OIAFNhnAAAAAAPXIAD6dih+"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398533743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705621398533743,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -19,7 +19,7 @@
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398492193,"flow_src_last_pkt_time":1705621398492193,"flow_dst_last_pkt_time":1705621398539803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"5.39.185.162","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705621398587907,"flow_src_last_pkt_time":1705621398587907,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"151.101.66.217","src_port":50059,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Mumble","proto_id":"91.387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1705621398533743,"flow_src_last_pkt_time":1705621398533743,"flow_dst_last_pkt_time":1705621398587907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1705621398587907,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"87.122.110.156","src_port":50085,"dst_port":64738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Mumble","proto_id":"387","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1705621398587907}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mumble.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2029,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1705621398587907}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -28,8 +28,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506741 bytes
-~~ total memory freed........: 5506741 bytes
+~~ total memory allocated....: 5506797 bytes
+~~ total memory freed........: 5506797 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/munin.pcap.out b/test/results/default/munin.pcap.out
index 145e38fe7..4138680b9 100644
--- a/test/results/default/munin.pcap.out
+++ b/test/results/default/munin.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666226102691709}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666226102691709}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666226102691709,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102691709,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8V+BAAEAGaOisEBBsrBARZ7JWE1Uxv3OfAAAAAKAC9QCa0AAAAgQjAAQCCArNYOiDAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102717855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102717855,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsisEBFnrBAQbBNVslYbuawOMb9zoKAS\/+CLmwAAAgQFnAQCCAq\/Z5p4zWDogwEDAwc="}
@@ -7,7 +7,7 @@
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1666226102759806,"pkt":"ABY+T3\/T+hY+\/yO1CABFAABSYdhAAD4GYNqsEBFnrBAQbBNVslYbuawPMb9zoIAYAgB0FgAAAQEICr9nmqLNYOieIyBtdW5pbiBub2RlIGF0IGtpYmFuYS1ub2RlMDEK"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666226102759806,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666226102761116,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666226102761116,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0V+JAAEAGaO6sEBBsrBARZ7JWE1Uxv3OgG7msLYAQAeq3uQAAAQEICs1g6Mi\/Z5qi"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1666249807376910}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1666249807376910}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666249807376910,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807376910,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8eSRAAEAGR6WsEBBsrBARZtfYE1VvZhzuAAAAAKAC9QC3lwAAAgQjAAQCCAr\/Q41iAAAAAAEDAwc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807402712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807402712,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsmsEBFmrBAQbBNV19hQR58Xb2Yc76AS\/+DsEwAAAgQFnAQCCAq2AziU\/0ONYgEDAwc="}
@@ -16,7 +16,7 @@
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807404027,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1666249807436639,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1666249807438107,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666249807438107,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0eSZAAEAGR6usEBBsrBARZtfYE1VvZhzvUEefN4AQAeoYQgAAAQEICv9DjZ+2Azi1"}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102892589,"flow_dst_last_pkt_time":1666226102941764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666249807610393,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1666266002857038}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1666266002857038}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666266002857038,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002857038,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8yJJAAEAG+DesEBBsrBARZdBCE1WX5J9vAAAAAKAC9QDfsAAAAgQjAAQCCAp1q0t5AAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002883378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002883378,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsqsEBFlrBAQbBNV0EJ2nLwRl+SfcKAS\/+DhLwAAAgQFnAQCCAqHPlcHdatLeQEDAwc="}
@@ -25,7 +25,7 @@
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002884343,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666266002914766,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666266002915853,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666266002915853,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0yJRAAEAG+D2sEBBsrBARZdBCE1WX5J9wdpy8MIAQAeoNYgAAAQEICnWrS7SHPlcn"}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807564073,"flow_dst_last_pkt_time":1666249807610393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":267,"midstream":0,"thread_ts_usec":1666266003076418,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1666274401982227}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1666274401982227}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666274401982227,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274401982227,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8CtBAAEAGtl6sEBBsrBARAeo2E1Wjl90YAAAAAKAC9QCoZQAAAgQjAAQCCAp4RB0\/AAAAAAEDAwc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274402007121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274402007121,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD8Gwi6sEBEBrBAQbBNV6ja\/dPxso5fdGaAS\/+B4GQAAAgQFnAQCCArx85TpeEQdPwEDAwc="}
@@ -35,7 +35,7 @@
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666274402039419,"flow_dst_last_pkt_time":1666274402037918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666274402039419,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0CtJAAEAGtmSsEBBsrBARAeo2E1Wjl90Zv3T8g4AQAeqkVwAAAQEICnhEHXjx85UH"}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266003040348,"flow_dst_last_pkt_time":1666266003076418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274402167889,"flow_dst_last_pkt_time":1666274402201343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":365,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1666274402201343}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1666274402201343}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -44,8 +44,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506229 bytes
-~~ total memory freed........: 5506229 bytes
+~~ total memory allocated....: 5506301 bytes
+~~ total memory freed........: 5506301 bytes
 ~~ total allocations/frees...: 85953/85953
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/mysql.pcapng.out b/test/results/default/mysql.pcapng.out
index f9454eb61..0b4b18e3b 100644
--- a/test/results/default/mysql.pcapng.out
+++ b/test/results/default/mysql.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705960164821097}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705960164821097}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705960164821097,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821097,"pkt":"CAAncIgi8C90rUP1CABFAAA82jtAAEAGLX\/AqFjnwKhYyY98DOp2PS8IAAAAAKACfXgzMAAAAgQFtAQCCAppS\/T6AAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705960164821097,"flow_dst_last_pkt_time":1705960164821230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705960164821230,"pkt":"8C90rUP1CAAncIgiCABFAAA8AABAAEAGB7vAqFjJwKhY5wzqj3zoGIATdj0vCaAS\/oj7XQAAAgQFtAQCCAodC\/XcaUv0+gEDAwc="}
@@ -7,7 +7,7 @@
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1705960164821452,"pkt":"8C90rUP1CAAncIgiCABFCACi\/KRAAEAGCqjAqFjJwKhY5wzqj3zoGIAUdj0vCYAYAf4QPQAAAQEICh0L9dxpS\/T6agAAAAo1LjUuNS0xMC42LjEyLU1hcmlhREItMHVidW50dTAuMjIuMDQuMQAgAAAAR2dQPSErVEgA\/vctAgD\/gRUAAAAAAAAdAAAASXY3T2UvWVJtUjE+AG15c3FsX25hdGl2ZV9wYXNzd29yZAA="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960164821258,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":1705960164821452,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705960164821461,"flow_dst_last_pkt_time":1705960164821452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705960164821461,"pkt":"CAAncIgi8C90rUP1CABFCAA02j1AAEAGLX3AqFjnwKhYyY98DOp2PS8J6BiAgoAQAPszKAAAAQEICmlL9PodC\/Xc"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1705961445154157}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1705961445154157}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705961445154157,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154157,"pkt":"CAAnuVBs8C90rUP1CABFAAA8HqhAAEAG6RPAqFjnwKhYyI2wDOriY1z8AAAAAKACfXgzLwAAAgQFtAQCCApboWQSAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1705961445154157,"flow_dst_last_pkt_time":1705961445154294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705961445154294,"pkt":"8C90rUP1CAAnuVBsCABFAAA8AABAAEAGB7zAqFjIwKhY5wzqjbCh\/Uwo4mNc\/aAS\/oihhAAAAgQFtAQCCAroGgTyW6FkEgEDAwc="}
@@ -17,7 +17,7 @@
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1705961445178850,"flow_dst_last_pkt_time":1705961445178841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705961445178850,"pkt":"CAAnuVBs8C90rUP1CABFAAA0HqpAAEAG6RnAqFjnwKhYyI2wDOriY1z9of1Md4AQAPszJwAAAQEICluhZCvoGgUK"}
 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1705961445154157,"flow_src_last_pkt_time":1705961447627544,"flow_dst_last_pkt_time":1705961447627529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":322,"flow_dst_max_l4_payload_len":2218,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":2981,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.200","src_port":36272,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1705960164821097,"flow_src_last_pkt_time":1705960167087269,"flow_dst_last_pkt_time":1705960167087249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1705961447627544,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.201","src_port":36732,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1705961447627544}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/mysql.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":4271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1705961447627544}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 41/41
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501334 bytes
-~~ total memory freed........: 5501334 bytes
+~~ total memory allocated....: 5501374 bytes
+~~ total memory freed........: 5501374 bytes
 ~~ total allocations/frees...: 85912/85912
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/natpmp.pcap.out b/test/results/default/natpmp.pcap.out
index c7594d533..49b00df40 100644
--- a/test/results/default/natpmp.pcap.out
+++ b/test/results/default/natpmp.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631961259127898}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631961259127898}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1631961259127898,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAeV7pAAEARXkbAqAGAwKgB\/o\/0FOcACtYvAAA="}
 01014{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}}
@@ -8,7 +8,7 @@
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631961267470917,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAoXGBAAEARWZbAqAGAwKgB\/o\/0FOcAFDZeAAIAAMjVyNUAAA4Q"}
 01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1631961267470917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":51413,"external_port":51413,"external_address":"10.201.213.174"}}}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961267496338,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631961267496338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAssMEAAEARRTHAqAH+wKgBgBTnj\/QAGPrFAIIAAAArOuXI1cjVAAAOEAAA"}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663058610829000}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663058610829000}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1663058610829000,"pkt":"eJS0JASgYDjgxTWgCABFAAAe7gNAAKIRZRXAqAJkwKgCAY\/tFOcACoXRAAA="}
 01012{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}}
@@ -28,7 +28,7 @@
 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1663058622646000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622646000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":59817,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1663058622897000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622897000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":35763,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1663058622897000}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1663058622897000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -37,8 +37,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504864 bytes
-~~ total memory freed........: 5504864 bytes
+~~ total memory allocated....: 5504936 bytes
+~~ total memory freed........: 5504936 bytes
 ~~ total allocations/frees...: 85906/85906
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 516 chars
diff --git a/test/results/default/nats.pcap.out b/test/results/default/nats.pcap.out
index b4eef43f7..c53ed09c8 100644
--- a/test/results/default/nats.pcap.out
+++ b/test/results/default/nats.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1586288040558498}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1586288040558498}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1586288040558498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558498,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558594,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558594,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="}
@@ -16,7 +16,7 @@
 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288040575609,"flow_dst_last_pkt_time":1586288040577107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":1586288040577107,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040570938,"flow_dst_last_pkt_time":1586288040570821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":315,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288042776117,"flow_dst_last_pkt_time":1586288042776134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":321,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1586288042776134}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1586288042776134}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505024 bytes
-~~ total memory freed........: 5505024 bytes
+~~ total memory allocated....: 5505064 bytes
+~~ total memory freed........: 5505064 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out
index 2b855fe4a..28827fe8f 100644
--- a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out
@@ -1,5 +1,5 @@
-00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258162014557086}
+00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258162014557086}
 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258162014557086,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1258162014557086,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"}
 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1258162014576991,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -8,9 +8,9 @@
 01422{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1258162014582846,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC","hostname":"10.68.137.118","http": {"url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":200,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1","request_content_type":""}}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1258162014587557,"pkt":"AFBWmXinAB9ro6gACABFAAAoMZ1AADwGZmMKAwkTCkSJdp64H5sCrVUelwIr+1AQwhBt1wAAAAAAAAAA"}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162020091627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1258162020091627,"pkt":"AAAMB6wcAFBWmXinCABFAAAoOz5AAIAGGMIKRIl2CgMJEx+bnriXAiv7Aq1VHlAR9jim6gAA"}
-00662{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1258165452647609}
+00660{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1258165452647609}
 01262{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258165452688667,"flow_dst_last_pkt_time":1258165452688687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":685,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1258165452688687,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00667{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1258165452688687}
+00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1258165452688687}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498495 bytes
-~~ total memory freed........: 5498495 bytes
+~~ total memory allocated....: 5498519 bytes
+~~ total memory freed........: 5498519 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 560 chars
diff --git a/test/results/default/nest_log_sink.pcap.out b/test/results/default/nest_log_sink.pcap.out
index 586cc373d..756210a88 100644
--- a/test/results/default/nest_log_sink.pcap.out
+++ b/test/results/default/nest_log_sink.pcap.out
@@ -1,15 +1,15 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536712992228658}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536712992228658}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536712992228658,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536712992228658,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536712992289465,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536713052295189,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052360453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052360453,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpVAAC0G7ecjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052805060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052805060,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpZAAC0G7eYjrlLtwKjyDytX92zEgGGECKi\/QFAQgdDz\/gAA"}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1536713593921755}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1536713593921755}
 02069{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":60807,"avg":38820860.0,"max":60122070,"stddev":28558074.0,"var":815563555209216.0,"ent":4.3,"data": [60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720]},"pktlen": {"min":40,"avg":43.0,"max":46,"stddev":3.0,"var":9.0,"ent":5.0,"data": [46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [4.501398087,4.881687164,4.457920074,4.881687164,4.881687164,4.501398087,4.457919598,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.414441586,4.881687164,4.881687164,4.441509247,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164]}}
 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1536714195599741}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1536714195599741}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536714602587299,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -45,10 +45,10 @@
 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":35,"flow_first_seen":1536714602612148,"flow_src_last_pkt_time":1536714607322501,"flow_dst_last_pkt_time":1536714607319686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":12610,"flow_dst_tot_l4_payload_len":2221,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714615546363,"flow_dst_last_pkt_time":1536714615544009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1536714800447381}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1536714800447381}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714795433354,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1536715402175361}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1536716003807368}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1536715402175361}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1536716003807368}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536716402804764,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -85,8 +85,8 @@
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 02255{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716592513963,"flow_dst_last_pkt_time":1536716532889304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536716592513963,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6654,"avg":10037526.0,"max":60065954,"stddev":21842106.0,"var":477077551710208.0,"ent":2.6,"data": [66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627]},"pktlen": {"min":40,"avg":162.2,"max":717,"stddev":185.8,"var":34538.8,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0],"entropies": [4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716592575967,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1536716652586979}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1536717254253428}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1536716652586979}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":8,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1536717254253428}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536717427961883,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -117,7 +117,7 @@
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717632764427,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717692809761,"flow_dst_last_pkt_time":1536717693064770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536717693064770,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4297,"avg":15667489.0,"max":60116188,"stddev":26141992.0,"var":683403720523776.0,"ent":3.1,"data": [65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155]},"pktlen": {"min":40,"avg":145.1,"max":718,"stddev":181.0,"var":32752.9,"ent":4.2,"data": [46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40]},"bins": {"c_to_s": [10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1],"entropies": [4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":4,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_usec":1536717873194026}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":4,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_usec":1536717873194026}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718052990525,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718052990525,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718053059160,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="}
@@ -161,11 +161,11 @@
 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718392321066,"flow_dst_last_pkt_time":1536718332214337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536718392321066,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4658,"avg":10044835.0,"max":60173109,"stddev":21953530.0,"var":481957439864832.0,"ent":2.6,"data": [65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330]},"pktlen": {"min":40,"avg":162.2,"max":716,"stddev":185.8,"var":34529.8,"ent":4.3,"data": [46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0],"entropies": [4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718392405835,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1536718512170528}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_usec":1536719113902134}
-00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1536719715232392}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1536718512170528}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_usec":1536719113902134}
+00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1536719715232392}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":46,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536719715232392,"flow_dst_last_pkt_time":1536719655557559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536719715232392,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_usec":1536719715232392}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":5,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_usec":1536719715232392}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1000/774
 ~~ skipped flows.............: 0
@@ -174,9 +174,9 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5579775 bytes
-~~ total memory freed........: 5579775 bytes
-~~ total allocations/frees...: 86823/86823
+~~ total memory allocated....: 5580198 bytes
+~~ total memory freed........: 5580198 bytes
+~~ total allocations/frees...: 86834/86834
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
 ~~ json message max len.......: 2263 chars
diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out
index d9d953eca..297b46986 100644
--- a/test/results/default/netbios.pcap.out
+++ b/test/results/default/netbios.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1447772210350540}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1447772210350540}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210350540,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy"}}
@@ -80,7 +80,7 @@
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1447772269972130}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1447772269972130}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 260/260
 ~~ skipped flows.............: 0
@@ -89,8 +89,8 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5537717 bytes
-~~ total memory freed........: 5537717 bytes
+~~ total memory allocated....: 5537965 bytes
+~~ total memory freed........: 5537965 bytes
 ~~ total allocations/frees...: 86266/86266
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/netbios_wildcard_dns_query.pcap.out b/test/results/default/netbios_wildcard_dns_query.pcap.out
index 9710f10b1..a12eb558c 100644
--- a/test/results/default/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/default/netbios_wildcard_dns_query.pcap.out
@@ -1,10 +1,10 @@
-00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597866040493657}
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597866040493657}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1597866040493657,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1597866040493657}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1597866040493657}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 588 chars
+~~ json message min len.......: 586 chars
 ~~ json message max len.......: 1093 chars
-~~ json message avg len.......: 814 chars
+~~ json message avg len.......: 813 chars
diff --git a/test/results/default/netease_games.pcapng.out b/test/results/default/netease_games.pcapng.out
index dea9718d5..eb95defd3 100644
--- a/test/results/default/netease_games.pcapng.out
+++ b/test/results/default/netease_games.pcapng.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1709433506952336}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1709433506952336}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1709433506952336,"pkt":"SKmKCiNt8C90rUP1CABFAABJMA1AAEARPKvAqFjnrBEIS8DhADUANc4y4I0BAAABAAAAAAAAC2RhdGEtZGV0ZWN0A25pZQdlYXNlYmFyA2NvbQAAAQAB"}
 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952336,"flow_dst_last_pkt_time":1709433506952336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433506952336,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetEaseGames","proto_id":"5.402","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"data-detect.nie.easebar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -16,14 +16,14 @@
 01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507351478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709433507351873,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3":"b502ea5e20e42ca41d28d47e8df496fa","ja3s":"","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1709433507632515,"pkt":"8C90rUP1SKmKCiNtCABFAAA06wpAAO8GHIIjSUdewKhY5wG7xOIKaGYr1g0GqIAQAAdiugAAAQEICkHSvMgp2VNq"}
 01355{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1709433507070792,"flow_src_last_pkt_time":1709433507351873,"flow_dst_last_pkt_time":1709433507632845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1709433507632845,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.73.71.94","src_port":50402,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetEaseGames","proto_id":"91.402","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"data-detect.nie.easebar.com","tls": {"version":"TLSv1.2","ja3":"b502ea5e20e42ca41d28d47e8df496fa","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t12d600600_a54dbbc9e493_8587f467d9ea","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1709434482083790}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1017,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1709434482083790}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482083790,"pkt":"SKmKCiNt8C90rUP1CABFAAAodiIAAEAR+AnAqFjnI\/bPE90MEaEAFAy\/AbXQAREqPQMAAQEB"}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482083790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709434482083790,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1709434482083790,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1709434482120278,"pkt":"8C90rUP1SKmKCiNtCABFAAAo5LVAADsRTnYj9s8TwKhY5xGh3QwAFIL5ARTTAREqPQNIQRcBAAAAAAAA"}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1709434482121282,"pkt":"SKmKCiNt8C90rUP1CABFAAAodicAAEAR+ATAqFjnI\/bPE90MEaEAFAy\/AhbRAhIpPgBLQhQC"}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1709433506952336,"flow_src_last_pkt_time":1709433506952340,"flow_dst_last_pkt_time":1709433507015335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":157,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":1709434482121282,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"172.17.8.75","src_port":49377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetEaseGames","proto_id":"5.402","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1709581314209472}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1053,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1709581314209472}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1709581314209472,"pkt":"SKmKCiNt8C90rUP1CABFAAA6RO0AAEAR14HAqFjnI+Qg0aBQEEoAJl58s6+N6P8Aclc1XFxuZmNxakkvVFpnY3R0VVN6aUIr"}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314209472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709581314209472,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -39,7 +39,7 @@
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1709581314252567,"flow_src_last_pkt_time":1709581314252567,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":97,"flow_dst_max_l4_payload_len":290,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":330,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"34.141.75.90","src_port":58951,"dst_port":28203,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1709581314209472,"flow_src_last_pkt_time":1709581314209472,"flow_dst_last_pkt_time":1709581314252567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.228.32.209","src_port":41040,"dst_port":4170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1709434482083790,"flow_src_last_pkt_time":1709434482121282,"flow_dst_last_pkt_time":1709434482120278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1709581314252567,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"35.246.207.19","src_port":56588,"dst_port":4513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetEaseGames","proto_id":"402","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1709581314252567}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/netease_games.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1709581314252567}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -48,8 +48,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511373 bytes
-~~ total memory freed........: 5511373 bytes
+~~ total memory allocated....: 5511461 bytes
+~~ total memory freed........: 5511461 bytes
 ~~ total allocations/frees...: 85928/85928
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/netflix.pcap.out b/test/results/default/netflix.pcap.out
index 69bbf055d..f13e549c6 100644
--- a/test/results/default/netflix.pcap.out
+++ b/test/results/default/netflix.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484319030789585}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484319030789585}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319030789585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319030789585,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032865799,"flow_dst_last_pkt_time":1484319032865799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032865799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -217,8 +217,8 @@
 01025{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319050682551,"pkt":"gCqoTGHM5JjWH70UCABFAAGY\/5JAAEAGVJfAqAEHF\/YLkc+rAFC8XkCuLrD03oAYEBUr\/wAAAQEICh9k+6pFXBt4R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD01eGZZVnRuYTNHZFlYTDcxdU5zNkRaLVg4NFkmcmFuZG9tPTM5MzA3MDgyMjQgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050677236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319050682551,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050719721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"thread_ts_usec":1484319050719721,"pkt":"5JjWH70UgCqoTGHMCABFIAI3AABAADsGWGsX9guRwKgBBwBQz6susPTevF5CEoAQCAIpPgAAAQEICkVcG6AfZPuqSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUwIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwOSBNYXIgMjAxNiAxMjoxNDoxNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMjIxNjM3NTg4O2gxPTM4MzU3MzQ4NDM7aDI9OTA1OTYwMTAyO2gzPTE4OTE3NzkxNTQ7aDQ9MTIzNDk0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE2MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01579{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050719721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":515,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1484319050719721,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
-02476{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3794,"avg":82202.4,"max":651024,"stddev":153564.6,"var":23582076928.0,"ent":3.6,"data": [24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077]},"pktlen": {"min":52,"avg":940.8,"max":1500,"stddev":683.5,"var":467159.1,"ent":4.5,"data": [64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1],"entropies": [4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319050682551,"flow_dst_last_pkt_time":1484319050719721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":515,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1484319050719721,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.145","http": {"url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+02495{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319051912595,"flow_dst_last_pkt_time":1484319051940613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":28027,"midstream":0,"thread_ts_usec":1484319051940613,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3794,"avg":82202.4,"max":651024,"stddev":153564.6,"var":23582076928.0,"ent":3.6,"data": [24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077]},"pktlen": {"min":52,"avg":940.8,"max":1500,"stddev":683.5,"var":467159.1,"ent":4.5,"data": [64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500]},"bins": {"c_to_s": [10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1],"entropies": [4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052216458,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052216458,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319052216458,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1484319052216458,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319052235250,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
@@ -226,7 +226,7 @@
 01024{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1484319052242977,"pkt":"gCqoTGHM5JjWH70UCABFAAGYZXBAAEAG77\/AqAEHF\/YKi8+sAFBgdy0WZZpal4AYEBXLwAAAAQEICh9lAZFAjtuQR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tZGpHWEljYkZCTnp5ZnVncUVXY3JndENweVkmcmFuZG9tPTM0MDczNjA3NzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMC4xMzkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052235250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319052242977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052270991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":582,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":582,"pkt_l4_len":548,"thread_ts_usec":1484319052270991,"pkt":"5JjWH70UgCqoTGHMCABFIAI4AABAADsGWXAX9gqLwKgBBwBQz6xlmlqXYHcueoAQCAJ9jgAAAQEICkCO27MfZQGRSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMTo1NjoxMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNjkxOTM1MzA7aDE9MzQ4NzI0MzI0ODtoMj0zNzE0MjA4Mzg0O2gzPTY2MDIzMTMzO2g0PTE4NTY2Mzk4ODk7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNjQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-01579{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052270991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1484319052270991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01598{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052242977,"flow_dst_last_pkt_time":1484319052270991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1484319052270991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.10.139","http": {"url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054101585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054101585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319054101585,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1484319054101585,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319054132376,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
@@ -234,8 +234,8 @@
 01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_usec":1484319054139605,"pkt":"gCqoTGHM5JjWH70UCABFAAGW+VhAAEAGYtjAqAEHF\/YDjM+zAFBtwXYNhcLfeIAYEBWMVgAAAQEICh9lCL6EoMrsR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tOHU0dmxjUHVGcWNPTG5MeWI5RER0Sy1iQjQmcmFuZG9tPTM1NzUwOTY1NyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
 01422{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054132376,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319054139605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054176709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319054176709,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADgGY2wX9gOMwKgBBwBQz7OFwt94bcF3b4AQCAIFOAAAAQEICoSgyxgfZQi+SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMzowNDo1NCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMzQ4NjUzMDQ1O2gxPTI5MjU4ODY1MDk7aDI9MzMxMjc0NzM0OTtoMz0zNTU2NzU4MDYwO2g0PTI0NjkwOTU0ODI7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzE7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-01575{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054176709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":519,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":519,"midstream":0,"thread_ts_usec":1484319054176709,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
-02468{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2187,"avg":18424.1,"max":44333,"stddev":10032.7,"var":100655136.0,"ent":4.7,"data": [30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167]},"pktlen": {"min":52,"avg":984.9,"max":1500,"stddev":672.7,"var":452466.1,"ent":4.5,"data": [64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054139605,"flow_dst_last_pkt_time":1484319054176709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":519,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":519,"midstream":0,"thread_ts_usec":1484319054176709,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+02487{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":22,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319054294236,"flow_dst_last_pkt_time":1484319054480080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":29479,"midstream":0,"thread_ts_usec":1484319054480080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2187,"avg":18424.1,"max":44333,"stddev":10032.7,"var":100655136.0,"ent":4.7,"data": [30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167]},"pktlen": {"min":52,"avg":984.9,"max":1500,"stddev":672.7,"var":452466.1,"ent":4.5,"data": [64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056204111,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1484319056204111,"flow_dst_last_pkt_time":1484319056204111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319056204111,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056210218,"flow_dst_last_pkt_time":1484319056210218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056210218,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -275,7 +275,7 @@
 01023{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_usec":1484319056264843,"pkt":"gCqoTGHM5JjWH70UCABFAAGZg0NAAEAG0OnAqAEHF\/YLjc+3AFC7qylhVgS+poAYEBUzwQAAAQEICh9lEJ64h8KlR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSjJUTGh1aUdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUDdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PURoMjc4dTJVcEFwT0NHVWo1UnhWOGF6TldYOCZyYW5kb209MzIzNzY1OTUwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
 01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056237886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056264843,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056276003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056276003,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7RnATKW8McLfYAQCAIfuQAAAQEICjVpj8IfZRCKSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMDQzNTI1NDU2O2gxPTM4NjQ4OTgwMTg7aDI9MjgzOTU3NTcwNDtoMz0yMjk3OTE3MjM0O2g0PTEzMDQzMDA3NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056276003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056276003,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319056222173,"flow_dst_last_pkt_time":1484319056276003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056276003,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056234960,"flow_dst_last_pkt_time":1484319056276405,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276405,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056232857,"flow_dst_last_pkt_time":1484319056276713,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276713,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056233602,"flow_dst_last_pkt_time":1484319056276849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056276849,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="}
@@ -294,16 +294,16 @@
 01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056276985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056302728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056241489,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056303302,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056303461,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056303461,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7YrOmTZQ6xmYYAQCAKWwQAAAQEICifYCWMfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNSBGZWIgMjAxNiAxMDo0OTozNCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDM0ODQ5OTY5O2gxPTE2NzkwMzAyNTk7aDI9ODg3ODQzMjA4O2gzPTQwODQyNzcyNzc7aDQ9MzEyNzQ2MDg0NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056303461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056303461,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319056241806,"flow_dst_last_pkt_time":1484319056303461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056303461,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056306671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056306671,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7VYH\/mro2YaRYAQCAIXVAAAAQEICi+QQFUfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTo0MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTUyNDYxMTY7aDE9MTQwNDMyNTczMztoMj0xNTU5ODI2NzA0O2gzPTE3MDc5MDAxNTQ7aDQ9MTEwODczNTEzNzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":719,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056306671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056306671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":719,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319056253583,"flow_dst_last_pkt_time":1484319056306671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056306671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056313756,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056313756,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"}
 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_usec":1484319056314229,"pkt":"gCqoTGHM5JjWH70UCABFAAGcJw9AAEAGLRvAqAEHF\/YLjc+8AFAt4\/K4FWJh54AYEBUJcgAAAQEICh9lENoQPWmIR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKNXlUTEJDa0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzNtQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9cjVqdG5uRWNSOGhEQ2tQSW1mRWlXcVdBaktrJnJhbmRvbT0xODQ2MjM0NTI0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
 01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056303302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056314229,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264215,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326114,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1484319056264541,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319056326288,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056326471,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056326471,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7dWBL6mu6sqxoAQCAIAPQAAAQEICriHwtgfZRCeSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zNDEyNDEzNzk2O2gxPTM3MjM0NTkzOTc7aDI9MjEyNTU1Njc3MztoMz0yNTE0MzMyMzA5O2g0PTMwNjc0Mzg0NzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056326471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056326471,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319056264843,"flow_dst_last_pkt_time":1484319056326471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056326471,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327250,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327250,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1484319056327623,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319056327623,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056326114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_usec":1484319056336202,"pkt":"gCqoTGHM5JjWH70UCABFAAGbxNdAAEAGj1PAqAEHF\/YLjc+9AFCAerrtjeE8f4AYEBVqrAAAAQEICh9lEO5z0dCqR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFMSjJUSUJlcEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGJpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9dFRYdTNjNkZuSnRmaTZ6MElKcDNodzhlRHY4JnJhbmRvbT0xMjk0NTQwNzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
@@ -311,30 +311,30 @@
 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1484319056347066,"pkt":"gCqoTGHM5JjWH70UCABFAAGazfdAAEAGhjTAqAEHF\/YLjc++AFBtOQm7PQ6az4AYEBVtUQAAAQEICh9lEPDE7\/UMR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKWjJWS2hxZ0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhvX2ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUxRN0x5WFNuWmFYS0VIQUhhUlJIay1TN2RLRSZyYW5kb209NDIwOTgxMDYzMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
 01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056326288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319056347066,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056358487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056358487,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7vga1YU37t2vIAQCAIEZwAAAQEICrNbY8AfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMTozMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yODYxMDQyNzU7aDE9MjM5MzA0NTg0MTtoMj00MDM0NTM4MzEwO2gzPTE2NTY5NTYxMjI7aDQ9MjQ5OTU3MjMyOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3OTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":734,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056358487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056358487,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":734,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319056281344,"flow_dst_last_pkt_time":1484319056358487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056358487,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056365336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056365336,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz7h\/u26NapfB\/IAQCALntAAAAQEIChRQKwcfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yNTI3ODc2NzIzO2gxPTE4NTMxMDM2MDtoMj0yNjI2NDM0MjQ5O2gzPTc4MTUxOTY2NTtoND0zNzg0NDkyNzc5Ow0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTc2O2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056365336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1484319056365336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":737,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319056292112,"flow_dst_last_pkt_time":1484319056365336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1484319056365336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056383550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056383550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7qJ1p971ZDOZoAQCAJWkwAAAQEICk2BDjMfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODoyNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMjIzMjI1NzE4O2gxPTIwMzYxMjM3NjI7aDI9MzY2MTI5NzM1NztoMz0xNTYzOTQ3OTU4O2g0PTg2NjYyMTEyMzsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3ODthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056383550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056383550,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":740,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319056292083,"flow_dst_last_pkt_time":1484319056383550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056383550,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056401774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"thread_ts_usec":1484319056401774,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADsGWGsX9guNwKgBBwBQz7nPaH09TBX2bYAQCAIuwwAAAQEICjSvprMfZRDESFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMToxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDIzMTMyNTA5O2gxPTEzMzc4NDc0ODI7aDI9MTgyMzk5NjUyNjtoMz0zMDE5NjA2NjE3O2g0PTQxMDM4MzQ5NjY7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzc7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
-01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056401774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":519,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":519,"midstream":0,"thread_ts_usec":1484319056401774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01602{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319056302728,"flow_dst_last_pkt_time":1484319056401774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":519,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":519,"midstream":0,"thread_ts_usec":1484319056401774,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056438162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056438162,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7wVYmHnLeP0IIAQCAJc5wAAAQEIChA9adofZRDaSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNSBTZXAgMjAxNiAxMDozMzo0MCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMDc1MzA1ODc2O2gxPTE4NjI3MjU3Nzk7aDI9Mjg3NzM5ODUyMjtoMz0yODE2OTEyNTI1O2g0PTE5OTg1MTYxNjsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01583{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056438162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056438162,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01602{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319056314229,"flow_dst_last_pkt_time":1484319056438162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056438162,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056481232,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1484319056481232,"pkt":"5JjWH70UgCqoTGHMCABFIAI5AABAADsGWG0X9guNwKgBBwBQz72N4Tx\/gHq8VIAQCAJ0XQAAAQEICnPR0PkfZRDuSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NzoxMyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zMTQ0MzE0NDtoMT0zNzA4MzgzMjg3O2gyPTM4ODgxMTQyNjc7aDM9MjMzMzc4ODI2NztoND0xODYyMzgzNDIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgxO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQoNCg=="}
-01582{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056481232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1484319056481232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+01601{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319056336202,"flow_dst_last_pkt_time":1484319056481232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1484319056481232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056498941,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"thread_ts_usec":1484319056498941,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz749DprPbTkLIYAQCAICSgAAAQEICsTv9WUfZRDwSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1NjowNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMTI4ODE4ODczO2gxPTQxNDYxMDk3OTg7aDI9NDY4ODMxMDcxO2gzPTE2MDgwNTYwNzc7aDQ9NDI2NDEzMTg0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
-01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056498941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056498941,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
-02465{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":394,"avg":201312.9,"max":2097549,"stddev":403399.4,"var":162731114496.0,"ent":3.6,"data": [61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903]},"pktlen": {"min":52,"avg":493.7,"max":1500,"stddev":638.1,"var":407212.3,"ent":3.9,"data": [64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1],"entropies": [4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02468{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":135,"avg":280753.9,"max":1046959,"stddev":300914.6,"var":90549583872.0,"ent":4.2,"data": [43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897]},"pktlen": {"min":52,"avg":490.1,"max":1500,"stddev":638.9,"var":408170.9,"ent":3.9,"data": [64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1],"entropies": [4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02475{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":978,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":569,"avg":284358.9,"max":1636184,"stddev":362564.9,"var":131453321216.0,"ent":4.0,"data": [16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864]},"pktlen": {"min":52,"avg":536.6,"max":1500,"stddev":657.9,"var":432827.8,"ent":3.9,"data": [64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02488{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":984,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4949,"avg":290996.3,"max":1397235,"stddev":314333.5,"var":98805530624.0,"ent":4.2,"data": [23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490]},"pktlen": {"min":52,"avg":716.2,"max":1500,"stddev":699.0,"var":488561.8,"ent":4.2,"data": [64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02471{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":342,"avg":300105.7,"max":2716440,"stddev":539188.2,"var":290723889152.0,"ent":3.6,"data": [61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098]},"pktlen": {"min":52,"avg":492.6,"max":1500,"stddev":638.8,"var":408052.9,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02466{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":302592.9,"max":3094333,"stddev":556136.4,"var":309287714816.0,"ent":3.7,"data": [19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619]},"pktlen": {"min":52,"avg":447.8,"max":1500,"stddev":616.5,"var":380048.7,"ent":3.8,"data": [64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02463{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1024,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":266,"avg":294252.3,"max":2608516,"stddev":529173.0,"var":280024055808.0,"ent":3.5,"data": [61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559]},"pktlen": {"min":52,"avg":449.2,"max":1500,"stddev":615.6,"var":378913.2,"ent":3.8,"data": [64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0],"entropies": [4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02466{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":322294.1,"max":3064500,"stddev":576519.8,"var":332375130112.0,"ent":3.6,"data": [11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284]},"pktlen": {"min":52,"avg":495.0,"max":1500,"stddev":637.2,"var":406023.8,"ent":3.9,"data": [64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1],"entropies": [4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02473{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1058,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02472{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-02467{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01600{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319056347066,"flow_dst_last_pkt_time":1484319056498941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":518,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":518,"midstream":0,"thread_ts_usec":1484319056498941,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":200,"content_type":"application\/octet-stream","user_agent":"netflix-ios-app"}}}
+02484{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319059351882,"flow_dst_last_pkt_time":1484319059371795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319059371795,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":394,"avg":201312.9,"max":2097549,"stddev":403399.4,"var":162731114496.0,"ent":3.6,"data": [61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903]},"pktlen": {"min":52,"avg":493.7,"max":1500,"stddev":638.1,"var":407212.3,"ent":3.9,"data": [64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1],"entropies": [4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02487{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319060551613,"flow_dst_last_pkt_time":1484319060618267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":13563,"midstream":0,"thread_ts_usec":1484319060618267,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":135,"avg":280753.9,"max":1046959,"stddev":300914.6,"var":90549583872.0,"ent":4.2,"data": [43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897]},"pktlen": {"min":52,"avg":490.1,"max":1500,"stddev":638.9,"var":408170.9,"ent":3.9,"data": [64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1],"entropies": [4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02494{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":978,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319060594060,"flow_dst_last_pkt_time":1484319060664663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319060664663,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":569,"avg":284358.9,"max":1636184,"stddev":362564.9,"var":131453321216.0,"ent":4.0,"data": [16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864]},"pktlen": {"min":52,"avg":536.6,"max":1500,"stddev":657.9,"var":432827.8,"ent":3.9,"data": [64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02507{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":984,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319060695068,"flow_dst_last_pkt_time":1484319060746254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":20790,"midstream":0,"thread_ts_usec":1484319060746254,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4949,"avg":290996.3,"max":1397235,"stddev":314333.5,"var":98805530624.0,"ent":4.2,"data": [23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490]},"pktlen": {"min":52,"avg":716.2,"max":1500,"stddev":699.0,"var":488561.8,"ent":4.2,"data": [64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02490{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319060916913,"flow_dst_last_pkt_time":1484319060915445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319060916913,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":342,"avg":300105.7,"max":2716440,"stddev":539188.2,"var":290723889152.0,"ent":3.6,"data": [61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098]},"pktlen": {"min":52,"avg":492.6,"max":1500,"stddev":638.8,"var":408052.9,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02485{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319060947278,"flow_dst_last_pkt_time":1484319060861747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":12102,"midstream":0,"thread_ts_usec":1484319060947278,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":302592.9,"max":3094333,"stddev":556136.4,"var":309287714816.0,"ent":3.7,"data": [19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619]},"pktlen": {"min":52,"avg":447.8,"max":1500,"stddev":616.5,"var":380048.7,"ent":3.8,"data": [64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02482{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1024,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319061168059,"flow_dst_last_pkt_time":1484319060482194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":12101,"midstream":0,"thread_ts_usec":1484319061168059,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":266,"avg":294252.3,"max":2608516,"stddev":529173.0,"var":280024055808.0,"ent":3.5,"data": [61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559]},"pktlen": {"min":52,"avg":449.2,"max":1500,"stddev":615.6,"var":378913.2,"ent":3.8,"data": [64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72]},"bins": {"c_to_s": [21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0],"entropies": [4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02485{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1031,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319061128980,"flow_dst_last_pkt_time":1484319061270358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061270358,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":322294.1,"max":3064500,"stddev":576519.8,"var":332375130112.0,"ent":3.6,"data": [11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284]},"pktlen": {"min":52,"avg":495.0,"max":1500,"stddev":637.2,"var":406023.8,"ent":3.9,"data": [64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1],"entropies": [4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02492{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1058,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319061706774,"flow_dst_last_pkt_time":1484319061794702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":13550,"midstream":0,"thread_ts_usec":1484319061794702,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":240,"avg":355944.2,"max":3546297,"stddev":682699.4,"var":466078498816.0,"ent":3.5,"data": [43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168]},"pktlen": {"min":52,"avg":493.2,"max":1500,"stddev":638.4,"var":407523.4,"ent":3.9,"data": [64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1],"entropies": [4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02491{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1131,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319062638948,"flow_dst_last_pkt_time":1484319062680623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":14998,"midstream":0,"thread_ts_usec":1484319062680623,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":72,"avg":414504.9,"max":4457097,"stddev":811357.3,"var":658300731392.0,"ent":3.6,"data": [41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793]},"pktlen": {"min":52,"avg":538.1,"max":1500,"stddev":656.8,"var":431419.8,"ent":3.9,"data": [64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02486{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1162,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319062946776,"flow_dst_last_pkt_time":1484319063015567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":10653,"midstream":0,"thread_ts_usec":1484319063015567,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":682,"avg":435375.1,"max":4431980,"stddev":814478.7,"var":663375511552.0,"ent":3.6,"data": [43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669]},"pktlen": {"min":52,"avg":404.2,"max":1500,"stddev":589.2,"var":347103.4,"ent":3.7,"data": [64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500]},"bins": {"c_to_s": [22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1],"entropies": [4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1269,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319063959877,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319064010312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":136,"avg":1958267.8,"max":30086001,"stddev":7379834.5,"var":54461959503872.0,"ent":1.1,"data": [47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822]},"pktlen": {"min":52,"avg":380.0,"max":1500,"stddev":556.9,"var":310128.2,"ent":3.8,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52]},"bins": {"c_to_s": [9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0],"s_to_c": [9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1],"entropies": [4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064590230,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064590230,"flow_dst_last_pkt_time":1484319064590230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064590230,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
@@ -349,7 +349,7 @@
 01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1484319064634961,"pkt":"gCqoTGHM5JjWH70UCABFAAIt069AAEAGh+rAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAYEBUSvwAAAQEICh9lL7NvH+70R0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wtcC1WZUlaNldLUnEtWDZMTXZhTHFneFdCQ3VGYmgwOU1wcmVPUlVVT081VHgxNjgzSFBuTFk2QlBqTl85bWxEdVlpaEdab1h1OXUwb3pIOFJGaW9CTl9KRE5pUnNjaWRqdm9TZFdtbHlaZ1BOYW5zVzBsa0JyNFg4MUh2bG9PaThCU19leFZTUGhNeUpRVEI1Ymcmdj0zJmU9MTQ4NDM0Nzg1MCZ0PS04dTR2bGNQdUZxY09Mbkx5YjlERHRLLWJCNCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtODk4DQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogQXBwbGVDb3JlTWVkaWEvMS4wLjAuMTRDOTIgKGlQaG9uZTsgVTsgQ1BVIE9TIDEwXzIgbGlrZSBNYWMgT1MgWDsgZW5fdXMpDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064620707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":505,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064634961,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 01307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064666580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":635,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":635,"pkt_l4_len":601,"thread_ts_usec":1484319064666580,"pkt":"5JjWH70UgCqoTGHMCABFIAJtAABAADsGWDkX9guNwKgBBwBQz8BQi7Oj89d7HIAQCAKAjwAAAQEICmLwwQkfZS+ySFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zODc0NDA1MjkxO2gxPTE2OTUxOTc4MzY7aDI9MzkxNzk2ODQ1MztoMz0xNjgzNjM2NjM2O2g0PTEyNTE5MTU3NTQ7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxODQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCkNvbnRlbnQtUmFuZ2U6IGJ5dGVzIDAtMjA1OC81MTgzODA5MA0KDQo="}
-01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064666580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":569,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":569,"midstream":0,"thread_ts_usec":1484319064666580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319064624064,"flow_dst_last_pkt_time":1484319064666580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":569,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":569,"midstream":0,"thread_ts_usec":1484319064666580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1303,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064669455,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064669455,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064669455,"flow_dst_last_pkt_time":1484319064669455,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319064669455,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319064671268,"flow_dst_last_pkt_time":1484319064671268,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064671268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -358,7 +358,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1484319064683828,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="}
 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064683828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064683828,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064684712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":632,"pkt_l4_len":598,"thread_ts_usec":1484319064684712,"pkt":"5JjWH70UgCqoTGHMCABFIAJqAABAADgGYz0X9gOMwKgBBwBQz78\/hnHNawM1jIAQCALNywAAAQEICm8f7y8fZS+zSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogODk5DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDAyIERlYyAyMDE1IDEzOjA0OjU0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFgtVENQLUluZm8sWC1TZXNzaW9uLUluZm8NClgtVENQLUluZm86IGgwPTE4NzYyODM3MjU7aDE9NDA2NDkwMzk0NDtoMj00MDQyNzE1Mjg1O2gzPTU1ODU2Mjg0MztoND0zODg1NTExNTIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgzO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQpDb250ZW50LVJhbmdlOiBieXRlcyAwLTg5OC8zMjQ2ODMzNQ0KDQo="}
-01603{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064684712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":566,"flow_src_tot_l4_payload_len":505,"flow_dst_tot_l4_payload_len":566,"midstream":0,"thread_ts_usec":1484319064684712,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01622{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319064634961,"flow_dst_last_pkt_time":1484319064684712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":505,"flow_dst_max_l4_payload_len":566,"flow_src_tot_l4_payload_len":505,"flow_dst_tot_l4_payload_len":566,"midstream":0,"thread_ts_usec":1484319064684712,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.3.140","http": {"url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1484319064699948,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="}
 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319064699948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"ichnaea.geo.netflix.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064711690,"flow_dst_last_pkt_time":1484319064711690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319064711690,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -387,7 +387,7 @@
 01705{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319064785302,"flow_dst_last_pkt_time":1484319064950196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2896,"midstream":0,"thread_ts_usec":1484319064950196,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"ichnaea.netflix.com","tls": {"version":"TLSv1.2","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d1909h2_b5dc49c6fcca_2cdefc264be7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}}
 02338{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1484319064671268,"flow_src_last_pkt_time":1484319065492035,"flow_dst_last_pkt_time":1484319065478679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9240,"flow_dst_tot_l4_payload_len":6755,"midstream":0,"thread_ts_usec":1484319065492035,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":182,"avg":52521.9,"max":282465,"stddev":58168.2,"var":3383536896.0,"ent":4.2,"data": [50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723]},"pktlen": {"min":52,"avg":552.5,"max":1500,"stddev":629.7,"var":396553.7,"ent":4.0,"data": [64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52]},"bins": {"c_to_s": [10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0],"entropies": [4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319065635020,"flow_dst_last_pkt_time":1484319065630720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":19082,"flow_dst_tot_l4_payload_len":3110,"midstream":0,"thread_ts_usec":1484319065635020,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":59431.0,"max":332646,"stddev":83335.9,"var":6944879104.0,"ent":3.8,"data": [69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549]},"pktlen": {"min":52,"avg":746.1,"max":1500,"stddev":703.8,"var":495333.0,"ent":4.2,"data": [64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500]},"bins": {"c_to_s": [6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0],"s_to_c": [6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0],"entropies": [4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
-02467{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02486{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319065741809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17969,"midstream":0,"thread_ts_usec":1484319066598421,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5292,"avg":101928.1,"max":730898,"stddev":155663.8,"var":24231225344.0,"ent":4.0,"data": [30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720]},"pktlen": {"min":52,"avg":648.3,"max":1500,"stddev":653.4,"var":426995.3,"ent":4.2,"data": [64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0],"entropies": [4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545]},"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070636683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070636683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1484319070636683,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1484319070636683,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1484319070655089,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
@@ -395,7 +395,7 @@
 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319070660268,"pkt":"gCqoTGHM5JjWH70UCABFAAIxzrJAAEAGhOrAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AYEBUYkAAAAQEICh9lRhiBi1beR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wxb3VWYUpwZVFMQldqR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9SmZFZWY4MEswMnluSWpMTG9pLUhaQjF1UTEwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjAxNg0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
 01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070655089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319070660268,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 01307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070683948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319070683948,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWEIX9guFwKgBBwBQz9pdV1SvcdRzr4AQCALHHwAAAQEICoGLVvsfZUYYSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MToxMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjAxNw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD03MjkyMTg0NzU7aDE9MzQ4NTc3ODU3MDtoMj00MTk0MzEzOTQzO2gzPTExOTYyNjI1MTY7aDQ9Mzc5NzQ1MzgwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxMDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDE2LzM1MzY4MzQ3DQoNCg=="}
-01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070683948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":568,"midstream":0,"thread_ts_usec":1484319070683948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070660268,"flow_dst_last_pkt_time":1484319070683948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":568,"midstream":0,"thread_ts_usec":1484319070683948,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.133","http": {"url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1484319033886061,"flow_src_last_pkt_time":1484319083007977,"flow_dst_last_pkt_time":1484319033886061,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":122,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032866374,"flow_dst_last_pkt_time":1484319032884052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":562,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319036827113,"flow_src_last_pkt_time":1484319036827113,"flow_dst_last_pkt_time":1484319036847572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1484319083007977,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
@@ -408,7 +408,7 @@
 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"thread_ts_usec":1484319091314892,"pkt":"gCqoTGHM5JjWH70UCABFAAIxbbBAAEAG5eTAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAYEBVzYQAAAQEICh9lk2L9PkKjR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKMlRMaHVpR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBQN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9RGgyNzh1MlVwQXBPQ0dVajVSeFY4YXpOV1g4IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
 01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1498,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091309083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319091314892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 01307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091339356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"thread_ts_usec":1484319091339356,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWDoX9guNwKgBBwBQz+FsswOgwIA4DoAQCAJKIQAAAQEICv0+QsAfZZNiSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yOTgzMTEwNzE7aDE9MzMxNjkzMDExMDtoMj0zNjA3NzYxMjI1O2gzPTE1NTc1ODQyMzk7aDQ9MTcxNjMzNjAwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxNzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDU4LzY4Mzk0NTQxDQoNCg=="}
-01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1499,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091339356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":568,"midstream":0,"thread_ts_usec":1484319091339356,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
+01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1499,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091314892,"flow_dst_last_pkt_time":1484319091339356,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":509,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":509,"flow_dst_tot_l4_payload_len":568,"midstream":0,"thread_ts_usec":1484319091339356,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"23.246.11.141","http": {"url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":206,"content_type":"application\/octet-stream","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1525,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319042988806,"flow_src_last_pkt_time":1484319042988806,"flow_dst_last_pkt_time":1484319043002781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1484319091694942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049641053,"flow_src_last_pkt_time":1484319049641053,"flow_dst_last_pkt_time":1484319049665892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1484319098014382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319048757894,"flow_src_last_pkt_time":1484319048757894,"flow_dst_last_pkt_time":1484319048776187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":150,"midstream":0,"thread_ts_usec":1484319098014382,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
@@ -531,30 +531,30 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319117511945,"flow_src_last_pkt_time":1484319117511945,"flow_dst_last_pkt_time":1484319117538934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319032882949,"flow_src_last_pkt_time":1484319032882949,"flow_dst_last_pkt_time":1484319032884500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319049645637,"flow_src_last_pkt_time":1484319049645637,"flow_dst_last_pkt_time":1484319049681348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":329,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052292468,"flow_dst_last_pkt_time":1484319052290715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":4860,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01224{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":20,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319063242076,"flow_dst_last_pkt_time":1484319063297170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":25,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319062135981,"flow_dst_last_pkt_time":1484319062134494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":19,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319063597246,"flow_dst_last_pkt_time":1484319063594994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21166,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":22,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319063369085,"flow_dst_last_pkt_time":1484319063367514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":26582,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":21,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319064277374,"flow_dst_last_pkt_time":1484319064275757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":24061,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":23,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319063240640,"flow_dst_last_pkt_time":1484319063283910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":25147,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":22,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319063764739,"flow_dst_last_pkt_time":1484319063789538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":29,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319063566368,"flow_dst_last_pkt_time":1484319063564465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":35622,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":21,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319062003848,"flow_dst_last_pkt_time":1484319062000609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319064484621,"flow_dst_last_pkt_time":1484319064524154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":21057,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01225{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":25,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319063421011,"flow_dst_last_pkt_time":1484319063419225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319066637070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":19417,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319065147554,"flow_dst_last_pkt_time":1484319065269365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":10445,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":32,"flow_first_seen":1484319050652467,"flow_src_last_pkt_time":1484319052229556,"flow_dst_last_pkt_time":1484319052226562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":41059,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1484319052216458,"flow_src_last_pkt_time":1484319052292468,"flow_dst_last_pkt_time":1484319052290715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":4860,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01243{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":34,"flow_first_seen":1484319054101585,"flow_src_last_pkt_time":1484319056189450,"flow_dst_last_pkt_time":1484319056186291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":354,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":354,"flow_dst_tot_l4_payload_len":42887,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":20,"flow_first_seen":1484319056204111,"flow_src_last_pkt_time":1484319063242076,"flow_dst_last_pkt_time":1484319063297170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21106,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":25,"flow_first_seen":1484319056210218,"flow_src_last_pkt_time":1484319062135981,"flow_dst_last_pkt_time":1484319062134494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":19,"flow_first_seen":1484319056214323,"flow_src_last_pkt_time":1484319063597246,"flow_dst_last_pkt_time":1484319063594994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":21166,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":22,"flow_first_seen":1484319056221799,"flow_src_last_pkt_time":1484319063369085,"flow_dst_last_pkt_time":1484319063367514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":26582,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":21,"flow_first_seen":1484319056232857,"flow_src_last_pkt_time":1484319064277374,"flow_dst_last_pkt_time":1484319064275757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":24061,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":23,"flow_first_seen":1484319056233255,"flow_src_last_pkt_time":1484319063240640,"flow_dst_last_pkt_time":1484319063283910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":25147,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":22,"flow_first_seen":1484319056233602,"flow_src_last_pkt_time":1484319063764739,"flow_dst_last_pkt_time":1484319063789538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":29,"flow_first_seen":1484319056234960,"flow_src_last_pkt_time":1484319063566368,"flow_dst_last_pkt_time":1484319063564465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":35622,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":21,"flow_first_seen":1484319056241489,"flow_src_last_pkt_time":1484319062003848,"flow_dst_last_pkt_time":1484319062000609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":24062,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":20,"flow_first_seen":1484319056264215,"flow_src_last_pkt_time":1484319064484621,"flow_dst_last_pkt_time":1484319064524154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":359,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":359,"flow_dst_tot_l4_payload_len":21057,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01244{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":25,"flow_first_seen":1484319056264541,"flow_src_last_pkt_time":1484319063421011,"flow_dst_last_pkt_time":1484319063419225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":28406,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1484319064590230,"flow_src_last_pkt_time":1484319066598421,"flow_dst_last_pkt_time":1484319066637070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":19417,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1484319064593980,"flow_src_last_pkt_time":1484319065147554,"flow_dst_last_pkt_time":1484319065269365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":10445,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1484319070636683,"flow_src_last_pkt_time":1484319070825326,"flow_dst_last_pkt_time":1484319070905880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":515,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":8954,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01246{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":18,"flow_first_seen":1484319091296070,"flow_src_last_pkt_time":1484319091498293,"flow_dst_last_pkt_time":1484319091694942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":518,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":22028,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"NetFlix","proto_by_ip_id":133,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1484319032888907,"flow_src_last_pkt_time":1484319063911876,"flow_dst_last_pkt_time":1484319063910283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":5170,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1484319033631945,"flow_src_last_pkt_time":1484319064012018,"flow_dst_last_pkt_time":1484319064010312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6334,"flow_dst_tot_l4_payload_len":4142,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1793,"packets-processed":1793,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1484319120726362}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1793,"packets-processed":1793,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":69,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1484319120726362}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1793/1793
 ~~ skipped flows.............: 0
@@ -563,10 +563,10 @@
 ~~ total active/idle flows...: 61/61
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6053097 bytes
-~~ total memory freed........: 6053097 bytes
+~~ total memory allocated....: 6054135 bytes
+~~ total memory freed........: 6054135 bytes
 ~~ total allocations/frees...: 88882/88882
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
-~~ json message max len.......: 2493 chars
-~~ json message avg len.......: 1516 chars
+~~ json message max len.......: 2512 chars
+~~ json message avg len.......: 1525 chars
diff --git a/test/results/default/netflow-fritz.pcap.out b/test/results/default/netflow-fritz.pcap.out
index 668a815fb..dbdcf1a3b 100644
--- a/test/results/default/netflow-fritz.pcap.out
+++ b/test/results/default/netflow-fritz.pcap.out
@@ -1,10 +1,10 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498072707863157}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498072707863157}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1498072707863157,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1498072707863157}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1498072707863157}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 979 chars
-~~ json message avg len.......: 755 chars
+~~ json message avg len.......: 754 chars
diff --git a/test/results/default/netflowv9.pcap.out b/test/results/default/netflowv9.pcap.out
index 4b9a8b1f8..d74337361 100644
--- a/test/results/default/netflowv9.pcap.out
+++ b/test/results/default/netflowv9.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568213026961189}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568213026961189}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02373{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1568213026961189,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="}
 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568213026961481,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1568213026961481,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBlAAEARgtfAqAKGwKgC3r31CAkFNPSKAAkAECROCO5dZ6gMFm+miwAAAAEBAwR0AAoEJE2MQyRNjEMAAAAAAAAAKAAAAAAAAAABBoG7GHW5sBu2oskQ8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2N2iRNjdoAAAAAAAAAKAAAAAAAAAABBo1U+k3KfY5lynQNPQIAkwAAJVUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE18SSRNfEkAAAAAAAAAKAAAAAAAAAABBoOfK0xgJbzk0x8idgIAkwAAQZMAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE138SRNd\/EAAAAAAAAAKAAAAAAAAAABBo0ow7ZcdiVKtb35CAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2GQyRNhkMAAAAAAAAAKAAAAAAAAAABBor0wQFcdiVKtb3HUgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DfiRNg34AAAAAAAAAKAAAAAAAAAABBor2FrZcdiVS2B5qjAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE18PyRNfD8AAAAAAAAAKAAAAAAAAAABBo1Up0FcdiVS2B5r1QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE17iyRNe4sAAAAAAAAAPAAAAAAAAAABBg3sBqCBu1q758J2XwIAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NhiRNjYYAAAAAAAAAKAAAAAAAAAABBor1iT+zPH\/q+PWRXwIAkwAEAA8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2S4iRNkuIAAAAAAAAAKAAAAAAAAAABBo1UPAVcdiVKtb3HQAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zyiRNf34AAAAAAAAAaAAAAAAAAAACBoG7N9cYhuyhXSkMOAIAkwAAemYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10QyRNicMAAAAAAAAOTQAAAAAAAAAOBkWtkIyNVA4cyLQBuxsAkwAAMhAAAGgrhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10VCRNiaAAAAAAAAAWCAAAAAAAAAAOBo1UDhxFrZCMAbvItBsAkwAAaCsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19oiRNfaIAAAAAAAAAKAAAAAAAAAABBo0otGR9QF7TkZskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBAgCkAAoEJE1+RiRNfkYAAAAAAAACnwAAAAAAAAABEY0or7OjrOWoV\/4TxACTAAAyTAAAMhDYZ9kYj9qEeKwVnUIAAAAAACAAAAAAAAAAAAAAAAAACgQkTYvDJE2LwwAAAAAAAABBAAAAAAAAAAERjVTKyMf3HnvTFQA1AJMAAE\/5AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="}
 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568213026961588,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1568213026961588,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVELBpAAEARgtrAqAKGwKgC3r31CAkFMBHrAAkAECROCO5dZ6gMFm+mjAAAAAEBAwUUAAoEJE2SMCRNkjAAAAAAAAAAKAAAAAAAAAABBo0oeEF9QF7TgbUkWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JaCRNiWgAAAAAAAAAKAAAAAAAAAABBo1UNRi50QAh4ToRYwIAkwAAl54AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5IiRNcjMAAAAAAAAZGgAAAAAAAAAUBhH4kiqK9g5D6DsBuxsAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5KyRNcicAAAAAAAA1qwAAAAAAAAAUBor2DkMR+JIqAbvoOxsAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AfyRNgH8AAAAAAAAAKAAAAAAAAAABBor2smFcdiVS2B5l6QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1vXSRNb10AAAAAAAAAKAAAAAAAAAABBo0oMRxcd6AhqNceOgIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1wriRNcNYAAAAAAAADlQAAAAAAAAALBhcAJ1qBuwkVzSYBuxoAkwAAMhAAAEDxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1wtyRNcQcAAAAAAAARmgAAAAAAAAAIBoG7CRUXACdaAbvNJhoAkwAAQPEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1voCRNb6AAAAAAAAAAKAAAAAAAAAABBo1Ua7JcdiVKtb08AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SPCRNkjwAAAAAAAAAKAAAAAAAAAABBoOftxy5sBu2oskg6gIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zjiRNc44AAAAAAAAAKAAAAAAAAAABBor0fg92t70V0O4XDAIAkwAAECYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SXiRNkl4AAAAAAAAAKAAAAAAAAAABBoG7fy+5sBu2oskgdQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zoCRNc6AAAAAAAAAAKAAAAAAAAAABBo0nrI+5sBv2sRRsPgIAkwADHowAAAKo2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MviRNj0UAAAAAAAAE2wAAAAAAAAAGBmj0KkiK9gKH15wBuxgAkwAAMhAAADRmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MxyRNjxMAAAAAAAAC1wAAAAAAAAAFBor2Aodo9CpIAbvXnBgAkwAANGYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15TyRNeU8AAAAAAAAAKAAAAAAAAAABBor1eIW5sBu2oskcOQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAA"}
 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026962107,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13468,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026962107,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568213026962107}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568213026962107}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498263 bytes
-~~ total memory freed........: 5498263 bytes
+~~ total memory allocated....: 5498287 bytes
+~~ total memory freed........: 5498287 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2379 chars
-~~ json message avg len.......: 1471 chars
+~~ json message avg len.......: 1470 chars
diff --git a/test/results/default/nfsv2.pcap.out b/test/results/default/nfsv2.pcap.out
index 592f5c580..53106d63b 100644
--- a/test/results/default/nfsv2.pcap.out
+++ b/test/results/default/nfsv2.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207338400000}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207338400000}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207338400000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMIAAEAR0zSLGRYCixkWZgzZAG8ASG3iOEEWnwAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="}
 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
@@ -39,7 +39,7 @@
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338410000,"flow_src_last_pkt_time":944207338410000,"flow_dst_last_pkt_time":944207338430000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338890000,"flow_src_last_pkt_time":944207338890000,"flow_dst_last_pkt_time":944207338890000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":944207338490000,"flow_src_last_pkt_time":944207338840000,"flow_dst_last_pkt_time":944207338840000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":9616,"flow_dst_tot_l4_payload_len":6260,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":156,"packets-processed":156,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":944207338890000}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":156,"packets-processed":156,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":944207338890000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 156/156
 ~~ skipped flows.............: 0
@@ -48,8 +48,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5515529 bytes
-~~ total memory freed........: 5515529 bytes
+~~ total memory allocated....: 5515649 bytes
+~~ total memory freed........: 5515649 bytes
 ~~ total allocations/frees...: 86082/86082
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/nfsv3.pcap.out b/test/results/default/nfsv3.pcap.out
index 38236aba8..05c2a37e3 100644
--- a/test/results/default/nfsv3.pcap.out
+++ b/test/results/default/nfsv3.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207397280000}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207397280000}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207397280000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZTwAAEAR0rqLGRYCixkWZgzfAG8ASDUOOENPaQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAADAAAAA3VkcAAAAAAAAAAAAA=="}
 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
@@ -44,7 +44,7 @@
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397750000,"flow_src_last_pkt_time":944207397750000,"flow_dst_last_pkt_time":944207397750000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397290000,"flow_src_last_pkt_time":944207397290000,"flow_dst_last_pkt_time":944207397290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":944207397400000,"flow_src_last_pkt_time":944207397690000,"flow_dst_last_pkt_time":944207397690000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":8004,"flow_dst_tot_l4_payload_len":8644,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":128,"packets-processed":128,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":944207397750000}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":128,"packets-processed":128,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":944207397750000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 128/128
 ~~ skipped flows.............: 0
@@ -53,8 +53,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5516889 bytes
-~~ total memory freed........: 5516889 bytes
+~~ total memory allocated....: 5517025 bytes
+~~ total memory freed........: 5517025 bytes
 ~~ total allocations/frees...: 86065/86065
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/nintendo.pcap.out b/test/results/default/nintendo.pcap.out
index 8ea7e3de1..5c14f4e1d 100644
--- a/test/results/default/nintendo.pcap.out
+++ b/test/results/default/nintendo.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1500731320644357}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1500731320644357}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1500731320644357,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"}
 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -151,7 +151,7 @@
 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731340981415,"flow_src_last_pkt_time":1500731340981415,"flow_dst_last_pkt_time":1500731340981415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":35,"flow_first_seen":1500731343061460,"flow_src_last_pkt_time":1500731348745514,"flow_dst_last_pkt_time":1500731348621566,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1212,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":43208,"flow_dst_tot_l4_payload_len":3556,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1500731323269434,"flow_src_last_pkt_time":1500731323270871,"flow_dst_last_pkt_time":1500731323269434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":228,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+01178{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731326270619,"flow_src_last_pkt_time":1500731326270619,"flow_dst_last_pkt_time":1500731326270619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":688,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":688,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1500731326644516,"flow_src_last_pkt_time":1500731327201452,"flow_dst_last_pkt_time":1500731327200386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2164,"flow_dst_tot_l4_payload_len":4197,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1500731341201471,"flow_src_last_pkt_time":1500731341710614,"flow_dst_last_pkt_time":1500731341709143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":2165,"flow_dst_tot_l4_payload_len":4198,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","proto_id":"91.173","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -161,7 +161,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1500731320764440,"flow_src_last_pkt_time":1500731321914139,"flow_dst_last_pkt_time":1500731321902107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":628,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1500731343274328,"flow_src_last_pkt_time":1500731343874408,"flow_dst_last_pkt_time":1500731343274328,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00941{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1500731342860163,"flow_src_last_pkt_time":1500731343591759,"flow_dst_last_pkt_time":1500731342860163,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1500731348756457}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1500731348756457}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1000/996
 ~~ skipped flows.............: 0
@@ -170,9 +170,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5588297 bytes
-~~ total memory freed........: 5588297 bytes
-~~ total allocations/frees...: 87094/87094
+~~ total memory allocated....: 5588654 bytes
+~~ total memory freed........: 5588654 bytes
+~~ total allocations/frees...: 87095/87095
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
 ~~ json message max len.......: 2209 chars
diff --git a/test/results/default/nntp.pcap.out b/test/results/default/nntp.pcap.out
index 0b1128482..f5f620c1a 100644
--- a/test/results/default/nntp.pcap.out
+++ b/test/results/default/nntp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423829,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="}
@@ -9,7 +9,7 @@
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":4345908.0,"max":25684268,"stddev":7782391.0,"var":60565611347968.0,"ent":3.1,"data": [157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283]},"pktlen": {"min":40,"avg":205.9,"max":1500,"stddev":397.4,"var":157950.1,"ent":3.6,"data": [60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0],"entropies": [4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258844993785292}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258844993785292}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 32/32
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500949 bytes
-~~ total memory freed........: 5500949 bytes
+~~ total memory allocated....: 5500973 bytes
+~~ total memory freed........: 5500973 bytes
 ~~ total allocations/frees...: 85893/85893
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/no_sni.pcap.out b/test/results/default/no_sni.pcap.out
index 3b32feb57..8d766a08d 100644
--- a/test/results/default/no_sni.pcap.out
+++ b/test/results/default/no_sni.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1604822444474923}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1604822444474923}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1604822444474923,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -76,7 +76,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445727508,"flow_dst_last_pkt_time":1604822445705929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":12913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447574511,"flow_dst_last_pkt_time":1604822447785853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":3583,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447595974,"flow_dst_last_pkt_time":1604822447807205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":3582,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":442,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1604822448523987}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":442,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1604822448523987}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 442/442
 ~~ skipped flows.............: 0
@@ -85,8 +85,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5572327 bytes
-~~ total memory freed........: 5572327 bytes
+~~ total memory allocated....: 5572463 bytes
+~~ total memory freed........: 5572463 bytes
 ~~ total allocations/frees...: 86418/86418
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/nomachine.pcapng.out b/test/results/default/nomachine.pcapng.out
index 050df0fd7..85611d788 100644
--- a/test/results/default/nomachine.pcapng.out
+++ b/test/results/default/nomachine.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703593377933911}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1703593377933911}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1703593377933911,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377933911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1703593377933911,"pkt":"CAAniDE88C90rUP1CABFAAA8XExAAEAGq2fAqFjnwKhY0LvUD6Ca7uG5AAAAAKACfXgzNwAAAgQFtAQCCAq5wW2uAAAAAAEDAwc="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1703593377933911,"flow_dst_last_pkt_time":1703593377934101,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1703593377934101,"pkt":"8C90rUP1CAAniDE8CABFAAA0fEFAAIAGS3rAqFjQwKhY5w+gu9QTl9o0mu7huoAS\/\/8GDgAAAgQFtAEDAwgBAQQC"}
@@ -17,7 +17,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1703593431350223,"flow_dst_last_pkt_time":1703593431337702,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":52,"pkt_l4_len":18,"thread_ts_usec":1703593431350223,"pkt":"CAAniDE88C90rUP1CABFEAAmt+RAAEART8rAqFjnwKhY0NrTD6AAEjMsAQABAAoAAwAAAA=="}
 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1703593431289999,"flow_src_last_pkt_time":1703593431710396,"flow_dst_last_pkt_time":1703593431783751,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":56019,"dst_port":4000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01117{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1703593377933911,"flow_src_last_pkt_time":1703593388402510,"flow_dst_last_pkt_time":1703593388402639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1241,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":2598,"midstream":0,"thread_ts_usec":1703593431783751,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.208","src_port":48084,"dst_port":4000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"NoMachine","proto_id":"378","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":73,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1703593431783751}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/nomachine.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":73,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1703593431783751}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 73/73
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502294 bytes
-~~ total memory freed........: 5502294 bytes
+~~ total memory allocated....: 5502334 bytes
+~~ total memory freed........: 5502334 bytes
 ~~ total allocations/frees...: 85946/85946
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/ocs.pcap.out b/test/results/default/ocs.pcap.out
index 6ff56503b..3ee9ae78e 100644
--- a/test/results/default/ocs.pcap.out
+++ b/test/results/default/ocs.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449652784341686}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449652784341686}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652784341686,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652784341686,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
@@ -134,7 +134,7 @@
 00952{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00953{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842535220,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","proto_id":"5.218","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1449652846380718}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1449652846380718}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 946/946
 ~~ skipped flows.............: 0
@@ -143,8 +143,8 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5577849 bytes
-~~ total memory freed........: 5577849 bytes
+~~ total memory allocated....: 5578177 bytes
+~~ total memory freed........: 5578177 bytes
 ~~ total allocations/frees...: 87051/87051
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
diff --git a/test/results/default/ocsp.pcapng.out b/test/results/default/ocsp.pcapng.out
index 1695ef308..209fe45c3 100644
--- a/test/results/default/ocsp.pcapng.out
+++ b/test/results/default/ocsp.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623221248283182}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623221248283182}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248283182,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623221248283182,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_usec":1623221248292856,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"}
@@ -7,7 +7,7 @@
 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":405,"thread_ts_usec":1623221248318158,"pkt":"pJGxgjQ56CrqthSFCABFAAGp7YpAAIAG62\/AqAHjbUbwgsKVAFBAnkIfoZ8N0VAYAgFHiQAAR0VUIC9WQS9BVVRILVJPT1QvTUZFd1R6Qk5NRXN3U1RBSkJnVXJEZ01DR2dVQUJCU3c0eDV2NGJUbGl6ak5SbVRka1lTeTdxMFI5Z1FVVXRpSU9zaWZlR2J0aWZON09IQ1V5UUlDTnRBQ0VFV1hNdGp6R010MWs2TDBhQSUyQlE2dGslM0QgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2UgPSAxMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBXZWQsIDIxIEFwciAyMDIxIDEzOjQ5OjM4IEdNVA0KSWYtTm9uZS1NYXRjaDogImRlMDQyYTM0N2M4MzUwNDcwNTI4NTdkZTE4NThjYTA2Yjc3ZTc4NmUiDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzEwLjANCkhvc3Q6IG9jc3AwNy5hY3RhbGlzLml0DQoNChmBEQkAUQBRAWQAAQAAAggAAAAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyeeDo="}
 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":385,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248318158,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp07.actalis.it","http": {"url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248329809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_usec":1623221248329809,"pkt":"6CrqthSFpJGxgjQ5CABFAAAoCt1AADUGGp9tRvCCwKgB4wBQwpWhnw3RQJ5DoFAQAB+YzAAAAAAAAAAAGYERCQBRAFEBZAABAAACCAAAAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVd3OEQ=="}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623222699655905}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623222699655905}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222699655905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699655905,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699659281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699659281,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"}
@@ -41,7 +41,7 @@
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091766742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623223091766742,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA09eZAAC8GfBuXi4AOwKgBgABQhiREDjpl1HrQroAQAQXUjAAAAQEICnuayJLLCQ4hGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JxURA=="}
 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222909833905,"flow_dst_last_pkt_time":1623222909829628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222892672181,"flow_dst_last_pkt_time":1623222892670553,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":702,"flow_src_tot_l4_payload_len":788,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1623226796047107}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1623226796047107}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226796047107,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796047107,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"}
 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796050182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796050182,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"}
@@ -52,7 +52,7 @@
 00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223090984057,"flow_src_last_pkt_time":1623223156058732,"flow_dst_last_pkt_time":1623223156084748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":393,"flow_dst_max_l4_payload_len":728,"flow_src_tot_l4_payload_len":393,"flow_dst_tot_l4_payload_len":1199,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223091709422,"flow_src_last_pkt_time":1623223156773701,"flow_dst_last_pkt_time":1623223156800666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":917,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 02274{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226898935296,"flow_dst_last_pkt_time":1623226888697884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623226898935296,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":297,"avg":6307708.5,"max":10240173,"stddev":4932344.5,"var":24328020164608.0,"ent":4.3,"data": [3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922]},"pktlen": {"min":104,"avg":215.7,"max":903,"stddev":247.8,"var":61420.8,"ent":4.3,"data": [112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0],"entropies": [3.868270159,4.279380798,4.030010700,6.270659924,4.342348576,7.048072815,4.407741547,4.407741547,4.327831268,4.388510704,4.373551369,4.383797169,4.361579418,4.395769119,4.336050510,4.388510704,4.327831268,6.267565727,7.008815289,4.357307434,6.261363029,7.018546581,4.348686218,4.395769119,4.303886890,4.330818176,4.342348576,4.395769119,4.342348576,4.414999962,4.272684097,4.376538277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1623227471703092}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1623227471703092}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471703092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471703092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"}
 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471715055,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"}
@@ -70,7 +70,7 @@
 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":23,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226963037756,"flow_dst_last_pkt_time":1623226963033362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623227472228502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 02275{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227587349174,"flow_dst_last_pkt_time":1623227584757187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":401,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1998,"midstream":0,"thread_ts_usec":1623227587349174,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7344654.5,"max":10240632,"stddev":4532510.5,"var":20543650660352.0,"ent":4.5,"data": [3378,7400,923,8114,615,0,9140,0,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877]},"pktlen": {"min":104,"avg":179.5,"max":1448,"stddev":263.0,"var":69147.6,"ent":4.2,"data": [112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.821438313,4.185985565,4.099675179,6.228553295,4.350049019,6.867750645,7.448840618,4.438944817,4.354762554,4.362021446,4.304766178,4.350049019,4.400483131,4.381252289,4.400483131,4.354762554,4.328273296,4.342790604,4.381252289,4.419713974,4.400483131,4.419713974,4.373993397,4.347504139,4.362021446,4.362021446,4.400483131,4.400483131,4.400483131,4.354762554,4.381252289,4.362021446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 02296{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623227587366039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":379,"avg":7461984.0,"max":10240568,"stddev":4364520.0,"var":19049033498624.0,"ent":4.6,"data": [11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865]},"pktlen": {"min":104,"avg":148.3,"max":1110,"stddev":185.9,"var":34567.0,"ent":4.5,"data": [112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1623229632695852}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1623229632695852}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229632695852,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632695852,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632706990,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"}
@@ -90,7 +90,7 @@
 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229697731607,"flow_dst_last_pkt_time":1623229697742645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":399,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":2325,"midstream":0,"thread_ts_usec":1623229853240025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229914599193,"flow_dst_last_pkt_time":1623229904370774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229914599193,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3776043.2,"max":10241196,"stddev":4797137.5,"var":23012529143808.0,"ent":3.6,"data": [12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196]},"pktlen": {"min":104,"avg":324.2,"max":1552,"stddev":431.7,"var":186386.9,"ent":4.1,"data": [112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229968257993,"flow_dst_last_pkt_time":1623229968253231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229968257993,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1623229968257993}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1623229968257993}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 344/344
 ~~ skipped flows.............: 0
@@ -99,10 +99,10 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529212 bytes
-~~ total memory freed........: 5529212 bytes
+~~ total memory allocated....: 5529380 bytes
+~~ total memory freed........: 5529380 bytes
 ~~ total allocations/frees...: 86360/86360
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 2301 chars
-~~ json message avg len.......: 1433 chars
+~~ json message avg len.......: 1432 chars
diff --git a/test/results/default/oicq.pcap.out b/test/results/default/oicq.pcap.out
index d3bbc04f7..52e57a375 100644
--- a/test/results/default/oicq.pcap.out
+++ b/test/results/default/oicq.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268613307049}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268613307049}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268613307049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPScAAH8RGbBak0XSOjwKLes1H0AANIavAjsLAAEAF1YfDHsAAAAAAAAAAAMMlJ+zUQxZy9Un0Z5pU0guyHcIAQMORwM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -7,12 +7,12 @@
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268913703107,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSgAAH8RGa9ak0XSOjwKLcqsH0AANFdMAjsLAAEAGFYfDHsAAAAAAAAAAJUhAaG8xF21dBTbCxrBaZ+t+aiKzUY1kAM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1680269514154280}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1680269514154280}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680269514154280,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSkAAH8RGa5ak0XSOjwKLc7\/H0AANPYkAjsLAAEAGVYfDHsAAAAAAAAAAKhtUEIbzHlgMmERsceS0laTgR+KI\/5vkgM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1680270114424358}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1680270114424358}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270114424358,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSoAAH8RGa1ak0XSOjwKLeuAH0AANLaSAjsLAAEAGlYfDHsAAAAAAAAAAHIfgiYehh8JPACfYPLg8l+caYHP9b+9JgM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -21,12 +21,12 @@
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270414717786,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSsAAH8RGaxak0XSOjwKLdycH0AANEx1AjsLAAEAG1YfDHsAAAAAAAAAANpJfKYT0Ryz+aBUCJQmm3E1JJMTGfDeMAM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271315336178}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271315336178}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680271315336178,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPSwAAH8RGaNak0XSOjwKLfaQH0AAPKJVAjsLAAEAHFYfDHsAAAAAAAAAAKF1kSEZtb31Z91P5eVH+3H\/XNRbq1mbBkN1QzOmufZjAw=="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680272216023814}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680272216023814}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272216023814,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS0AAH8RGapak0XSOjwKLf78H0AANGR+AjsLAAEAHVYfDHsAAAAAAAAAABC\/b\/FaO8NX3ow0SpVuxleAYQpSAJHDrAM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -35,12 +35,12 @@
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272516212933,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS4AAH8RGalak0XSOjwKLf2UH0AANMlWAjsLAAEAHlYfDHsAAAAAAAAAAI+qjiPRJ\/u\/cdGMS8LW+dngAZ0OFZuzPgM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1680273116819582}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1680273116819582}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273116819582,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS8AAH8RGahak0XSOjwKLcC8H0AANKFRAjsLAAEAH1YfDHsAAAAAAAAAAGiC69yGgMUx92oMUP15OHaWEtAFKBJg6gM="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1680273717338677}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1680273717338677}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273717338677,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTAAAH8RGadak0XSOjwKLeRCH0AANBEEAjsLAAEAIFYfDHsAAAAAAAAAAOQm9qMvASjhq0T6Cr3RQBjzmxHyj0olfgM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -49,12 +49,12 @@
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680274017625228,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTEAAH8RGaZak0XSOjwKLdgqH0AANBk0AjsLAAEAIVYfDHsAAAAAAAAAALAMY\/61mJRnLdmXH\/a+5XvG93JYzPFyvwM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1680274918349074}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1680274918349074}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680274918349074,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTIAAH8RGZ1ak0XSOjwKLdPZH0AAPHdfAjsLAAEAIlYfDHsAAAAAAAAAABJ4YEXvzr3zkL8fAPHU+AaqqxE1nh1DPhgzD2yLU4OaAw=="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1680275819196595}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1680275819196595}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680275819196595,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTMAAH8RGaRak0XSOjwKLdneH0AANEhvAjsLAAEAI1YfDHsAAAAAAAAAAA7tzaHdQBYXiEP2eDEHbqtlCQx3mvOOQwM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -63,12 +63,12 @@
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276119381110,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTQAAH8RGaNak0XSOjwKLc23H0AANGQTAjsLAAEAJFYfDHsAAAAAAAAAAH5\/86O6C\/6oc6QtupshFzvfGOzGq1kWMAM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1680276720080049}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1680276720080049}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276720080049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTUAAH8RGaJak0XSOjwKLeWtH0AANCNuAjsLAAEAJVYfDHsAAAAAAAAAAOfQosq40rbQVcEHr6+k1HsQqBLVBYy2SwM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1680277320536086}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1680277320536086}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277320536086,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTYAAH8RGaFak0XSOjwKLcSLH0AANDKiAjsLAAEAJlYfDHsAAAAAAAAAABPcV9TW4fy3oyeAa\/WodHk3effNstz6EQM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -77,7 +77,7 @@
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277620833862,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTcAAH8RGaBak0XSOjwKLf6LH0AANLaQAjsLAAEAJ1YfDHsAAAAAAAAAANS9Q3kd0FmYWd3Uf+Xg+P4mhn413hSayQM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277620833862,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1680278521565201}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1680278521565201}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680278521565201,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTgAAH8RGZdak0XSOjwKLemaH0AAPB4SAjsLAAEAKFYfDHsAAAAAAAAAAKFll4WxNdJzXtLohsymAZ1jNPZvKGZFaXXrxKKKG7vTAw=="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -86,7 +86,7 @@
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279061837712,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTkAAH8RGZZak0XSOjwKLewSH0AAPPJqAjsLAAEAKVYfDHsAAAAAAAAAAJhDGOK9LMdpjjjviAsbixbbc8osj3yMjsE0K023rJnBAw=="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279061837712,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60434,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1680279121904368}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1680279121904368}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680279121904368,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPToAAH8RGZ1ak0XSOjwKLewUH0AANBeiAjsLAAEAKlYfDHsAAAAAAAAAABvY2XPSxvc7WnJKZ5fJlh+djy9P\/NTEXwM="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -129,7 +129,7 @@
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279542287953,"flow_src_last_pkt_time":1680279542287953,"flow_dst_last_pkt_time":1680279542287953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":57872,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1680279722494153}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1680279722494153}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279722494153,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPUIAAH8RGY1ak0XSOjwKLe7rH0AAPKRcAjsLAAEAMlYfDHsAAAAAAAAAANlKD4uzkK+P1FvZR1\/HG2wowc5Ia4pes0u+tN09VwqFAw=="}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
@@ -143,7 +143,7 @@
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1680279962659139}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1680279962659139}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 29/29
 ~~ skipped flows.............: 0
@@ -152,10 +152,10 @@
 ~~ total active/idle flows...: 29/29
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5559630 bytes
-~~ total memory freed........: 5559630 bytes
+~~ total memory allocated....: 5560102 bytes
+~~ total memory freed........: 5560102 bytes
 ~~ total allocations/frees...: 86197/86197
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 966 chars
-~~ json message avg len.......: 766 chars
+~~ json message avg len.......: 765 chars
diff --git a/test/results/default/ookla.pcap.out b/test/results/default/ookla.pcap.out
index 9e3818111..d5d055be6 100644
--- a/test/results/default/ookla.pcap.out
+++ b/test/results/default/ookla.pcap.out
@@ -1,4 +1,4 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="}
@@ -12,7 +12,7 @@
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
@@ -31,7 +31,7 @@
 00919{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="}
@@ -53,7 +53,7 @@
 01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 113/113
 ~~ skipped flows.............: 0
@@ -62,8 +62,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529549 bytes
-~~ total memory freed........: 5529549 bytes
+~~ total memory allocated....: 5529653 bytes
+~~ total memory freed........: 5529653 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 520 chars
diff --git a/test/results/default/opc-ua.pcap.out b/test/results/default/opc-ua.pcap.out
index 794acab4d..f99bee693 100644
--- a/test/results/default/opc-ua.pcap.out
+++ b/test/results/default/opc-ua.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1667935846902658}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1667935846902658}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902658,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902658,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB4EwS6GFQCpcAAAAAsAL\/\/\/40AAACBD\/YAQMDBgEBCAoPc0QGAAAAAAQCAAA="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1667935846902658,"flow_dst_last_pkt_time":1667935846902713,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1667935846902713,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEujgTNa5EYBhUAqYsBL\/\/\/40AAACBD\/YAQMDBgEBCArMdzRpD3NEBgQCAAA="}
@@ -9,7 +9,7 @@
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846902780,"flow_dst_last_pkt_time":1667935846902729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667935846902780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02095{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846904298,"flow_dst_last_pkt_time":1667935846904284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":1518,"midstream":0,"thread_ts_usec":1667935846904298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":105.4,"max":198,"stddev":44.3,"var":1960.7,"ent":4.8,"data": [55,64,16,58,86,65,129,99,163,105,151,161,191,96,147,149,198,71,115,70,128,91,151,80,135,60,116,75,126,40,75]},"pktlen": {"min":52,"avg":127.3,"max":660,"stddev":136.7,"var":18687.8,"ent":4.5,"data": [64,64,52,52,108,52,80,52,184,52,187,52,145,52,556,52,218,52,660,52,213,52,148,52,179,52,123,52,185,52,128,52]},"bins": {"c_to_s": [9,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [3.813809156,4.504331589,4.429176807,4.429176807,4.495126247,4.429176807,3.962491751,4.429176807,4.640767574,4.429176331,4.837442398,4.429176807,4.591342926,4.429176807,5.161721230,4.467638016,4.647413254,4.506099701,5.545300007,4.506099701,4.926007271,4.506099701,5.000817299,4.467638016,4.492839813,4.429176331,4.218745708,4.467638016,4.550030231,4.506099701,4.219731808,4.506099701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":191,"flow_dst_packets_processed":190,"flow_first_seen":1667935846902658,"flow_src_last_pkt_time":1667935846916720,"flow_dst_last_pkt_time":1667935846916692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":608,"flow_src_tot_l4_payload_len":12547,"flow_dst_tot_l4_payload_len":11671,"midstream":0,"thread_ts_usec":1667935846916720,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57420,"dst_port":4840,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OPC-UA","proto_id":"360","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":381,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1667935846916720}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/opc-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":381,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":24218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1667935846916720}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 381/381
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509022 bytes
-~~ total memory freed........: 5509022 bytes
+~~ total memory allocated....: 5509046 bytes
+~~ total memory freed........: 5509046 bytes
 ~~ total allocations/frees...: 86241/86241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/openflow.pcap.out b/test/results/default/openflow.pcap.out
index 2d73bc611..882b859ac 100644
--- a/test/results/default/openflow.pcap.out
+++ b/test/results/default/openflow.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1510651647846988}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1510651647846988}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647846988,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647846988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647846988,"pkt":"AAAAAAAAAAAAAAAACABFwAA8Z\/pAAEAG4fNrbgyZa24MmcBSGf3IJEYqAAAAAKACqqrwPAAAAgT\/1wQCCAoALSHQAAAAAAEDAwk="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1510651647846988,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1510651647847008,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGSq5rbgyZa24MmRn9wFJJ4VK7yCRGK6ASqqrwPAAAAgT\/1wQCCAoALSHQAC0h0AEDAwk="}
@@ -8,7 +8,7 @@
 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1510651647847632,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1510651647847632,"flow_dst_last_pkt_time":1510651647847645,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1510651647847645,"pkt":"AAAAAAAAAAAAAAAACABFAAA0c2xAAEAG10lrbgyZa24MmRn9wFJJ4VK8yCRGO4AQAFbwNAAAAQEICgAtIdAALSHQ"}
 00979{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1510651647846988,"flow_src_last_pkt_time":1510651647905026,"flow_dst_last_pkt_time":1510651647905037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":332,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1510651647905037,"l3_proto":"ip4","src_ip":"107.110.12.153","dst_ip":"107.110.12.153","src_port":49234,"dst_port":6653,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenFlow","proto_id":"374","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1510651647905037}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/openflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1510651647905037}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 21/21
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498582 bytes
-~~ total memory freed........: 5498582 bytes
+~~ total memory allocated....: 5498606 bytes
+~~ total memory freed........: 5498606 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/openvpn-tlscrypt.pcap.out b/test/results/default/openvpn-tlscrypt.pcap.out
index 634e5fe0b..e0c337d1f 100644
--- a/test/results/default/openvpn-tlscrypt.pcap.out
+++ b/test/results/default/openvpn-tlscrypt.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1650106007514745}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1650106007514745}
 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007514745,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007514745}
 00842{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":405,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":405,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwABaRFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAWkBfFCq4GUSOSo9cQoBAAFiWp6XherXcA1dGNrI8eubMXtGovw1Gcq1hdE0qSUXmN9QbxiDHRd46a7OiejGf1dD0MPk4iucd50FgFsaMnpdKvypl7fcSL6ohZSXGm7q1VBY8vKe9uQ52nT4SNExbKeYnzCdcXAfwk\/FqGgC\/tbvoBcc74afkQpK7kdFf49mTbep5TnmLGPzWHjnLPlPib+XvNsvz0ntneaqSEej3IloClIOfCArUmV3ucL7TMZRFHq4GBHofdtPNchyySFJKbBdlA8tkOwMjwU8ATZ0thPHxVzFj6Nwe+jwNEVhalfdlupTlLKZ\/EsuTPZvrhx5yq9zVSvCFUM8sE580FCdW+ddBcK4ILd7gpE\/ORn10yhAhU\/9fhK2ZDFkqZpIcAVdnYrSLyTUxrnVjIDSZoHpnudZAn49hekKUis716LXd7iG+kOAQ8ppqcL3Vjv6f\/S9\/soh9AEr"}
 00318{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007515553,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007515553}
@@ -26,7 +26,7 @@
 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":248,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":248,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAABwAAzBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEEqtvAAMwA3yBTyW3Qg3JP0gAAAAZiWp6X4TDBIj8FMKCaMGy\/5ppNpwFzKVqGm07B36mb8sfDutACsCazoooxAb09CRBKtSSDOB3ZoXaoXyS+AxDcWnf8fqBBdRVMr4bMrblk8fe\/T314qX91El37bQjPox1pBmWax8jkLpKXOvxWBajpFyDQTvf1njtU3SEGXPy3HJLedps5puK\/Wtnjr0\/0cynLmVYV7YNEe3kt2L0G+rZHwBdj5AWPBi0k23NNNWJhCbObgxbiUXc="}
 00320{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1650106007530072,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","layer_type":503316480,"global_ts_usec":1650106007530072}
 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1650106007514745,"pkt":"HgAAAGAHDwAARhFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAHbwASqAEYAWSiq4GUSOSo9cQoBAAdiWp6XPFguvZHWBZ3ZLhr23uKiXBCtKXDrqUfT5cYY6helo7UeWDO\/E8ZZKOGZeZDi"}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1650106007530072}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/openvpn-tlscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1650106007530072}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 13/0
 ~~ skipped flows.............: 0
@@ -35,8 +35,8 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 323 chars
diff --git a/test/results/default/openvpn.pcap.out b/test/results/default/openvpn.pcap.out
index 559dc24fd..8c8df7ad5 100644
--- a/test/results/default/openvpn.pcap.out
+++ b/test/results/default/openvpn.pcap.out
@@ -1,4 +1,4 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62262978,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":62262978,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_usec":62262978,"pkt":"UlQAOP1WCAAnCEHSCABFAAAqNcoAAIARnYrAqEsSpqG1EuspAbsAFurKODNIV3A9lts5AAAAAAA="}
 00741{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":62409352,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62409352,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -13,7 +13,7 @@
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562792,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc0AAIARnX\/AqEsSpqG1EuspAbsAHlkyKDNIV3A9lts5AQAAAAHTHDppZGAvoA=="}
 01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62562792,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":291,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":349,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":62562792,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":62562858,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":62562858,"pkt":"UlQAOP1WCAAnCEHSCABFAAAyNc4AAIARnX7AqEsSpqG1EuspAbsAHlkxKDNIV3A9lts5AQAAAALTHDppZGAvoA=="}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1358197736781122}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":9046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1358197736781122}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="}
@@ -24,7 +24,7 @@
 02155{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":62409352,"flow_src_last_pkt_time":64743583,"flow_dst_last_pkt_time":62409352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"69.197.143.179","dst_ip":"10.0.2.15","src_port":443,"dst_port":60201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":62262978,"flow_src_last_pkt_time":62569622,"flow_dst_last_pkt_time":62262978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2915,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197741033539,"l3_proto":"ip4","src_ip":"192.168.75.18","dst_ip":"166.161.181.18","src_port":60201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1467904946700231}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1467904946700231}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467904946700231,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946700231,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946755145,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="}
@@ -34,7 +34,7 @@
 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1467904951543523,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1470218591746723}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":32835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1470218591746723}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470218591746723,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1470218591746723,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1470218591941902,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"}
@@ -44,7 +44,7 @@
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218592119150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1470218592119150,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="}
 02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":395,"packets-processed":394,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1472334890224928}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":395,"packets-processed":394,"total-skipped-flows":0,"total-l4-payload-len":42908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1472334890224928}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472334890224928,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334890224928,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334892420816,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"}
@@ -54,7 +54,7 @@
 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1472334892467660,"flow_dst_last_pkt_time":1472334892467380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1472334892467660,"pkt":"mAyC0zx8MFLLbJwbCABFAAFLfN5AAEARrkTAqCsSizuXiTVwNXABNw\/IIGYO4pqkkLBZmyjlNBaAxD3dZ4KkKKFzUtIqpCkAAAAEV8IMKgAAAAABFgMBAQABAAD8AwPWitxhdgXJqtNghCcqHLNlospc\/gDFPYmAVgJE80nHTgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
 02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":515,"packets-processed":514,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1512848303527265}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":515,"packets-processed":514,"total-skipped-flows":0,"total-l4-payload-len":66040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1512848303527265}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="}
@@ -64,7 +64,7 @@
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1512848303868693,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1512848303868693,"pkt":"AAAArFWYSEb7fvLiCABFAABXqX4AAD4Rxi8Db6ZOVYYNpcfKBKoAQ1UHIDn97S2qEKQ3AAAAAAIACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1512848313443088,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":615,"packets-processed":614,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1674530805823658}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":615,"packets-processed":614,"total-skipped-flows":0,"total-l4-payload-len":77302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1674530805823658}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674530805823658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805823658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1674530805823658,"pkt":"3q0AAL7vyv4AALq+CABFAAA8en1AAEAG6fp\/AAABfwAAAY0qAbtCnC8cAAAAAKAC+vDWcgAAAgQFtAQCCAqSkA+aAAAAAAEDAwc="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1674530805823658,"flow_dst_last_pkt_time":1674530805845857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1674530805845857,"pkt":"yv4AALq+3q0AAL7vCABFAAAsFhoAAIAGTm5\/AAABfwAAAQG7jSoFklDgQpwvHWAS+vBv0AAAAgQFtAAA"}
@@ -75,7 +75,7 @@
 02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530806238844,"flow_dst_last_pkt_time":1674530806238807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":3980,"flow_dst_tot_l4_payload_len":4153,"midstream":0,"thread_ts_usec":1674530806238844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":26785.0,"max":221529,"stddev":54768.3,"var":2999562752.0,"ent":3.1,"data": [22199,22283,1235,1541,24351,24605,380,617,225,122,221396,221529,844,1007,149,112,201,197,52335,56406,4152,2697,123,2780,147,117,34,22205,65582,61984,18780]},"pktlen": {"min":40,"avg":296.7,"max":1500,"stddev":446.1,"var":199012.8,"ent":3.8,"data": [60,46,40,96,46,108,40,104,46,395,46,1166,40,104,1426,40,46,104,46,976,104,46,1166,1500,46,767,46,46,104,40,613,40]},"bins": {"c_to_s": [7,1,4,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,0],"entropies": [4.369529724,4.398030758,4.339823246,5.763498783,3.898455381,5.946529865,4.389823437,5.850727081,3.985411644,7.430057526,3.941933870,7.823157787,4.339823246,5.788781643,7.836597443,4.289823055,3.985411644,5.865244389,3.985411644,7.759013176,5.942167759,3.985411882,7.803529263,7.856170654,3.985411882,7.761924267,3.985411882,3.941933393,5.743062019,4.172574520,7.582319260,4.339823246]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":49,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848321248132,"flow_dst_last_pkt_time":1512848321143065,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":4911,"flow_dst_tot_l4_payload_len":6351,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1674530805823658,"flow_src_last_pkt_time":1674530807378228,"flow_dst_last_pkt_time":1674530807378181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1386,"flow_src_tot_l4_payload_len":4290,"flow_dst_tot_l4_payload_len":4516,"midstream":0,"thread_ts_usec":1674530807378228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36138,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":660,"packets-processed":660,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":78,"global_ts_usec":1674530807378228}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":660,"packets-processed":660,"total-skipped-flows":0,"total-l4-payload-len":86108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":78,"global_ts_usec":1674530807378228}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 660/660
 ~~ skipped flows.............: 0
@@ -84,9 +84,9 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5538549 bytes
-~~ total memory freed........: 5538549 bytes
-~~ total allocations/frees...: 86604/86604
+~~ total memory allocated....: 5538698 bytes
+~~ total memory freed........: 5538698 bytes
+~~ total allocations/frees...: 86605/86605
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 508 chars
 ~~ json message max len.......: 2325 chars
diff --git a/test/results/default/openvpn_nohmac.pcapng.out b/test/results/default/openvpn_nohmac.pcapng.out
index 501ed198e..280f8ad86 100644
--- a/test/results/default/openvpn_nohmac.pcapng.out
+++ b/test/results/default/openvpn_nohmac.pcapng.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512848303527265}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512848303527265}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512848303527265,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303527265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1512848303527265,"pkt":"AAAArFWYSEb7fvLiCABFAAAqQmkAAD4RLXIDb6ZOVYYNpcfKBKoAFnrvODn97S2qEKQ3AAAAAAAt+EmW"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512848303527265,"flow_dst_last_pkt_time":1512848303743400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1512848303743400,"pkt":"AAAArFWYSEb7fvLiCABFAAA2y2xAADkRaWJVhg2lA2+mTgSqx8oAIoFUQJQhkX3nJncpAQAAAAA5\/e0tqhCkNwAAAAA="}
@@ -10,7 +10,7 @@
 02202{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848306813195,"flow_dst_last_pkt_time":1512848307027916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":1541,"flow_dst_tot_l4_payload_len":4853,"midstream":0,"thread_ts_usec":1512848307027916,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":55,"avg":218922.0,"max":2241123,"stddev":513027.0,"var":263196672000.0,"ent":2.8,"data": [216135,332238,5799,3391,337897,57968,55,73,70,307059,10023,20531,1960235,1520,628,2241123,1704,736,299000,1497,2293,245,299952,1982,1336,694,338474,1245,1483,269,340926]},"pktlen": {"min":46,"avg":227.9,"max":1228,"stddev":364.9,"var":133184.4,"ent":3.9,"data": [46,54,50,142,87,50,1228,1216,1216,1081,50,50,50,154,142,142,50,50,50,142,142,142,142,50,50,50,50,142,142,142,142,50]},"bins": {"c_to_s": [5,1,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1],"entropies": [4.654558659,4.847117901,5.033267975,5.334950447,4.532369614,5.090824604,7.356415749,6.728867531,7.721350193,7.639185429,5.043854713,5.083854675,5.083854675,5.445907116,5.474620342,5.589630604,5.130824566,5.130824566,5.130824566,5.699376583,5.737064838,5.865118027,5.840532780,5.130824566,5.170824528,5.130824566,5.130824566,6.471548557,6.580770969,5.929418087,6.097649097,5.130825043]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":922,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":581,"flow_dst_packets_processed":340,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848356295428,"flow_dst_last_pkt_time":1512848355480664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":112143,"flow_dst_tot_l4_payload_len":149150,"midstream":0,"thread_ts_usec":1512848356295428,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":594,"flow_dst_packets_processed":350,"flow_first_seen":1512848303527265,"flow_src_last_pkt_time":1512848376745041,"flow_dst_last_pkt_time":1512848376774734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":14,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1445,"flow_src_tot_l4_payload_len":113447,"flow_dst_tot_l4_payload_len":150832,"midstream":0,"thread_ts_usec":1512848376774734,"l3_proto":"ip4","src_ip":"3.111.166.78","dst_ip":"85.134.13.165","src_port":51146,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":944,"packets-processed":944,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1512848376774734}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/openvpn_nohmac.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":944,"packets-processed":944,"total-skipped-flows":0,"total-l4-payload-len":264279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1512848376774734}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 944/944
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525349 bytes
-~~ total memory freed........: 5525349 bytes
+~~ total memory allocated....: 5525373 bytes
+~~ total memory freed........: 5525373 bytes
 ~~ total allocations/frees...: 86804/86804
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/openvpn_nohmac_tcp.pcapng.out b/test/results/default/openvpn_nohmac_tcp.pcapng.out
index 7ff49abf7..0a0ebc259 100644
--- a/test/results/default/openvpn_nohmac_tcp.pcapng.out
+++ b/test/results/default/openvpn_nohmac_tcp.pcapng.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1358197736781122}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1358197736781122}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1358197736781122,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781122,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781122,"pkt":"CAAnQNKjCAAns07aCABFAAA84dtAAEAGEJgKtet6CvtHHptcBKpaoHPGAAAAAKACOQjGKgAAAgQFtAQCCAr\/\/5IdAAAAAAEDAwE="}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1358197736781122,"flow_dst_last_pkt_time":1358197736781340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1358197736781340,"pkt":"CAAns07aCAAnQNKjCABFAAA8AABAAEAG8nMK+0ceCrXregSqm1zryb8hWqBzx6ASOJCClwAAAgQFtAQCCAr\/\/5kO\/\/+SHQEDAwE="}
@@ -9,7 +9,7 @@
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737794869,"flow_dst_last_pkt_time":1358197737799430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1358197737799430,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197737942660,"flow_dst_last_pkt_time":1358197737942559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":274,"flow_dst_max_l4_payload_len":348,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1358197737942660,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":210,"avg":74934.7,"max":1014473,"stddev":247074.6,"var":61045854208.0,"ent":1.8,"data": [218,377,1013370,1014473,3617,5492,3300,44879,40998,530,345,40353,40401,992,18067,17798,428,281,37075,37264,287,268,279,211,265,252,249,261,212,223,210]},"pktlen": {"min":52,"avg":115.4,"max":400,"stddev":89.5,"var":8001.3,"ent":4.7,"data": [60,60,52,68,52,80,52,76,52,326,52,76,52,76,52,180,52,400,76,52,168,104,168,76,284,76,168,100,168,76,284,76]},"bins": {"c_to_s": [14,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,4,1,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.634053230,5.054204941,5.039584637,5.193215847,5.116507530,5.177333832,5.039584637,5.369915009,5.116507530,5.342938900,5.025067329,5.315114975,4.909682751,5.326361656,4.986606121,5.801545143,4.986606121,5.423783302,5.341430664,5.025067806,6.420508862,5.262471199,6.588784218,5.395376205,6.650779724,5.395376205,6.047887802,5.337505817,5.757668018,5.421691895,6.887341976,5.316428661]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":95,"flow_first_seen":1358197736781122,"flow_src_last_pkt_time":1358197768802378,"flow_dst_last_pkt_time":1358197768801647,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":6986,"flow_dst_tot_l4_payload_len":7709,"midstream":0,"thread_ts_usec":1358197768802378,"l3_proto":"ip4","src_ip":"10.181.235.122","dst_ip":"10.251.71.30","src_port":39772,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":195,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1358197768802378}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/openvpn_nohmac_tcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":195,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":14695,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1358197768802378}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 195/195
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505676 bytes
-~~ total memory freed........: 5505676 bytes
+~~ total memory allocated....: 5505700 bytes
+~~ total memory freed........: 5505700 bytes
 ~~ total allocations/frees...: 86056/86056
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/opera-vpn.pcapng.out b/test/results/default/opera-vpn.pcapng.out
index bee908e8d..dc5b42572 100644
--- a/test/results/default/opera-vpn.pcapng.out
+++ b/test/results/default/opera-vpn.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694275752994885}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694275752994885}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275752994885,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275752994885,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjGAbuXrZxyAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKE5KNpgAAAAAEAgAA"}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753007782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753007782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -615,7 +615,7 @@
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760309706,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760807493,"flow_dst_last_pkt_time":1694275760807237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6089,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760841495,"flow_dst_last_pkt_time":1694275760839879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1996,"flow_dst_tot_l4_payload_len":2516,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3200,"packets-processed":3200,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1694275760841495}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3200,"packets-processed":3200,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1694275760841495}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3200/3200
 ~~ skipped flows.............: 0
@@ -624,8 +624,8 @@
 ~~ total active/idle flows...: 62/62
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6118108 bytes
-~~ total memory freed........: 6118108 bytes
+~~ total memory allocated....: 6119108 bytes
+~~ total memory freed........: 6119108 bytes
 ~~ total allocations/frees...: 90038/90038
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/oracle12.pcapng.out b/test/results/default/oracle12.pcapng.out
index 2c69bab9d..9d29c9cc0 100644
--- a/test/results/default/oracle12.pcapng.out
+++ b/test/results/default/oracle12.pcapng.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1481291750025382}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1481291750025382}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750025382,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1481291750025382,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1481291750026998,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"}
@@ -8,7 +8,7 @@
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750027391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1481291750027391,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAoAf8AAEAGGjgKAEiLCgACDwXxnSIAeB4CfFQlz1AQ\/\/\/tiQAAAAAAAAAA"}
 00944{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1481291750055490}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1481291750055490}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500601 bytes
-~~ total memory freed........: 5500601 bytes
+~~ total memory allocated....: 5500625 bytes
+~~ total memory freed........: 5500625 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/os_detected.pcapng.out b/test/results/default/os_detected.pcapng.out
index 454be2744..a46aeb338 100644
--- a/test/results/default/os_detected.pcapng.out
+++ b/test/results/default/os_detected.pcapng.out
@@ -1,10 +1,10 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1611427514609727}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1611427514609727}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1611427514609727,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="}
 01578{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"9addef84847d700f759746b237c405c8","ja3s":"","ja4":"q13d0307h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1611427514609727}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1611427514609727}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508256 bytes
-~~ total memory freed........: 5508256 bytes
+~~ total memory allocated....: 5508280 bytes
+~~ total memory freed........: 5508280 bytes
 ~~ total allocations/frees...: 85884/85884
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 2231 chars
-~~ json message avg len.......: 1350 chars
+~~ json message avg len.......: 1349 chars
diff --git a/test/results/default/ospfv2_add_new_prefix.pcap.out b/test/results/default/ospfv2_add_new_prefix.pcap.out
index 1ae98dfd7..bdc073a58 100644
--- a/test/results/default/ospfv2_add_new_prefix.pcap.out
+++ b/test/results/default/ospfv2_add_new_prefix.pcap.out
@@ -1,11 +1,11 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1596626889276433}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1596626889276433}
 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1596626889276433,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="}
 00897{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1596626891781999,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"}
 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1596626891781999,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1596626891781999}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1596626891781999}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 574 chars
diff --git a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out
index 3e2b7971d..109ba418a 100644
--- a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -1,10 +1,10 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675096016031349}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675096016031349}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675096016031349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096016031349,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAQACAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096025685767,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAgABAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1675096025685767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HalfLife2","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1675103063534227}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1675103063534227}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103063534227,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103063534227,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675103071542564,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103071542564,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"}
@@ -15,7 +15,7 @@
 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103123821322,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103123821322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":576,"pkt_l4_len":556,"thread_ts_usec":1675103229245464,"pkt":"RQACQAABAABAEXqqfwAAAX8AAAEEXwRgAixmRlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY"}
 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103229245464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1675104043107099}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1675104043107099}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104043107099,"pkt":"RQAAMgABAABABt2ZwKgBgAyBzoIAAQRfAAAAAAAAAABQACAABe8AAEoAAApmAgrtLWY="}
 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -29,12 +29,12 @@
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104087883689,"pkt":"RQAAMgABAABABr8dwKgBgAyB7P4AAQRfAAAAAAAAAABQACAA53IAAEoAAApmAgrtLWY="}
 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1675107987924579}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1675107987924579}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675107987924579,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675107987924579,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108033027780,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDGhzoYAAAAAAAA"}
 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108033027780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1675168617695568}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1675168617695568}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":141,"pkt_l4_len":121,"thread_ts_usec":1675168617695568,"pkt":"RQAAjQABAABAEXxdfwAAAX8AAAFFfEV8AHnX9HEARHRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQUFN0cmVhbQAAAAAAAAAAAAAA"}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -44,7 +44,7 @@
 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1675181007355625}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1675181007355625}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181007355625,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":41,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":41,"pkt_l4_len":21,"thread_ts_usec":1675181007355625,"pkt":"RQAAKQABAABABrSgwKgBgAECAwQAAQAKAAAAAAAAAABQACAAyaoAAAA="}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":129,"pkt_l4_len":109,"thread_ts_usec":1675181007355625,"pkt":"RQAAgQABAABABrRIwKgBgAECAwQAAQAKAAAAAQAAAABQACAAUjUAABYDAQBUAQAAUAMBTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA0AQAABQAAAAAA"}
@@ -56,7 +56,7 @@
 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01334{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}}
-00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1675181373264924}
+00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1675181373264924}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 21/21
 ~~ skipped flows.............: 0
@@ -65,8 +65,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5522310 bytes
-~~ total memory freed........: 5522310 bytes
+~~ total memory allocated....: 5522478 bytes
+~~ total memory freed........: 5522478 bytes
 ~~ total allocations/frees...: 85988/85988
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 523 chars
diff --git a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out
index bc6383a69..ab45216ad 100644
--- a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -1,4 +1,4 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQA8ZEmCAAnnh3HCABFAAA8OlxAAEAGK6zAqAABCgoKASJTfbEpaMgpAAAAAKAC+vBgTwAAAgQFtAQCCAosLVpIAAAAAAEDAwc="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAsCdUAAEAGnEMKCgoBwKgAAX2xIlMCaioBKWjIKmAS\/\/8FYAAAAgQFtA=="}
@@ -7,7 +7,7 @@
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":330434854,"flow_dst_last_pkt_time":330435114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":330435114,"pkt":"CAAnnh3HUlQA8ZEmCABFAAAoCdYAAEAGnEYKCgoBwKgAAX2xIlMCaioCKWjIT1AQ\/\/8c+AAA"}
 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":330297046,"flow_src_last_pkt_time":330482740,"flow_dst_last_pkt_time":330571168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":330571168,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 02319{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":330297046,"flow_src_last_pkt_time":331331838,"flow_dst_last_pkt_time":331332084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6059,"flow_dst_tot_l4_payload_len":4420,"midstream":0,"thread_ts_usec":331332084,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":66768.7,"max":274397,"stddev":88285.8,"var":7794386432.0,"ent":3.8,"data": [136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29]},"pktlen": {"min":40,"avg":369.0,"max":1500,"stddev":516.4,"var":266637.3,"ent":3.8,"data": [60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40]},"bins": {"c_to_s": [5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0],"s_to_c": [11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1],"entropies": [4.593347073,4.569403648,4.267595291,4.557471752,4.561769485,3.980688334,4.511769295,7.562818527,7.355636597,4.442897320,4.561769485,4.850268364,4.354552269,3.829532146,4.398030758,7.720746994,7.806058884,4.287461758,7.654390335,4.561769485,7.519946575,7.677032471,4.611769676,6.499645710,4.460224152,4.611769676,3.810093641,4.611769676,7.548070431,7.340783596,4.611769676,4.561769485]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1258844926423672}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":28196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1258844926423672}
 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBjsiExABQqZoWVCABFAAA8fZdAAEAGHQesGuumrB5cPtlOAHfZ0lWUAAAAAKACFtBfGwAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -23,7 +23,7 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":34,"flow_first_seen":330297046,"flow_src_last_pkt_time":332418734,"flow_dst_last_pkt_time":332418496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":13343,"flow_dst_tot_l4_payload_len":14853,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":8787,"dst_port":32177,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1532126321356858}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":28471,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1532126321356858}
 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0KRatOjbl\/kz4CABFiACwAksAAEARGfwKk80qCi17hKnGymwAnLj3AQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -33,7 +33,7 @@
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1576629231599706}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":28895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1576629231599706}
 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231599706,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231599706,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+aeFThYp3nnAAAAALDC\/\/9fRwAAAgQFtAEDAwYBAQgKmyLsDAAAAAAEAgAA"}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231600017,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p59bstLWKd56KBScSDq+wAAAgQFtAQCCApyjFlXmyLsDAEDAwc="}
@@ -44,7 +44,7 @@
 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1707399362135630}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":28904,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1707399362135630}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399362135630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135630,"pkt":"AAAAAAAAAAAAAAAACABFAAA8NEVAAEAGCHV\/AAABfwAAAdZyBRN6JQ1eAAAAAKAC\/9f+MAAAAgT\/1wQCCAo7WdCZAAAAAAEDAwc="}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1707399362135630,"flow_dst_last_pkt_time":1707399362135650,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1707399362135650,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQUT1nLzM9CNeiUNX6AS\/8v+MAAAAgT\/1wQCCAo7WdCZO1nQmQEDAwc="}
@@ -62,7 +62,7 @@
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1707399382437584,"flow_dst_last_pkt_time":1707399382437612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1707399382437612,"pkt":"AAAAAAAAAAAAAAAACABFAAA0qa5AAEAGkxN\/AAABfwAAAQUT2PCtSDGjO\/XObYAQAf\/+KAAAAQEICjtaH+c7Wh\/n"}
 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399362135630,"flow_src_last_pkt_time":1707399371078005,"flow_dst_last_pkt_time":1707399371077977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54898,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TruPhone","proto_id":"101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1707399376146687,"flow_src_last_pkt_time":1707399396589067,"flow_dst_last_pkt_time":1707399396589053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707399396589067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":55536,"dst_port":1299,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TruPhone","proto_id":"101","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1707399396589067}
+00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":29142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1707399396589067}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 101/101
 ~~ skipped flows.............: 0
@@ -71,8 +71,8 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5530442 bytes
-~~ total memory freed........: 5530442 bytes
+~~ total memory allocated....: 5530578 bytes
+~~ total memory freed........: 5530578 bytes
 ~~ total allocations/frees...: 86045/86045
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out
index ab1f6be05..b4b248218 100644
--- a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out
+++ b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out
@@ -1,5 +1,5 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675169383880258}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675169383880258}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383880258,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383880258,"pkt":"pJGxF+92NObXAhsnCABFAAA8dkRAAEAGvUfAqBCtXbjYIuyCAFDeViVwAAAAAKAC+vAHXwAAAgQFtAQCCAqduWMmAAAAAAEDAwc="}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383978373,"pkt":"NObXAhsnpJGxF+92CABFAAA8PgMAADcGPolduNgiwKgQrQBQ7IKpQ+eb3lYlcaAS\/\/\/BQgAAAgQFrAQCCAoxuMtwnbljJgEDAwk="}
@@ -7,7 +7,7 @@
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1675169383978640,"pkt":"pJGxF+92NObXAhsnCABFAACGdkZAAEAGvPvAqBCtXbjYIuyCAFDeViVxqUPnnIAYAfYHqQAAAQEICp25Y4gxuMtwR0VUIC9tYXBsZXN0b3J5LyBIVFRQLzEuMQ0KSG9zdDogZXhhbXBsZS5jb20NClVzZXItQWdlbnQ6IEFzcElOZXQNCkFjY2VwdDogKi8qDQoNCg=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MapleStory","proto_id":"113","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MapleStory","proto_id":"113","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1675169383978640}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1675169383978640}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498121 bytes
-~~ total memory freed........: 5498121 bytes
+~~ total memory allocated....: 5498145 bytes
+~~ total memory freed........: 5498145 bytes
 ~~ total allocations/frees...: 85866/85866
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 566 chars
diff --git a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out
index 7bdb699a3..785eb1eed 100644
--- a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out
@@ -1,11 +1,11 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675108086330330}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675108086330330}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675108086330330,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675108086330330,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="}
 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108097027766,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDFhzsYAAAAAAAA"}
 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1675108097027766}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1675108097027766}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 522 chars
diff --git a/test/results/default/path_of_exile.pcapng.out b/test/results/default/path_of_exile.pcapng.out
index b06c24b56..d03e5ac68 100644
--- a/test/results/default/path_of_exile.pcapng.out
+++ b/test/results/default/path_of_exile.pcapng.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1709739200863006}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1709739200863006}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739200863006,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200863006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200863006,"pkt":"SKmKCiNt8C90rUP1CABFAAA8sslAAEAGL5rAqFjnxjJ4lo2mF+CghqOtAAAAAKACfXhYhwAAAgQFtAQCCArV2qNjAAAAAAEDAwc="}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1709739200863006,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1709739200996369,"pkt":"8C90rUP1SKmKCiNtCABFKAA8AABAACwG9jvGMniWwKhY5xfgjaY9oyG+oIajrqAS\/ogdjAAAAgQFoAQCCAq1gFu61dqjYwEDAwc="}
@@ -7,7 +7,7 @@
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1709739201000335,"pkt":"SKmKCiNt8C90rUP1CABFAABTsstAAEAGL4HAqFjnxjJ4lo2mF+CghqOuPaMhv4AYAPtYngAAAQEICtXao+21gFu6AAMAN3VgAAIACW5EUElfVGVzdOyP7PIAAAAAQAAAAQ=="}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739201000335,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1709739200863006,"flow_src_last_pkt_time":1709739201000335,"flow_dst_last_pkt_time":1709739200996369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1709739201000335,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"198.50.120.150","src_port":36262,"dst_port":6112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PathofExile","proto_id":"403","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1709739201000335}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/path_of_exile.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":31,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1709739201000335}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500137 bytes
-~~ total memory freed........: 5500137 bytes
+~~ total memory allocated....: 5500161 bytes
+~~ total memory freed........: 5500161 bytes
 ~~ total allocations/frees...: 85865/85865
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 553 chars
diff --git a/test/results/default/pfcp.pcapng.out b/test/results/default/pfcp.pcapng.out
index 3f1699645..d0561e7e1 100644
--- a/test/results/default/pfcp.pcapng.out
+++ b/test/results/default/pfcp.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710239851321696}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1710239851321696}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1710239851321696,"pkt":"RQAANAAAAABAEXy2fwAAAX8AAAIiZSJlACCbFyE3ABQAAAAA\/\/\/\/\/wAAAAAAaAAEAAAAEg=="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851321696,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851321696,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1710239851332721,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":80,"pkt_l4_len":60,"thread_ts_usec":1710239851332721,"pkt":"RQAAUAAAAABAEXyafwAAAX8AAAIiZSJlADwJcSE2ADAAAAAAAAAAAP\/\/\/wAAswABBwEGAAEBAKwAAQEAeQAJAQAAAAAAAAAAAGgABAAAAAA="}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1710239851337392,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":275,"pkt_l4_len":255,"thread_ts_usec":1710239851337392,"pkt":"RQABEwAAAABAEXvXfwAAAX8AAAIiZSJlAP9hniEFAPMAAAAAAAAACQAADACAEQBKDenWYF4aAAB82\/9\/aEJJqFebf\/8ZcoI29eD\/\/wB9AKbp3Br\/\/xiF82H5ov+cy+CWsUxgAAAAAP\/rb1ul\/\/\/\/\/1Y8kVW0yEgOsgAAmwAE7EAlfwBpAI0A2wABBACfAFM\/eWR2OGxjLXQzYTh2c3AtNnRnOS0zNzRoZXUtaHVrZnhwdTVuMDM3NWJ3N2MzcXQ3ZTk0bTlxdXloc2V4eXpwBm1uYzk5OQZtY2M5OTkEZ3BycwDQAAT\/\/\/\/\/AIoABAAAAAAA6wAEAAAAGgEJAAEBAG4AAQEA7QABA4AJAAZI+QAAACE="}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1710239851321696,"flow_src_last_pkt_time":1710239851360328,"flow_dst_last_pkt_time":1710239851321696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710239851360328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":8805,"dst_port":8805,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PFCP","proto_id":"405","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1710239851360328}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pfcp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1710239851360328}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498292 bytes
-~~ total memory freed........: 5498292 bytes
+~~ total memory allocated....: 5498316 bytes
+~~ total memory freed........: 5498316 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/pgm.pcap.out b/test/results/default/pgm.pcap.out
index d7df00a85..e667c81e7 100644
--- a/test/results/default/pgm.pcap.out
+++ b/test/results/default/pgm.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654564815455078}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654564815455078}
 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654564815455078,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="}
 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -9,7 +9,7 @@
 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654564816353345,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1344,"pkt_l4_len":1310,"thread_ts_usec":1654564816353345,"pkt":"AQBeAAEviFH7P19UCABFAAUyDpFAABRxGw0K9ECa6wABL9YlAHsEAKv+CvRAmtYlBR4AUenrAFHoKENTQQCABAAAbQAFAFBBUkFNAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBPQAAAAr0QJoAAAAAM38AAAAAAAABAAAAAQAAACoAAAAAAA4AAABBQ0NPVU5UX0xJTUlUUwAAAAAAEAAAAEFMR09SSVRITV9UUkFERVIAAAAAAAwAAABBTk5PVU5DRU1FTlQAAAAAAAUAAABCRVRBUwAAAAAADQAAAENUT19BTEdPUklUSE0AAAAAAAsAAABDVk9MX0VOR0lORQAAAAAABAAAAERBWVMAAAAAAAkAAABESVZJREVORFMAAAAAAAgAAABFWENIX01BUAAAAAAAEwAAAEVYRV9FWENIQU5HRV9TWU1CT0wAAAAAAAMAAABGRUUAAAAAAA0AAABGRlRfQUxHT1JJVEhNAAAAAAAIAAAARklUX1RFUk0AAAAAAAcAAABIT0xJREFZAAAAAAAKAAAASU1WX1JFR0lPTgAAAAAACAAAAElNVl9URVJNAAAAAAANAAAASU5TVF9FWENIX01BUAAAAAAACQAAAElOVkVOVE9SWQAAAAAAEgAAAElOVkVOVE9SWV9FWENIQU5HRQAAAAAABgAAAExJTUlUUwAAAAAADgAAAE1BS09fQUxHT1JJVEhNAAAAAAAPAAAATUFLT19QRVJNSVNTSU9OAAAAAAAOAAAATUFLT19QT1JURk9MSU8AAAAAAAsAAABNQUtPX1RSQURFUgAAAAAACwAAAE1BTlVBTF9SQVRFAAAAAAANAAAAT1BTX0FMR09SSVRITQAAAAAADQAAAE9QVF9BTEdPUklUSE0AAAAAAAwAAABPUkRFUl9MSU1JVFMAAAAAAA0AAABPU1RfQUxHT1JJVEhNAAAAAAAMAAAAT1NUX01PTUVOVFVNAAAAAAAJAAAAUE9SVEZPTElPAAAAAAATAAAAUE9SVEZPTElPX0FMR09SSVRITQAAAAAAEwAAAFBPUlRGT0xJT19JTlZFTlRPUlkAAAAAABAAAABQT1JURk9MSU9fTElNSVRTAAAAAAATAAAAUE9TX0VYQ0hBTkdFX1NZTUJPTAAAAAAADAAAAFBPU19FWENIX01BUAAAAAAABwAAAFBST0RVQ1QAAAAAAA8AAABSQVRFX0FESlVTVE1FTlQAAAAAAAoAAABSSVNLX0pQTV8xAAAAAAAOAAAAUklTS19WT0xfTU9WRVMAAAAAAAUAAABST0xMUwAAAAAABgAAAFNZTUJPTAAAAAAADQAAAFNZTUJPTF9MSU1JVFMAAAAAAAgAAABUSUNLX01BUAAAAAAACQAAAFRJQ0tfU0laRQAAAAAACgAAAFVOREVSTFlJTkcAAAAAAAsAAABWT0xfRklUVElORwAAAAAACQAAAFZPTF9NT1ZFUwAAAAAACAAAAFZPTF9QQVRIAAAAAAAPAAAAVk9MX1BBVEhfUkVHSU9OAAAAAAAKAAAAVk9MX1JFR0lPTgAAAAAACgAAAFZPTF9TWU1CT0wAAAAAAAgAAABWT0xfVEVSTQAAAAAABwAAAFZUX0lORk8AAAAAAAsAAABWVF9JTkZPX01BUAAAAAAABgAAAFZUX01BUAAAAAAADQAAAFhHVF9BTEdPUklUSE0AAAAAAA0AAABYSEZfQUxHT1JJVEhNAAAAAAANAAAAWElCX0FMR09SSVRITQAAAAAAEAAAAERFRkxFQ1RPUl9TWU1CT0wA"}
 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564817394846,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5416,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564817394846,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":62573.2,"max":840685,"stddev":155726.8,"var":24250839040.0,"ent":2.9,"data": [840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009]},"pktlen": {"min":56,"avg":189.2,"max":1330,"stddev":214.8,"var":46132.5,"ent":4.5,"data": [56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113]},"bins": {"c_to_s": [0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032]},"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1000,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564894361003,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564894361003,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654564894361003}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654564894361003}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1000/1000
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5526945 bytes
-~~ total memory freed........: 5526945 bytes
+~~ total memory allocated....: 5526969 bytes
+~~ total memory freed........: 5526969 bytes
 ~~ total allocations/frees...: 86859/86859
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/pgsql.pcap.out b/test/results/default/pgsql.pcap.out
index 464aff064..ad20f0d61 100644
--- a/test/results/default/pgsql.pcap.out
+++ b/test/results/default/pgsql.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1103453983214636}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1103453983214636}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1103453983214636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214636,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214658,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="}
@@ -14,7 +14,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1103453983217769,"pkt":"AAAAAAAAAAAAAAAACABFAAA07zdAAEAGTYp\/AAABfwAAARU4s2vJSeIdyQGw44AQf\/\/J7gAAAQEIChNCDSwTQg0s"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983217592,"flow_dst_last_pkt_time":1103453983217889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1576629230565518}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1576629230565518}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230565518,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230565518,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+acFThi3YI3AAAAALDC\/\/9QBQAAAgQFtAEDAwYBAQgKmyLoygAAAAAEAgAA"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230566452,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45py6PR0kYt2COKBScSBRGwAAAgQFtAQCCApyjFVOmyLoygEDAwc="}
@@ -49,7 +49,7 @@
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1576629230719290,"flow_src_last_pkt_time":1576629230724239,"flow_dst_last_pkt_time":1576629230724197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59037,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231620123,"flow_dst_last_pkt_time":1576629231620055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231631971,"flow_dst_last_pkt_time":1576629231631919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1576629231631971}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1576629231631971}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 88/88
 ~~ skipped flows.............: 0
@@ -58,8 +58,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523673 bytes
-~~ total memory freed........: 5523673 bytes
+~~ total memory allocated....: 5523777 bytes
+~~ total memory freed........: 5523777 bytes
 ~~ total allocations/frees...: 86009/86009
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/pia.pcap.out b/test/results/default/pia.pcap.out
index 065e140cf..0de689767 100644
--- a/test/results/default/pia.pcap.out
+++ b/test/results/default/pia.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613755355148465}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613755355148465}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613755355148465,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355148465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355148465,"pkt":"poPnuslkAAwplE+vCABFAAA8OxxAAEAGKcTAqFgDj\/QtPN4WAbtUJgkIAAAAAKAC+vChoAAAAgQFtAQCCAoFrZLlAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613755355148465,"flow_dst_last_pkt_time":1613755355163584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1613755355163584,"pkt":"AAwplE+vpoPnuslkCABFKAA8AAAAADUGAACP9C08wKhYAwG73hb59a4GVCYJCaAS\/oigRAAAAgQFtAQCCArgC3WqBa2S5QEDAwc="}
@@ -10,7 +10,7 @@
 01466{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1613755355184350,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"ee798410f39b7911fa5306cf3f3e6adc","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_6c96259584c4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 01948{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355164695,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355184360,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"newjersey402","ja3":"ee798410f39b7911fa5306cf3f3e6adc","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","ja4":"t13d571000_131602cb7446_6c96259584c4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","subjectDN":"C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newjersey402, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:93:3C:30:66:5E:3D:9D:AF:2D:89:56:75:07:DF:06:BB:D2:61:3F"}}}
 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1613755355148465,"flow_src_last_pkt_time":1613755355185778,"flow_dst_last_pkt_time":1613755355184360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":2622,"midstream":0,"thread_ts_usec":1613755355185778,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"143.244.45.60","src_port":56854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.PrivateInternetAccess","proto_id":"91.384","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1613755355185778}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/pia.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":3232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1613755355185778}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505251 bytes
-~~ total memory freed........: 5505251 bytes
+~~ total memory allocated....: 5505275 bytes
+~~ total memory freed........: 5505275 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/pim.pcap.out b/test/results/default/pim.pcap.out
index d70d1a5d4..94d200d62 100644
--- a/test/results/default/pim.pcap.out
+++ b/test/results/default/pim.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655247781655191}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655247781655191}
 00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247781655191,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="}
 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -8,7 +8,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655247784655491,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247784655491,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKwAAAFns0DAqMvq4AAADSMAbUgBAMCoy+kAAgDSAQAAIOY+AP8AAQAAAQAHIAql5gIBAAAg5jwgBAABAAABAAcgCqXmAg=="}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655247785655415,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247785655415,"pkt":"AQBeAAANUC+oqN+8CABFwABKmK0AAAFnsz\/AqMvq4AAADSMAbUsBAMCoy+kAAgDSAQAAIOY+AP4AAQAAAQAHIAql5gIBAAAg5jwgAgABAAABAAcgCqXmAg=="}
 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247790665297,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247790665297,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655247790665297}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655247790665297}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498235 bytes
-~~ total memory freed........: 5498235 bytes
+~~ total memory allocated....: 5498259 bytes
+~~ total memory freed........: 5498259 bytes
 ~~ total allocations/frees...: 85869/85869
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 565 chars
+~~ json message min len.......: 563 chars
 ~~ json message max len.......: 936 chars
-~~ json message avg len.......: 743 chars
+~~ json message avg len.......: 742 chars
diff --git a/test/results/default/pinterest.pcap.out b/test/results/default/pinterest.pcap.out
index 86c592d01..0a1cd1b13 100644
--- a/test/results/default/pinterest.pcap.out
+++ b/test/results/default/pinterest.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605289710318889}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605289710318889}
 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289710318889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710318889,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710576735,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="}
@@ -294,7 +294,7 @@
 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":911,"packets-processed":911,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":297,"global_ts_usec":1605289733529878}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":911,"packets-processed":911,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":297,"global_ts_usec":1605289733529878}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 911/911
 ~~ skipped flows.............: 0
@@ -303,10 +303,10 @@
 ~~ total active/idle flows...: 37/37
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6675481 bytes
-~~ total memory freed........: 6675481 bytes
+~~ total memory allocated....: 6676081 bytes
+~~ total memory freed........: 6676081 bytes
 ~~ total allocations/frees...: 88411/88411
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 3572 chars
-~~ json message avg len.......: 2071 chars
+~~ json message avg len.......: 2070 chars
diff --git a/test/results/default/pluralsight.pcap.out b/test/results/default/pluralsight.pcap.out
index a73737af8..f0390d111 100644
--- a/test/results/default/pluralsight.pcap.out
+++ b/test/results/default/pluralsight.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="}
@@ -56,7 +56,7 @@
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 44/44
 ~~ skipped flows.............: 0
@@ -65,8 +65,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5568455 bytes
-~~ total memory freed........: 5568455 bytes
+~~ total memory allocated....: 5568559 bytes
+~~ total memory freed........: 5568559 bytes
 ~~ total allocations/frees...: 86015/86015
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 553 chars
diff --git a/test/results/default/pop3.pcap.out b/test/results/default/pop3.pcap.out
index 477787b92..b029ff0fc 100644
--- a/test/results/default/pop3.pcap.out
+++ b/test/results/default/pop3.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1349776771892023}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1349776771892023}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1349776771892023,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776771892023,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776772030343,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="}
@@ -7,7 +7,7 @@
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1349776772168746,"pkt":"AMCfw1sHABffs8QACABFAABX02RAADUGrLlK0AUcj+HltQBuidcdXnV8YJLCuIAYAAzvdAAAAQEIClOkphgAYD5GK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaWdteHVzMDA1DQo="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1349776772168788,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772168788,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/w1AAEAGdiOP4eW1StAFHInXAG5gksK4HV51n4AQAFzFqQAAAQEICgBgPtFTpKYY"}
 01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776780730528,"flow_dst_last_pkt_time":1349776777636137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1349776780730528,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo","auth_failed":0}}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1377201663814560}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1377201663814560}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201663814560,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663814560,"pkt":"TBfrZBZJyPczS4I3CABFAAA0TaRAAIAGB+rAqAAE1OMPpmagAG635okIAAAAAIACIAAB4wAAAgQFtAEDAwIBAQQC"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663880379,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqD\/+KO8t+aJCYASFtBnRQAAAgQFtAEBBAIBAwMJ"}
@@ -50,7 +50,7 @@
 01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698460579,"flow_dst_last_pkt_time":1377201698507279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201701042241,"flow_dst_last_pkt_time":1377201701091336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":297,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":30,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784963062,"flow_dst_last_pkt_time":1377201785011707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":19651,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":144,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1377201785011707}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":144,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1377201785011707}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 144/144
 ~~ skipped flows.............: 0
@@ -59,8 +59,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525368 bytes
-~~ total memory freed........: 5525368 bytes
+~~ total memory allocated....: 5525472 bytes
+~~ total memory freed........: 5525472 bytes
 ~~ total allocations/frees...: 86067/86067
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/pop3_stls.pcap.out b/test/results/default/pop3_stls.pcap.out
index 6ec951699..af6f1e0a2 100644
--- a/test/results/default/pop3_stls.pcap.out
+++ b/test/results/default/pop3_stls.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1346096808946579}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1346096808946579}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1346096808946579,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096808946579,"pkt":"ABqMFgo4nI6ZO0MBCABFAAA0SZ1AAIAGaj\/AqBQSSPkpNMWXAG5IB2JyAAAAAIACIACXrwAAAgQFtAEDAwIBAQQC"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096809014772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096809014772,"pkt":"nI6ZO0MBABqMFgo4CABFAAA0AABAADEGAt1I+Sk0wKgUEgBuxZf63xAkSAdic4ASFtCVygAAAgQFtAEBBAIBAwMC"}
@@ -12,7 +12,7 @@
 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":11,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096810421794,"flow_dst_last_pkt_time":1346096810490233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":4965,"midstream":0,"thread_ts_usec":1346096810490233,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 02426{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":262973.8,"max":2072094,"stddev":524859.6,"var":275477528576.0,"ent":3.3,"data": [68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810]},"pktlen": {"min":40,"avg":234.5,"max":1500,"stddev":417.0,"var":173868.9,"ent":3.7,"data": [52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89]},"bins": {"c_to_s": [9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":30,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096814309972,"flow_dst_last_pkt_time":1346096814377321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":805,"flow_dst_tot_l4_payload_len":7462,"midstream":0,"thread_ts_usec":1346096814377321,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":53,"packets-processed":53,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1346096814377321}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":53,"packets-processed":53,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1346096814377321}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 53/53
 ~~ skipped flows.............: 0
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517775 bytes
-~~ total memory freed........: 5517775 bytes
+~~ total memory allocated....: 5517799 bytes
+~~ total memory freed........: 5517799 bytes
 ~~ total allocations/frees...: 85924/85924
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/pops.pcapng.out b/test/results/default/pops.pcapng.out
index fda4b2919..f989b250f 100644
--- a/test/results/default/pops.pcapng.out
+++ b/test/results/default/pops.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938117011128}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938117011128}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938117011128,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117011128,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117270908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117270908,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"}
@@ -9,7 +9,7 @@
 01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1614938117559599,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1614938117559643,"pkt":"AAAAAAAAAAgACwgJCABFAAUUApJAADMGa54KCgoBwKgAAQPj1yVpzHcJfESPnVAQAO37bQAAAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1Kj57XgAABAMASDBGAiEA8j5baLiEIkTcbcZDABP4GJpWXp+06QQVFV630SxUILYCIQCDK32qxQgusvwfZLztsKe1sExloQAz78NZOf78r+fvzwB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdSo+fKAAAAQDAEcwRQIgJT0AYFVnglOCOaGN7l1SKLjGXhuzMTCXCBmGdX42LTgCIQCfWe+ZBNqoJSwcEADrGXYZNr0\/9Heh713uW+5hOa2VGjANBgkqhkiG9w0BAQsFAAOCAQEA0Qmjspa\/kI1EQ6yfcRTHLjt5vvDewoH2UzJ4cLdAPXM27Cp\/11UUUl4HrRDZAbA+HQVP3cQkEYalNzb2lLXsdilDG+U+DmO0IzpUJcOT72BFiqdI6lVVf7rbadDzITyfZHiawnHnynoXooWk\/wt3aFZ11wac1zGjK6L31+lmwno6esiT6G52J791KjLuT5SCkGrQn3wFeTFN1+aNUXkem1ekPkX4J4CuT2rAymo4g\/OzzwLTw5ozywc4vhY1q2TyVP94XMQ2Hx3zHwcBaV3Ou5GA+S1JJi2ljvslmQ6cbEleC3BDXcKzCFtPo6YVHBLnIYNCZN\/X6IskUXfhP5tGZwAFBDCCBQAwggPooAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIHGMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMqaHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYDVQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZBmS+z5RnGpIIO+6Wy\/SslIaYF1Tm0k9ssXE\/iwcVmEemsrhaQ0tRbly8zpQXAspC7W+jJ94ajelBCsMcHA2Gr\/WSerdtb8C3RruKeuP8RU9LQxRN2TVoykTF6bicskg5viV3232BIfyYVt9NGA8VCbh67UCxAF+ye6KG0X6Q7WTbk5VQb\/CiQFfi\/GHXJs1IspjFd92tnrZhrTT6fff1LEMMWlyQ4CxVO\/dzhoBiTDZsg3fjAeRXEjNf+Q2Cqdjeewkk08fyoKk9zNFkZl92CEi3ZLkSdzFJLg6u6PFuqNDj52F799iYCAREPnLeBDCXXaNuit24k69V0SjiMEgwIDAQABo4IBLDCCASgwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8E"}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":2520,"midstream":0,"thread_ts_usec":1614938117559643,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1614938117559643}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1614938117559643}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504645 bytes
-~~ total memory freed........: 5504645 bytes
+~~ total memory allocated....: 5504669 bytes
+~~ total memory freed........: 5504669 bytes
 ~~ total allocations/frees...: 85869/85869
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/portable_executable.pcap.out b/test/results/default/portable_executable.pcap.out
new file mode 100644
index 000000000..64315e0b3
--- /dev/null
+++ b/test/results/default/portable_executable.pcap.out
@@ -0,0 +1,34 @@
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598333619339961}
+00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333619339961,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619339961,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619339961,"pkt":"QM4kHluGABxCsmFuCABFAAA0Y\/NAAIAG2sysEGPJQONrRwbEEVy3KsGDAAAAAIAC+vAnTQAAAgQFtAEDAwgBAQQC"}
+00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598333619339961,"flow_dst_last_pkt_time":1598333619669445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333619669445,"pkt":"ABxCsmFuQM4kHluGCABFAAA0AABAADAGjsBA42tHrBBjyRFcBsRoGQadtyrBhIASchBCMwAAAgQE6AEBBAIBAwMH"}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598333619669726,"flow_dst_last_pkt_time":1598333619669445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1598333619669726,"pkt":"QM4kHluGABxCsmFuCABFAAAoY\/RAAIAG2tesEGPJQONrRwbEEVy3KsGEaBkGnlAQBAHwSAAAAABAEX26"}
+00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598333619669726,"flow_dst_last_pkt_time":1598333620067844,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1598333620067844,"pkt":"ABxCsmFuQM4kHluGCABFAAAsekVAADAGFINA42tHrBBjyRFcBsRoGQaetyrBhFAYAOWtqAAAQ7ACAA=="}
+02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598333619669726,"flow_dst_last_pkt_time":1598333620067868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"thread_ts_usec":1598333620067868,"pkt":"ABxCsmFuQM4kHluGCABFAAUQekZAADAGD55A42tHrBBjyRFcBsRoGQaityrBhFAQAOUlbwAATVroAAAAAFtSRVWJ5YHD1kIAAP\/TgcMjaQIAiTtTagRQ\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAC7RahV\/yTGBv8kxgb\/JMYGuXUnBtskxga5dRkG6CTGBrl1JgZ8JMYG\/yTHBj0kxgb2XFUG7iTGBvZcRQb+JMYG8nYZBv4kxgbydiYG4yTGBvJ2Ggb+JMYG8nYYBv4kxgZSaWNo\/yTGBgAAAAAAAAAAAAAAAAAAAABQRQAATAEEADau9l4AAAAAAAAAAOAAAiELAQwAAPYBAADqAAAAAAAAFTkBAAAQAAAAEAIAAAAAEAAQAAAAAgAABQAAAAAAAAAEAAAAAAAAAAAQAwAABAAAcyQDAAIAAAEAABAAABAAAAAAEAAAEAAAAAAAABAAAADwVwIAVQAAAEhYAgC0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPACAFAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBTAgBAAAAAAAAAAAAAAAAAEAIA9AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAATPUBAAAQAAAA9gEAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAKpYAAAAEAIAAFoAAAD6AQAAAAAAAAAAAAAAAABAAABALmRhdGEAAABkdwAAAHACAABAAAAAVAIAAAAAAAAAAAAAAAAAQAAAwC5yZWxvYwAAUBcAAADwAgAAGAAAAJQCAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7FaLdQhXM\/85PnQXi8ZQ6DwAAABHacekAAAAWQPGgzgAdetfXl3DVYvsVot1CFcz\/zk+dBeLxlDoaQAAAEdpx6QAAABZA8aDOAB1619eXcNVi+xWV7+kAAAAV+h15gAAi\/BZhfZ1BWoIWOs2V\/91CFbo+OYAAKGgrgIQg8QMhcB0C4mwoAAAAKGgrgIQg6agAAAAAImGnAAAADPAiTWgrgIQX15dw1WL7FNWizWgrgIQu5AEAABXM\/\/rGotFCP82\/zDo9+wAAFlZhcB0Dov+i7acAAAAhfZ14uswi4acAAAAhf90CIk="}
+00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333690845829,"flow_dst_last_pkt_time":1598333690845829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333690845829,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1598333690845829,"flow_dst_last_pkt_time":1598333690845829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1598333690845829,"pkt":"ABxCyWFDQM4kHluGCABFAAA0AABAADAGj39A42tHrBBjCgA1wfTp\/DSwRxCtioBSchBsxgAAAgQE6AEBBAIBAwMH"}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1598333690845829,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1598333690846093,"pkt":"QM4kHluGABxCyWFDCABFAAAoT9dAAIAG77OsEGMKQONrR8H0ADVHEK2K6fw0sVAQAQQeGQAAid26AQAA"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1598333691208416,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1598333691208416,"pkt":"ABxCyWFDQM4kHluGCABFAgAs9u9AADAGmJVA42tHrBBjCgA1wfTp\/DSxRxCtilAYAOXYewAAQ7ACAA=="}
+02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1598333691210768,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"thread_ts_usec":1598333691210768,"pkt":"ABxCyWFDQM4kHluGCABFAgUQ9vBAADAGk7BA42tHrBBjCgA1wfTp\/DS1RxCtilAQAOVQQgAATVroAAAAAFtSRVWJ5YHD1kIAAP\/TgcMjaQIAiTtTagRQ\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAC7RahV\/yTGBv8kxgb\/JMYGuXUnBtskxga5dRkG6CTGBrl1JgZ8JMYG\/yTHBj0kxgb2XFUG7iTGBvZcRQb+JMYG8nYZBv4kxgbydiYG4yTGBvJ2Ggb+JMYG8nYYBv4kxgZSaWNo\/yTGBgAAAAAAAAAAAAAAAAAAAABQRQAATAEEADau9l4AAAAAAAAAAOAAAiELAQwAAPYBAADqAAAAAAAAFTkBAAAQAAAAEAIAAAAAEAAQAAAAAgAABQAAAAAAAAAEAAAAAAAAAAAQAwAABAAAcyQDAAIAAAEAABAAABAAAAAAEAAAEAAAAAAAABAAAADwVwIAVQAAAEhYAgC0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPACAFAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBTAgBAAAAAAAAAAAAAAAAAEAIA9AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAATPUBAAAQAAAA9gEAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAKpYAAAAEAIAAFoAAAD6AQAAAAAAAAAAAAAAAABAAABALmRhdGEAAABkdwAAAHACAABAAAAAVAIAAAAAAAAAAAAAAAAAQAAAwC5yZWxvYwAAUBcAAADwAgAAGAAAAJQCAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWL7FaLdQhXM\/85PnQXi8ZQ6DwAAABHacekAAAAWQPGgzgAdetfXl3DVYvsVot1CFcz\/zk+dBeLxlDoaQAAAEdpx6QAAABZA8aDOAB1619eXcNVi+xWV7+kAAAAV+h15gAAi\/BZhfZ1BWoIWOs2V\/91CFbo+OYAAKGgrgIQg8QMhcB0C4mwoAAAAKGgrgIQg6agAAAAAImGnAAAADPAiTWgrgIQX15dw1WL7FNWizWgrgIQu5AEAABXM\/\/rGotFCP82\/zDo9+wAAFlZhcB0Dov+i7acAAAAhfZ14uswi4acAAAAhf90CIk="}
+02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1598333691210789,"flow_dst_last_pkt_time":1598333690846093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"thread_ts_usec":1598333691210789,"pkt":"ABxCyWFDQM4kHluGCABFAgUQ9vFAADAGk69A42tHrBBjCgA1wfTp\/DmdRxCtilAQAOWiWwAAh5wAAADrBaOgrgIQi4acAAAAhcB0Bom4oAAAAFboleUAAFkz219ei8NbXcPrGmoA\/zWkrgIQ6LM5AABZWYXAdAdQ6BOOAABZ\/zWkrgIQ6HI5AABZhcB11sNVi+yD7BBXi30MjUXwUGgBAAEAV8dF\/AEAAADoASoAAIPEDIXAD4WyAAAAU1aLdfhW6FYDAABWi9jolgMAAIvwWVmF23U1hfZ1QlfobiUAAFk5Xyx0EmoyaAQAAgBQ6E4nAACDxAzrc1D\/dQhqMujnKwAAV+j4JQAA611XU+hpAAAAWVmFwHVChfZ0DVdW6FgAAABZWYXAdTGDfywAdStqCOjw5AAAUFf\/dQiJGGgREwAQiXAE6E6MAACDxBSFwHQaUOjqjAAAWesRV\/91CFZT6I0BAACJRfyDxBBeW4tF\/F+L5V3DM8DDM8DDVYvs\/3UM6PIoAAAz0lmLTQgrwnQUSHQIg+gJdAxIdQU5UVR1CTPAXcM5UQh08jPAQF3DVYvsg+wUVlf\/dQzouigAAFkzyYv5g\/gBdA2D+At0CItFCIPABOsGi0UIg8BQiUX8i\/GNReyJTfhQUVHrXoX\/dWmLRfyLQEiFwHQTJf\/\/\/w878HUK98YAAAAQdE4z9o1F7FD\/dQzocSgAAFlZPQAAAQB1GY1F7FDoLSgAAFmFwHQLi0X8aldfO3BIch6LRfiNTexRRkBqAIlF+FD\/dQzooygAAIPEEIXAdJOLx19ei+Vdw1WL7FaLdQiF9nUFagZY631Ti14Qhdt1BGoG6wyLRhSJRQiFwHUFag1Y62FXi34Yhf91BGoN6xmhpK4CEIXAdRPo0TYAAKOkrgIQhcB1BWoGWOs4VlDoAjgAAP91CFP\/dwT\/N+gqAAAAVv81pK4CEOjxNwAAg8QghcB0B1bozosAAFlX6AbjAABZM8BfW15dwgQAaihoYFQCEOih6gAAx0XkAQAAAItFCIlF1ItFDIlF2INl\/AAz24t1FIld4IP7Ag+DkwAAAIt8ndSF\/w+EgQAAAItFEItIIDlIHHQHUf8VSBACEFZX6GP+\/\/9ZWYXAdWJW6CEnAABZiUXci8iD6QB0G0l0CIPpCXQTSXVGi0dUhcB1EFb\/dRD\/V1DrMYtHCIXAdCONTQhRVv91EP\/Qg8QMhcB0C4N95AB0BTPAQOsCM8CJReTrDFb\/dRD\/VwRZiUUIWUPpYf\/\/\/41FyFBoAgABAFbo6SYAAIPEDItNCIXAD0RN0ItF3IP4AXQFg\/gLdRGFyXQNUVb\/dRDoxSoAAIPEDINN\/P\/rDjPAQMOLZeiDTfz\/i3UUg34sAHUHVujvIgAAWYtF5Oi\/6QAAw1WL7FYz9lc5NRBwAhB0Kb8QcAIQi8f\/dQj\/MOjT6AAAWVmFwHQYRmnGpAAAAI2AEHACEIM4AHXeM8BfXl3DacakAAAAA8fr8lWL7FaLNaCuAhDrFv91CP826JXoAABZWYXAdA+LtpwAAACF9nXmM8BeXcOLxuv5VYvsahBqAehx6gAAWVmLTQyJAYXAdQVqDlhdw4tFCMcAEAAAADPAXcNVi+yB7DAEAACDZfwAU1aLdQxXaK8BAQBWx0XsCAAAAOhbJgAAaLIBAgBWi9jolyYAAIv4aLEBAgBWiX3o6IcmAABotwECAFaJRfDoeSYAAGi4AQIAVolF+OhrJgAAg8Qoi8g="}
+01007{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":11,"flow_first_seen":1598333619339961,"flow_src_last_pkt_time":1598333620073445,"flow_dst_last_pkt_time":1598333620073297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1256,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":11308,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"172.16.99.201","dst_ip":"64.227.107.71","src_port":1732,"dst_port":4444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01295{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1598333690845829,"flow_src_last_pkt_time":1598333691211618,"flow_dst_last_pkt_time":1598333691211662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11308,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598333691211662,"l3_proto":"ip4","src_ip":"64.227.107.71","dst_ip":"172.16.99.10","src_port":53,"dst_port":49652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/portable_executable.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":22616,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1598333691211662}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 30/30
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 22616 bytes
+~~ total detected protocols..: 0
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 5505248 bytes
+~~ total memory freed........: 5505248 bytes
+~~ total allocations/frees...: 85906/85906
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 549 chars
+~~ json message max len.......: 2264 chars
+~~ json message avg len.......: 1405 chars
diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out
index e3f2685e6..e79ea255f 100644
--- a/test/results/default/pps.pcap.out
+++ b/test/results/default/pps.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1065,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136432546,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01954{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"thread_ts_usec":1467353136432546,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1467353136432852,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="}
@@ -237,7 +237,7 @@
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353152692906,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
-01405{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}}
+01533{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}}
 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1467353155693528,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353155693528,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353155790340,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_usec":1467353155790340,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
@@ -287,7 +287,7 @@
 01030{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_usec":1467353159731502,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="}
 01554{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353157509654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353159731502,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}}
 01046{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_usec":1467353159746513,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="}
-01589{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353159746513,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":200,"content_type":"application\/octet-stream","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}}
+01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353159746513,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"223.26.106.66","http": {"url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":200,"content_type":"application\/octet-stream","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353160157492,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353160157492,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1467353160157492,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353160157492,"flow_src_last_pkt_time":1467353160157492,"flow_dst_last_pkt_time":1467353160157492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353160157492,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
@@ -407,7 +407,7 @@
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189325739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353189325739,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189325739,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353189325739,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}}
 01210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1467353189328640,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":512,"midstream":1,"thread_ts_usec":1467353189328640,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":200,"content_type":"application\/octet-stream","user_agent":"Downloader"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189325739,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":512,"midstream":1,"thread_ts_usec":1467353189328640,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":200,"content_type":"application\/octet-stream","user_agent":"Downloader"}}}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189328640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1467353189360764,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353189363217,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1467353189363217,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
@@ -428,7 +428,7 @@
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190040967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1467353190040967,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="}
 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190040967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190040967,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}}
 01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_usec":1467353190044867,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="}
-01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353190044867,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":200,"content_type":"application\/octet-stream","user_agent":"DownloadHelper_runxx"}}}
+01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":798,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353190044867,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":200,"content_type":"application\/octet-stream","user_agent":"DownloadHelper_runxx"}}}
 01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1467353190062486,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1467353190062486,"pkt":"AQBef\/\/6cBiLE+IdCABFAAILI6kAAAER3nDAqAUm7\/\/\/+gdsB2wB92DxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190110976,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353190110976,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
@@ -443,7 +443,7 @@
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353190634365,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190634365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190634365,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}}
 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_usec":1467353190638521,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353190638521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":200,"content_type":"application\/octet-stream","user_agent":"QYAgent_runxx"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353190638521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":200,"content_type":"application\/octet-stream","user_agent":"QYAgent_runxx"}}}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190892847,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1467353190892847,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190892847,"flow_src_last_pkt_time":1467353190892847,"flow_dst_last_pkt_time":1467353190892847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":109,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353190892847,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"iplocation.geo.qiyi.com","http": {"url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}}
@@ -454,12 +454,12 @@
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191500926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353191500926,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191500926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191500926,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}}
 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"thread_ts_usec":1467353191505501,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353191505501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masflag_runxx"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":812,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353191505501,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masflag_runxx"}}}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191521215,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1467353191521215,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191521215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191521215,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}}
 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_usec":1467353191524481,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191524481,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masauto_runxx"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":814,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191521215,"flow_dst_last_pkt_time":1467353191524481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191524481,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masauto_runxx"}}}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191538427,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1467353191538427,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"}
 01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191538427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191538427,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}}
@@ -472,7 +472,7 @@
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1467353191606497,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191538427,"flow_src_last_pkt_time":1467353191538427,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":210,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353191606497,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"msg.video.qiyi.com","http": {"url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":200,"content_type":"image\/gif","user_agent":"QIYiAngent"}}}
 01160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_usec":1467353191608484,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191608484,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masblog_runxx"}}}
+01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353191608484,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"static.qiyi.com","http": {"url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":200,"content_type":"application\/octet-stream","user_agent":"masblog_runxx"}}}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1467353191688041,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191688041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353191688041,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"api.cupid.iqiyi.com","http": {"url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}}
@@ -553,16 +553,16 @@
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1467353201861524,"flow_dst_last_pkt_time":1467353189820488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353201861524,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlEAAAER9S\/AqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_usec":1467353202192448,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="}
-01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
+01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192448,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192448,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192450,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"}
-01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
+01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":893,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202192450,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":154,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1414,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353202192450,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"","http": {}}}
 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1467353202192451,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1467353202192451,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202192448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1467353202370500,"pkt":"ABxCjnAxTF4M6gNlCABFKABnuC1AADIG5X1N6ikjwKhzCABQwBY\/zzDvxn1A6VAYAAK2BwAAGHlgf4CvXzDNyxhLrqYUmmf6SBgwHBuCF2rQFuhe9Y1hgbwLb15JZ+tTfmuYp\/S8QVNXU2lnMkINCjANCg0K"}
 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":5,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1467353202428117,"pkt":"TF4M6gNlABxCjnAxCABFAAFWNPFAAIAGGfPAqHMITeopI8AWAFDGfUDpP88xLlAYAfC3\/AAAR0VUIC9SL0EzZ0tJRGxqWTJJM09Ea3lNMk5pTVRSbE1UQmlOelJtWkdRM09URTRPRGRoTkRabEVnUUNNQVlXR0tBRUlnSF9LZ2NJQkJEbXpObERLZ2NJQXhDcm5fdEJNZ29JQkJEbXpObERHSUFLT00yUmhGaENJQ3NCNTkzdkt4UTZjVnpBZ0NMX2I5WFdsc0ZRVng3NTRaZ0NIdjFYYVZwMVNJQ0NtQWc9IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClByYWdtYTogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkhvc3Q6IHN1LmZmLmF2YXN0LmNvbQ0KDQo="}
-01402{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}}
+01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":897,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}}
 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
+01346{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -583,10 +583,10 @@
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353167734702,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":798,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1467353156641491,"flow_src_last_pkt_time":1467353156641491,"flow_dst_last_pkt_time":1467353156700500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":257,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":1927,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":26,"flow_first_seen":1467353157138270,"flow_src_last_pkt_time":1467353157138270,"flow_dst_last_pkt_time":1467353157157502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":372,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":372,"flow_dst_tot_l4_payload_len":32468,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189364461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":4292,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353157509654,"flow_src_last_pkt_time":1467353159731502,"flow_dst_last_pkt_time":1467353159746513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":403,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":389,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1467353189325739,"flow_src_last_pkt_time":1467353189360764,"flow_dst_last_pkt_time":1467353189364461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":4292,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190040967,"flow_src_last_pkt_time":1467353190040967,"flow_dst_last_pkt_time":1467353190044867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1009,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":1009,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353190634365,"flow_src_last_pkt_time":1467353190634365,"flow_dst_last_pkt_time":1467353190638521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837423,"flow_src_last_pkt_time":1467353136837504,"flow_dst_last_pkt_time":1467353136837423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136837423,"flow_src_last_pkt_time":1467353136837504,"flow_dst_last_pkt_time":1467353136837423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1467353138757317,"flow_src_last_pkt_time":1467353138757540,"flow_dst_last_pkt_time":1467353138794624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":252,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -596,9 +596,9 @@
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353166729597,"flow_src_last_pkt_time":1467353166729597,"flow_dst_last_pkt_time":1467353166729597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136439974,"flow_src_last_pkt_time":1467353136440581,"flow_dst_last_pkt_time":1467353136439974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136439974,"flow_src_last_pkt_time":1467353136440581,"flow_dst_last_pkt_time":1467353136439974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191603072,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":1896,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191500926,"flow_src_last_pkt_time":1467353191500926,"flow_dst_last_pkt_time":1467353191505501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":439,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1467353191521215,"flow_src_last_pkt_time":1467353191603072,"flow_dst_last_pkt_time":1467353191606497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":476,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":1896,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191604276,"flow_src_last_pkt_time":1467353191604276,"flow_dst_last_pkt_time":1467353191608484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":472,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":9,"flow_first_seen":1467353196856069,"flow_src_last_pkt_time":1467353196856069,"flow_dst_last_pkt_time":1467353196947855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":11340,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1467353198532645,"flow_src_last_pkt_time":1467353198532645,"flow_dst_last_pkt_time":1467353198595507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":5040,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353200271229,"flow_src_last_pkt_time":1467353200271229,"flow_dst_last_pkt_time":1467353200271229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":249,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -613,7 +613,7 @@
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353191688041,"flow_src_last_pkt_time":1467353191688041,"flow_dst_last_pkt_time":1467353191722567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":550,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":237,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":237,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","proto_id":"7.54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":10,"flow_first_seen":1467353136439640,"flow_src_last_pkt_time":1467353136982557,"flow_dst_last_pkt_time":1467353136977509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1083,"flow_src_tot_l4_payload_len":1110,"flow_dst_tot_l4_payload_len":9622,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":10,"flow_first_seen":1467353136439640,"flow_src_last_pkt_time":1467353136982557,"flow_dst_last_pkt_time":1467353136977509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1083,"flow_src_tot_l4_payload_len":1110,"flow_dst_tot_l4_payload_len":9622,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00876{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00994{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":30,"flow_dst_packets_processed":71,"flow_first_seen":1467353136433806,"flow_src_last_pkt_time":1467353136979491,"flow_dst_last_pkt_time":1467353136982279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":31950,"flow_dst_tot_l4_payload_len":2627,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01074{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136616772,"flow_src_last_pkt_time":1467353136617070,"flow_dst_last_pkt_time":1467353136616772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136616772,"flow_src_last_pkt_time":1467353136617070,"flow_dst_last_pkt_time":1467353136616772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -636,7 +636,7 @@
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1467353185940061,"flow_src_last_pkt_time":1467353185940061,"flow_dst_last_pkt_time":1467353186002895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":145,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":145,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353189363217,"flow_src_last_pkt_time":1467353189363217,"flow_dst_last_pkt_time":1467353189363217,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":892,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":892,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
 01192{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353190110976,"flow_src_last_pkt_time":1467353190110976,"flow_dst_last_pkt_time":1467353190110976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
+01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834770,"flow_src_last_pkt_time":1467353136835528,"flow_dst_last_pkt_time":1467353136834770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00876{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":34,"flow_dst_packets_processed":11,"flow_first_seen":1467353136440165,"flow_src_last_pkt_time":1467353136952179,"flow_dst_last_pkt_time":1467353136908132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":1258,"flow_dst_tot_l4_payload_len":11715,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -690,7 +690,7 @@
 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834031,"flow_src_last_pkt_time":1467353136834570,"flow_dst_last_pkt_time":1467353136834031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1467353197131515,"flow_src_last_pkt_time":1467353203157237,"flow_dst_last_pkt_time":1467353197131515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":26,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136475656,"flow_dst_last_pkt_time":1467353136476197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":12780,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00869{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1467353136439813,"flow_src_last_pkt_time":1467353136440580,"flow_dst_last_pkt_time":1467353136660483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1067,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":3197,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1467353136439813,"flow_src_last_pkt_time":1467353136440580,"flow_dst_last_pkt_time":1467353136660483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":1067,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":3197,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -698,7 +698,7 @@
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":899,"packets-processed":899,"total-skipped-flows":0,"total-l4-payload-len":355599,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":49,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1467353203157237}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":899,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":899,"packets-processed":899,"total-skipped-flows":0,"total-l4-payload-len":355599,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":49,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1467353203157237}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 899/899
 ~~ skipped flows.............: 0
@@ -707,9 +707,9 @@
 ~~ total active/idle flows...: 107/107
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5822730 bytes
-~~ total memory freed........: 5822730 bytes
-~~ total allocations/frees...: 89847/89847
+~~ total memory allocated....: 5824503 bytes
+~~ total memory freed........: 5824503 bytes
+~~ total allocations/frees...: 89849/89849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
 ~~ json message max len.......: 2373 chars
diff --git a/test/results/default/pptp.pcap.out b/test/results/default/pptp.pcap.out
index 5db009481..f3160ce37 100644
--- a/test/results/default/pptp.pcap.out
+++ b/test/results/default/pptp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1451895531141577}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1451895531141577}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531141577,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531141577,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531183155,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="}
@@ -8,7 +8,7 @@
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531183451,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531235075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1451895531235075,"pkt":"0N+aZRdHAhoR+E9+CABFUAA0Q8NAAPwGUou\/ZT0BwKgrFga7oZZ1tjA5flC3IYAQEDJHpQAAAQEICgu3qyIAB\/ws"}
 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895536574011,"flow_dst_last_pkt_time":1451895536573938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1451895536574011,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1451895536574011}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1451895536574011}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500717 bytes
-~~ total memory freed........: 5500717 bytes
+~~ total memory allocated....: 5500741 bytes
+~~ total memory freed........: 5500741 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/profinet-io-le.pcap.out b/test/results/default/profinet-io-le.pcap.out
index acd2084b7..4f3781c84 100644
--- a/test/results/default/profinet-io-le.pcap.out
+++ b/test/results/default/profinet-io-le.pcap.out
@@ -1,11 +1,11 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1287088627587076}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1287088627587076}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1287088627587076,"pkt":"AAmRRCAXAJAnTuP8CABFAADAsogAAIARcnoKCgCWCgoAgQYeiJQArGiVBAAIABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0AAAAAAQAAAAAAAAAFAP\/\/\/\/9UAAAAAABAgAAAQAAAAECAAAAAAAAAQAAAAAAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627587076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1287088627587076,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":310,"pkt_l4_len":276,"thread_ts_usec":1287088627589136,"pkt":"AJAnTuP8AAmRRCAXCABFAAEoAAwAAEARZI8KCgCBCgoAloiUBh4BFETGBAIoABAAAAAAAKDel2zREYJxAAEAAwFaAQCg3pds0RGCcQCgJELffduruuwdAFRDslALAWMKuv0BAAAAAQAAAAAAAAAFAP\/\/\/\/+8AAAAAAAAAAAAqAAAAECAAAAAAAAAqAAAAIAJADwBAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAD4QAAAAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAsAQAAAQAAAAAAAgAAAAAAAQACAAEAAAABAAP\/\/wEKAAH\/\/4FAAAEAAf\/\/gUAAMQAYAQAAAQAAAAAAAQAB\/\/+BQAABAAH\/\/4FAADIAGAEAAAEAAAAAAAEAAAAAAAEAAQABAAAAAQ=="}
 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1287088627587076,"flow_src_last_pkt_time":1287088627587076,"flow_dst_last_pkt_time":1287088627589136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":268,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":268,"midstream":0,"thread_ts_usec":1287088627589136,"l3_proto":"ip4","src_ip":"10.10.0.150","dst_ip":"10.10.0.129","src_port":1566,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"DCERPC.PROFINET_IO","proto_id":"370.371","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1287088627589136}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/profinet-io-le.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":432,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1287088627589136}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 576 chars
+~~ json message min len.......: 574 chars
 ~~ json message max len.......: 1133 chars
-~~ json message avg len.......: 835 chars
+~~ json message avg len.......: 834 chars
diff --git a/test/results/default/protobuf.pcap.out b/test/results/default/protobuf.pcap.out
index f8d6c2e6a..d557919ce 100644
--- a/test/results/default/protobuf.pcap.out
+++ b/test/results/default/protobuf.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1698073727888861}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1698073727888861}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888861,"pkt":"AAAAAAAAAAAAAAAACABFAAA03e5AAJAGDtN\/AAABfwAAAcyoMDkdqwhsAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888873,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJAG7MF\/AAABfwAAATA5zKjehuu5HasIbYAS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -7,7 +7,7 @@
 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1698073727888912,"pkt":"AAAAAAAAAAAAAAAACABFAABs3fBAAJAGDpl\/AAABfwAAAcyoMDkdqwht3obrulAYAgD+YAAAEgNibGEiCQgBEgV0ZXN0MSIJCAISBXRlc3QyIgkIAxIFdGVzdDMt8yOnRDHnHafoiOSUQDikA0IIQUFBQUJCQkJYAwo="}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698073727888919,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6hdAAJAGArZ\/AAABfwAAATA5zKjehuu6HasIsVAQAgD+HAAA"}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1698080984189366}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1698080984189366}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189366,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189366,"pkt":"AAAAAAAAAAAAAAAACABFAAA0LOBAAIIGzeF\/AAABfwAAAcngMDmHrWfCAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189379,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIIG+sF\/AAABfwAAATA5yeDA+8keh61nw4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -16,7 +16,7 @@
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1698080984189428,"flow_dst_last_pkt_time":1698080984189436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698080984189436,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6alAAIIGESR\/AAABfwAAATA5yeDA+8kfh61n1VAQAgD+HAAA"}
 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073797890442,"flow_dst_last_pkt_time":1698073797890423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081014189987,"flow_dst_last_pkt_time":1698081004189871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081014189987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1698081882092605}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1698081882092605}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092605,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092605,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/YtAAMEGvjV\/AAABfwAAAZtqMDmCwWFGAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092621,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAMEGu8F\/AAABfwAAATA5m2rz+Zn5gsFhR4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -25,7 +25,7 @@
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698081882092697,"pkt":"AAAAAAAAAAAAAAAACABFAAAo\/YRAAMEGvkh\/AAABfwAAATA5m2rz+Zn6gsFjbVAQAfz+HAAA"}
 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081034190396,"flow_dst_last_pkt_time":1698081034190368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1698083246943488}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1698083246943488}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943488,"pkt":"AAAAAAAAAAAAAAAACABFAAA04rBAAJwG\/hB\/AAABfwAAAaV2MDmpa4jnAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943511,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJwG4MF\/AAABfwAAATA5pXZXI6mhqWuI6IAS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -34,7 +34,7 @@
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943596,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698083246943613,"pkt":"AAAAAAAAAAAAAAAACABFAAAoxGZAAJwGHGd\/AAABfwAAATA5pXZXI6miqWuJK1AQAgD+HAAA"}
 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081892093087,"flow_dst_last_pkt_time":1698081892093022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943712,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1698349716647378}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1698349716647378}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349716647378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647378,"pkt":"AAAAAAAAAAAAAAAACABFAAA0QzZAAKkGkIt\/AAABfwAAAeaWMDkAqb1mAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647390,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAKkG08F\/AAABfwAAATA55pYXbk5qAKm9Z4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -44,7 +44,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698349716647442,"pkt":"AAAAAAAAAAAAAAAACABFAAAoZpdAAKkGbTZ\/AAABfwAAATA55pYXbk5rAKm9xlAQAf\/+HAAA"}
 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943712,"flow_dst_last_pkt_time":1698083246943682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349719647622,"flow_dst_last_pkt_time":1698349719647600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1698349719647622}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1698349719647622}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -53,8 +53,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518641 bytes
-~~ total memory freed........: 5518641 bytes
+~~ total memory allocated....: 5518729 bytes
+~~ total memory freed........: 5518729 bytes
 ~~ total allocations/frees...: 85969/85969
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/protonvpn.pcap.out b/test/results/default/protonvpn.pcap.out
index 0b76a66f0..ee56420f6 100644
--- a/test/results/default/protonvpn.pcap.out
+++ b/test/results/default/protonvpn.pcap.out
@@ -1,4 +1,4 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00742{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="}
@@ -15,14 +15,14 @@
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="}
 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01152{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"45": {"risk":"Anonymous Subscriber","severity":"Medium","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 41/41
 ~~ skipped flows.............: 0
@@ -31,8 +31,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5520149 bytes
-~~ total memory freed........: 5520149 bytes
+~~ total memory allocated....: 5520205 bytes
+~~ total memory freed........: 5520205 bytes
 ~~ total allocations/frees...: 85939/85939
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 510 chars
diff --git a/test/results/default/psiphon3.pcap.out b/test/results/default/psiphon3.pcap.out
index 315354af1..7fda81e55 100644
--- a/test/results/default/psiphon3.pcap.out
+++ b/test/results/default/psiphon3.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613865079123029}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613865079123029}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079123029,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079123029,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079129032,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"}
@@ -11,7 +11,7 @@
 01786{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1508h2_073e58a039a6_e70312a1ce2c","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}}}
 02386{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6801.9,"max":46102,"stddev":10684.6,"var":114161304.0,"ent":3.6,"data": [6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0]},"pktlen": {"min":40,"avg":277.5,"max":1500,"stddev":421.9,"var":177964.3,"ent":3.8,"data": [60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048]},"bins": {"c_to_s": [10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0],"entropies": [4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079845431,"flow_dst_last_pkt_time":1613865079841273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3700,"flow_dst_tot_l4_payload_len":5574,"midstream":0,"thread_ts_usec":1613865079845431,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":62,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1613865079845431}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":62,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1613865079845431}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 62/62
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506491 bytes
-~~ total memory freed........: 5506491 bytes
+~~ total memory allocated....: 5506515 bytes
+~~ total memory freed........: 5506515 bytes
 ~~ total allocations/frees...: 85933/85933
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 514 chars
diff --git a/test/results/default/ptpv2.pcap.out b/test/results/default/ptpv2.pcap.out
index 38497ea82..c77ce9bb8 100644
--- a/test/results/default/ptpv2.pcap.out
+++ b/test/results/default/ptpv2.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1316198630678965}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1316198630678965}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":118,"pkt_l4_len":64,"thread_ts_usec":1316198630678965,"pkt":"ALCuAfkhACCUAAANht1gMAAAAEAR\/\/6AAAAAAAAAAAAAIJQAAA3+gAAAAAAAAAKwrv\/+AfkhAUABQABAaE4MAgA2AAAEAAAAAAAAAAAAAAAAAAAglP\/+AAANAAEAAQX\/\/\/\/\/\/\/\/\/\/\/\/\/\/wAEAAawAAAAASwAAA=="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630678965,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198630678965,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -20,7 +20,7 @@
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1316198631064912,"flow_src_last_pkt_time":1316198631064912,"flow_dst_last_pkt_time":1316198631064912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::2b0:aeff:fe01:f921","dst_ip":"fe80::20:9400:d","src_port":319,"dst_port":319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1316198630878946,"flow_src_last_pkt_time":1316198630986113,"flow_dst_last_pkt_time":1316198630878946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:e","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1316198630678965,"flow_src_last_pkt_time":1316198630939923,"flow_dst_last_pkt_time":1316198630678965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":408,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1316198631064912,"l3_proto":"ip6","src_ip":"fe80::20:9400:d","dst_ip":"fe80::2b0:aeff:fe01:f921","src_port":320,"dst_port":320,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PTPv2","proto_id":"358","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1316198631064912}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ptpv2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1316198631064912}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -29,10 +29,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502723 bytes
-~~ total memory freed........: 5502723 bytes
+~~ total memory allocated....: 5502779 bytes
+~~ total memory freed........: 5502779 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 981 chars
-~~ json message avg len.......: 772 chars
+~~ json message avg len.......: 771 chars
diff --git a/test/results/default/punycode-idn.pcap.out b/test/results/default/punycode-idn.pcap.out
index 69c9b4693..a8b950324 100644
--- a/test/results/default/punycode-idn.pcap.out
+++ b/test/results/default/punycode-idn.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643874953669881}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643874953669881}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1643874953669881,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"i.scdn.co","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -21,7 +21,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953689789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953695008,"flow_src_last_pkt_time":1643874953695008,"flow_dst_last_pkt_time":1643874953696562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1643874961730191,"flow_src_last_pkt_time":1643874962305077,"flow_dst_last_pkt_time":1643874962304897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":711,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643874962305077}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643874962305077}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 16/16
 ~~ skipped flows.............: 0
@@ -30,8 +30,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502910 bytes
-~~ total memory freed........: 5502910 bytes
+~~ total memory allocated....: 5502966 bytes
+~~ total memory freed........: 5502966 bytes
 ~~ total allocations/frees...: 85905/85905
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/quic-23.pcap.out b/test/results/default/quic-23.pcap.out
index d0b115478..8d4639b72 100644
--- a/test/results/default/quic-23.pcap.out
+++ b/test/results/default/quic-23.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568282515655367}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568282515655367}
 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02277{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515655367,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="}
 01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","quic": {"quic_version":"Draft-23","tls": {"version":"TLSv1.3","ja3":"d9e7bdb15af8e499820ca74a68affd78","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_23ed935430f2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568282515693812,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":159,"pkt_l4_len":105,"thread_ts_usec":1568282515693812,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AGkRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwBp0e\/G\/wAAFwhFc8YEuuNHtAjcZWkdxzWqcwBAF6fDAMMAJhGASeFDmt2B3PV5oRmlcgvC6v8AABcIRXPGBLrjR7QI3GVpHcc1qnNAF9ROAvn0lqrzo1vnuX+cMCbpFjsj7q4P"}
 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568282515696184,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":422,"pkt_l4_len":368,"thread_ts_usec":1568282515696184,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AXARQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwFw4G3t\/wAAFwhFc8YEuuNHtAjcZWkdxzWqc0BPvLjwGAX6prrgTX3a3E9nV\/neLy6f6D1aL4AW7ZFFhtBTGIbvF48hHGdbgiiU81tgt+vmodZ2RG8bv++nz9H+TrtSRG\/V1bZo0rRqEJ6uLXtFc8YEuuNHtHe3YJ2mYY5Kj7VLPlyFWTxVj3D4ynrgMtP+ES8J5hYlasmgbcBjiaeIIGSM78XD0ZetULbmnYcr+261YjWGmgCHllE6ESDqENGKO9\/x6EPOzep5GXe6WsLwnro5QyXOgBT4DvhCB3s2Y5VMa71Sq8ea4xzabidQXJjSHOOoKBNwBetck2ZXZdBc22naoNcPPENdt+s1XW\/6i6FmYBAofaF5GgIdqv6jzc3ryObFofA1sVmUhrut2xxxw\/HgFM3t2fgK4\/Jlix6BDZV98FXGVnpQWoXGUnU7Jf1K1riT2lPHPc9slQktbx5sUNLfGBqV\/vYSeh7Nq1c="}
 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515734274,"flow_dst_last_pkt_time":1568282515762416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1993,"flow_dst_tot_l4_payload_len":3958,"midstream":0,"thread_ts_usec":1568282515762416,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568282515762416}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568282515762416}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508735 bytes
-~~ total memory freed........: 5508735 bytes
+~~ total memory allocated....: 5508759 bytes
+~~ total memory freed........: 5508759 bytes
 ~~ total allocations/frees...: 85901/85901
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2282 chars
-~~ json message avg len.......: 1421 chars
+~~ json message avg len.......: 1420 chars
diff --git a/test/results/default/quic-24.pcap.out b/test/results/default/quic-24.pcap.out
index 81a9b4d6c..bcd9d666a 100644
--- a/test/results/default/quic-24.pcap.out
+++ b/test/results/default/quic-24.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574209133040250}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574209133040250}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133040250,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="}
 01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"quic_version":"Draft-24","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1574209133046090,"pkt":"zivom94WClnTQ78JCABFAACaQSRAAEAR5RoKCQACCgkAAQG7odwAhhSswv8AABgR9cNSVpuO+PfYTEePbwr8vNYS4JjP5xnPhXULMwsGez9pmn\/bAEBR7JWFbqBk4i5AJ7l7qSlE+tX2yrubmhFzRlx21yBiPVDLnRsXzX9MvNztVp29bxmR1P08S3NdkCTmJvy4iWq\/7WRG5bc9bbtXoIExxVobW\/gF"}
 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574209133047397,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133047397,"pkt":"ClnTQ78Jzivom94WCABFAAUA041AAEARTksKCQABCgkAAqHcAbsE7BkSzf8AABgS4JjP5xnPhXULMwsGez9pmn\/bEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURsHHBv+mMkgMKbL1L8HaaigAV7t4eD5XPruskWTZTpFm1h9Cm3DzPxeQvTSEwHtDrEOpz6YFy82UDJYYLzV8itjsSuAl3BN2XPA7e06ZEWotlL9Br9TZWw4p83NDVQGkChBgIL6f1nIN2ojZvrHvpzk0MfCiu\/boqXdpIsBERYdwXRPlbEhxdUMcMYA7eh8N4TKuC9HmChlfkHaTI9GkWRyMAMzxtZMhCl3LoimMkhWCfqmVgDVhtz4Dif9R3RkIY9hzuUCMKU7oaOOUiDfZuxIU3WloNXp8o12YBXza0fzRQpYGqa7piZ7PVUXOGcUM\/cFuqscmeLVQOsoy4i4CGC+MSSW43OpT+j2aHawId4E4DeDRugsomOlKszLuMP4ykA2XzxEcbZMu330eInLeApkaX+snpful9w18f09BHmkH10HjWW+o+8oFuEG0J2hwlJ3TmZuH+IBwCzohntVbymn7aQKhoP0MV8t5fXtaD3vzu3igqOoz64Q+7\/Sx9TpI8jZHMY5bI6Kx+leY4ybxXsUaY9q0gvlZcgyTiYn8SSRvRZMXNcQW2xksYLy8WttjxWgRkmFmsQrwrmI+8rN1prhvjqtq9svG38UVICHD+O9YB6LgA6f2DnN5DLokrYt0c0SwvSqZm2zBXMqoCDF3Mvxf5duIyZR8amJWjBMoLkZN+I+jb+DRrnFUITzuCvlxJQBLZbBvmXcpD7KXKyeyqlEx5yPFydiu3Ptcszr+5KTMkbP82kPXV\/bjI4L9oBErJhJCans3wo72EkAcuKLd6CCThJXE7Eh\/LDUjZHt\/8eNb7S3jzPF8xwguDIHq5S3aAjhS3QICFDHNn54BjdvvO5iW7zqJCZLSz3CwZ1+MRXms7+nxM12o9227S7LvP9CKQt3pRuzfLorLdpjg9GKs8caLZS\/zPBPaxxYsAkVs\/TxyqkBKa+anVJ99dxXNbDJQmTbQiadhbUe5CTXS5up1QYApDHCBfC0uOVL5lGIcrbl3PMnI1Dz2NdmW84pfg6c+eP0VFTKo0ia+JMYIRzTujqTSk0FE2waqFp3fDr8Hyu8mFx9hmtHgkYMyRj0Bt4LlwBJ79sxjVaEgTqHIx9xF9TjPLkAQXWiLTUTtZO41N3FxjyHC7iUvDol\/CotNpvZxVVNzqh35++58kx3dGzWg7RNObbhbgYckZgts8lfGtJHdaWCmm68Pkjb25Blv1HmPokRC5N98vgYvduuuS7fDGGlvtjz\/JIS10RWkuAlJb\/TeU30L5OeUDpr4zmcBbCs18tprlmixC6jVnlsoejFSyGESEQ56JY+Y6YELlJh011Icv+\/BxJXul2kP65qokwiQy6MoaIpxYelTFp5PRef54cjqcJi3DU8ahYYjMd+pFAh\/vGQ66+sQubQDPeRB01N5+3eG5Zyh2ZkNxzZLSsfMGkHSVTT3SqZ+mT2IOgPbQy8Y2nObPD5adavrO8MXO+JeqH6a5Ct3KlMPOBt4e134vezowr\/x2Ai2BFLL0Buw=="}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209163081103,"flow_dst_last_pkt_time":1574209133073692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4378,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1574209163081103,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574209163081103}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574209163081103}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508516 bytes
-~~ total memory freed........: 5508516 bytes
+~~ total memory allocated....: 5508540 bytes
+~~ total memory freed........: 5508540 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2215 chars
-~~ json message avg len.......: 1388 chars
+~~ json message avg len.......: 1387 chars
diff --git a/test/results/default/quic-27.pcap.out b/test/results/default/quic-27.pcap.out
index 981d56113..e9743392b 100644
--- a/test/results/default/quic-27.pcap.out
+++ b/test/results/default/quic-27.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388075915836}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388075915836}
 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075915836,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"}
 01347{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","quic_version":"Draft-27","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028071,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6ViHv\/wAAGwAIe6d1Co879VZFIRhTciPGRElj\/q2UJV8WLuy+v+X6eYq5nfLS\/1g27PmgUSjybm5KzQzU1ILEhmniPOAZEvqheEyUNT3LDVYKkiUNtyVizLS+ix05UKwF9ULcCkrPIH2L1yPWwyFY4cNmCg5gqYtxA3Cd8FBtd7huXtciiCUG3GeekKTzDtj3mZ+8a9Kr7COQN+1+KOPGR1jsFDY8WBXFdrZD5ySECX4kUsUr19bjb\/U5cZvpbI9cdcp5bwfzrC2mH6vd4a7R7sGpYQC\/LmTmcUYGX34JRALcKFzBObhoO2vaDi7novDaIcCjAgVKgIi2QDsp0UHLCVfN6EaAaXbvuQGWGiPLw9zau68I+RrJ6y0kJVxIbdnl\/EUZWmki\/uzG7tgnHXtuPP4eyAbjSMJ0hjsteGZnRo8ugg1QBkP3BhHBIDcYpS7Rg5p+Q87bHy7pRrvmcYBKovHJI1C9UPa2SFGuec7pa\/6HIeRhWWTMUnz\/ZwqGW8sEZEBwfq8qOUwgi\/B\/AddMPb0L8G7SIQ6+A8kHT0aXnCw79xDImZQvGx+xV4Q8IQAkfmLfJgljliS\/pFSe7vKQTDUfFC487WlTMSbh8p4v14NGz4\/+IbJnlPne+z3aiBWY4W5BT+eNpvI1FrAsB6dTWYb1WMRGu+babBDC7DyDPqG37z1zhaan\/jgx4fju6203mIVVCgDDa4YMwuMWuzKcp++h85i7nfzPqf7Wk8JcZqDZQ7\/7XjA0cDDeckdiS7HK2HclGO5lmUAmfBv6xhN3kqSBMN6IqsmjPmE60BN1fOygdU+Te\/f2Zs3Hxj7prJm6c8So+FZaiXzdcjyeQIKQ7Qv7uvRxvkajwom8lMmtPepS8E1yN2bhced3EHv6plGn43Vp+3XSbgOKY9S2AogFV857hcfhi+38yUYhyudlbkP279FCQJSOQonnRS8vvcxIp1D3jJKLwM7lBzaN71oIr+jZYmimJVYS+TZyf2NTpdZEOqUdfyfjGsgBeO+zxCodqOAYfcQN6t\/ocUaCgoHwIrFh0DNA8BNDZ3BGwDpWjDGxjT2MDsyXTPzdJOrwupelUXdrY5ldlO0BOU4mi86dMKwmn3N98YIh7Xk16l5iWGVTV4G7BiDgSJjCmtvL4gIyWDqlNk4rKdN30XBAMceNyzUL3I+J9QvbqKGfekV6XugZlAoULV4ad+umJRK2vmBuKK0I6o4wTokYu28rX8sUaoMhaobdOad13wg48RmxbjTjdVBAPfX1KeyZee+F+tEvJH5c76CbSftxDPZQcvK0IFFWHU3fXRowm7y0cXr5ihgo+viz0RYExACCOzUg7yyTUEr1K5pmd+JJe\/u6dmlpru9YEnDkl0FaQ69KgHJy4lAr1a6N7vOW5UVyYYpXufTEaXlc\/8T1+66MUdctqR87rt+GkJYJBgPUPk4vo26994MdlTljOZGjiPv2mj5\/nUWzoMXcG2WfI4Qc6qCD4Pv1VD6RdmOwoJjV\/su+wg4zNBn5R6iJ+ATQnf2WSumgGNmoSRr4mJgiWWxiEWYUww8aIC7q0BmFcfSOGzsQu+p4VSWP6YjS77bvflLoX3O75q7WJVNOS+lJu43OyzHz5fgIDeXGokHeXy9NpCGJdtgA3NQbjooA3dcAcQ4tGZv6kkVjgPSkmu0AJzjNvJuEpULFm5FZxpfYNwEra0h8ooobuNRKlg4azk0ZN39GAv2Rb82ENGYGAK8P6\/LrlPwKtRzuXRWUzO0rErD\/GlE5wROht4c6ajGM"}
 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028126,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6Cu\/h\/wAAGwAIe6d1Co879VZFISUoS3c1LeI1f3kGlK6\/QNOr\/NABLaBx5LTjTiMM9smnvfjoOua+FQJnE+ZH3t9qb\/LL3ilj\/FL3JWoQ5AsutZ2v0Ov5AHIE\/ZIUWiM\/b1\/Psqe7HjCEfGa\/Pn04VrjRCrsUglRK8pqyMk+t9GQppn+F+FNln3t\/Ds1nPF8o5QqtUE\/q8LSytE5W4tmuafAvGb28tHvlqcR\/91RGVeuyv4ZdYWnJdOAVFbjKuvIKEBKANwTaD3AkFWVEqaZvu2l7N+bGHJMJgiqgp+9b0cttal7FMoGFs6adg3LTgTWujkwfJekftt71zIfnuU+0PrD0d1qsB9TfSCuwGwbbbDRgYG8XVwL8zxmRLn9Auhuso8795903Gpq9LAC7cKoiShGW3C0jUGDF2xTE5Ylh6zMUGg6TDya5bEvipHZ153rW7TWJT4vkCkw69eqhsXJvjw4jYdOmvyvgSYObUpBV9iMJbMO+hRaTJxltiDxz92XCBsPx8yqbUs2tFBONzhIyzkw6xcC\/ZeQUgpLso2N\/diUisa0e7nV+xuLNdIjwkxLf7DoY9I1jzeq6G50DsNvHoUCKgd3CqYNQEn6n3zvfWs0l1E+3sjvio+tlZOFbR5\/DYOBTvbtb5ssrxMIMX8I3hPzw9rkivT0lYBRX+etHZhXt8hIL1OE+80IRt8mWNHPnEXuvPuDJByNp6x\/JtjAfFDInDCqMZK5djoXSTtUp6qQpvlMtB5m7uyaaysgNqyHnSwGOB1dQccM7cak0t+MN\/+IlDtPj\/wmwqBImSV0mDKjXywQ7bsYfqHPAw4CcwzLo9zcIEtNjvcoF\/TZi238\/qiq1vOsMzk+82E4taf5+VHAoT267xBTLDM+smuKoEbkSDtxc4QmjrDMSSWkWQOyC8j+c8nyi51Tgg9IM+iQxLRMFa1CGft8h+1xKuJc\/FoiSqN62L+IA1P\/LA6XLD1NcjJXY8IFwooUg5\/l4urKJmXSLnA14ps26fW5korJedu9wd8F7Xmfcc1UPazcpuQfJHQG7YeUVyqtcnf\/M50G948rp3i8MlfdgRmcCkEymW6bJzm9H1yUPHWWVg8HOVbIhOYXhjPZBSQAlSaAvFYwI0hnoFbYkJj+9n2WEPggdOcoa14iw5SpNWfyjQ7xR+ONzyW6OQ6pGo\/5atAj5QVcoQwnpzOt5tX8qNfNp+ZLgOF6ctVOufCLbzzxeGWcDSRiSqOuzJgCM2yRC6LvUvJkH91CInawmzFG3KkPQdB+K5Jeq9ffHYQN97+fJAdP1OG16UX\/SX3t9htwnBd5Z2+nh6hjwV4n1SIuOG3Hkxljd3DTBhpYrha5Q6nDeBc80QdbhiBU+OOsYLrGr5FFnb7THO1Vnn24CyVDvtg15ACcXDu5+GlJ8RYCR2Wabyq5m4hTyIb0TZAJQQbQFrD4b0mSxbusJpuXWArhNyDl\/EBNhAQww3zF3I9SOtZCwpTDRceQbTQOAJV7CfIzUtg8zRWTrK7m31aSg+RyqaQizvPHdNQMSy\/YFccGhfumDWmke3xEkgTdSt8YZMA\/WkC3aY4yD7Wur7Pzm6lg+b3UbI0ywVjTd\/xHuOKwpoNWGHWnV5hMMRvNQhiEaJSz6nqjVsSK7kruepr8Ko0ZQkHqE88t8AwjTdaguGXi2F0WBsYS18MpGKpw47jOcMsAq0ON0Xc5cprtI18jJDmrM5xRj17Fxa6cgxyolfwWbwqSt2+gabY+qJoNGuHEvOX+LyDBXyyTtHBoULbRF"}
 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388084312705,"flow_dst_last_pkt_time":1592388084373772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":5523,"flow_dst_tot_l4_payload_len":6124,"midstream":0,"thread_ts_usec":1592388084373772,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388084373772}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388084373772}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508897 bytes
-~~ total memory freed........: 5508897 bytes
+~~ total memory allocated....: 5508921 bytes
+~~ total memory freed........: 5508921 bytes
 ~~ total allocations/frees...: 85902/85902
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2355 chars
-~~ json message avg len.......: 1458 chars
+~~ json message avg len.......: 1457 chars
diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out
index 569f90d5d..8bb937545 100644
--- a/test/results/default/quic-28.pcap.out
+++ b/test/results/default/quic-28.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591267474847575}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591267474847575}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474847575,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"}
 01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}}
@@ -9,7 +9,7 @@
 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474876194,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1591267474876194,"pkt":"bmImQfCg7jdRvai\/CABFAAC98ZBAADkR0YpoGgvwCgkAAgG76soAqc9DwP8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAQG\/1pyxQuqr\/rtpFC2WVmtFOhv9JrpeHuopL7hMPE9fxl6sTSmvxfRAUwl+0yU2EdY5OnjwmP8hll9t175YCQMzKJKMegfWSiSk2V1nk0gFVDaY\/3+57WXWRq1p2wGvEOZh04iEYFueX23hrwDr59zo="}
 02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474935131,"flow_dst_last_pkt_time":1591267474949617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":4297,"flow_dst_tot_l4_payload_len":5362,"midstream":0,"thread_ts_usec":1591267474949617,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6116.1,"max":20960,"stddev":7174.9,"var":51478880.0,"ent":3.9,"data": [13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076]},"pktlen": {"min":71,"avg":329.8,"max":1228,"stddev":425.6,"var":181138.2,"ent":4.0,"data": [1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72]},"bins": {"c_to_s": [0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1],"entropies": [7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":219,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267477602863,"flow_dst_last_pkt_time":1591267477602221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5428,"flow_dst_tot_l4_payload_len":230739,"midstream":0,"thread_ts_usec":1591267477602863,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591267477602863}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591267477602863}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 253/253
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5515319 bytes
-~~ total memory freed........: 5515319 bytes
+~~ total memory allocated....: 5515343 bytes
+~~ total memory freed........: 5515343 bytes
 ~~ total allocations/frees...: 86134/86134
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2144 chars
-~~ json message avg len.......: 1354 chars
+~~ json message avg len.......: 1353 chars
diff --git a/test/results/default/quic-29.pcap.out b/test/results/default/quic-29.pcap.out
index 1f996054c..07e4e0407 100644
--- a/test/results/default/quic-29.pcap.out
+++ b/test/results/default/quic-29.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592171671664832}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592171671664832}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671664832,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="}
 01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","ja4":"q13d0512h3_d55e91d5c3b2_cd318bf3b157","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1592171671669893,"pkt":"7jdRvai\/bmImQfCgCABFAACamvxAAEARi0IKCQACCgkAAQG7juwAhhSsyf8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSuOhEpZ26G1apwTYmb8yCval\/AEBRPcuzOLEauCutm8Cg9Aw7MEJCqo0x9rzS4t7RXw9ZHJwjm4cjcaToOiMOaFfu+VVWYB5tVycdZGiAgFBsUfDxzpzoGAp5IeyX8RBhrIPQ+UnY"}
 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592171671671308,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671671308,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8aBAAEARMDgKCQABCgkAAo7sAbsE7BkSzP8AAB0SuOhEpZ26G1apwTYmb8yCval\/EUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHxHyuth7w4wAlhBFzSbC5OjU44\/1Io1dfhnPLBERJDclqgYkhsGCW5n5pq4++z17AmNcn8dBqWB48xy31i6C8\/7XLxAdE6MTkI1znSj0vPZF3m092HE5ICx5Cq8tPNqgLlGyC4nLFjq9OvRGmiuiF1TIpM9PmTRo8CoFdISqcZiGUU3ZatNhq0BrGHwqcNi5TGpNATNj+HPUET0xXmYCe8+PpzJ03gSTlzB0FLjb7iGX7ScJzGIFrKQ0gxbXNX3pdkMqQzBo0EnthbcmLKitGXotm1rEcUwvAV2ofjpp+dpKuUM0Owe+S7aqtPBkDFA45e1ipUu3IPJnxQFqqPunboo+Hnv3g9HksDbGOV3\/88bS6N0HERX9+EEPSf+jFcHugxRyYYN\/nLcw3xaDYPvLEu\/7m+N0ENIH2eff2kSd\/4XAYxOrjtXzzXRz0ZawsdnnAulk+tBvPHcTQAHUIJtSG+aaebsXHD40\/zcrQasAOlyD6+yxXtZkfWCz6DKTsNoXXFNYoferb8IbDYILPjauQdiYr\/Fqo4b8wg9zsOUqrTzOoLvaV1yqY6LGS5ESEAk+jr3ZvB3fzAjmUOGFx2kYo4hL1jK\/EcQPM5W10+VV3AoK53O1\/QDStMfKAH8\/GDuEx9GqesH0qCt5vMkOqn5YK1S7fYqFQJ0GQz1CMuXWrBTC2CpitU+UBl95E6pJUw+3rLOJIBV3NR9umg3dlzgZskQRIcO79GrkmsL6EakUlWb0zm1fkXRDVTVfkzGUPboF+IMWjDBLtqq0ad1m\/KEYu7JQMB2PIUND0ZOxU+8ur4pEZXiMKJMG\/vwK0qb80\/Sn812LEChKfMFqSLohC2gQC\/NCnWpwdff+PmCNJuaL7vvsQA+2EOqwBf3200Pla7XD+8mVcbikS\/Axog1Qu9D4fpVUG1Li3QEQ4yRBnPcG79jBpRS28cTqfVW5YH7i1z4Fqql03+ZGuyEqkhrg406IpTvdPVviAPFL6DVkypnWagcwF88ejZKMTBlSjOr\/eOnsSl23grex3BTGaO74gsy9a58KneVSew6h0i8MIAQY6ELejtpPDdIQT86X5SIhP9cpOQmuAOMAq68Vn9EEpUauLD0Ge\/pPsj020Ul4kT8YAmuqz2gf\/kHYlT+\/P\/xA7QdRVyw2RjbzYPDYQRVXfhs94sPTmHrCVUkiCWYkJMxWHBeSC2ADg8+ZvTBGDo1xzCm5P52WKcTaM0hKTzFhYXwpuMbeF5P5pR52zCrQWIE+qQW4s8tAphPljw12Jq6qoamxgL4\/mTWk84qzfcREKHpYIkc9qxIJr5H9EucfXGvqqcetWkoTg81lO9Haye5wgzOsUzheY9Lh1TUgo0WRNXVUuSv\/JGnmIG5uovTlVRwenPJouIS+CmrkTUvFwZ2e2QG\/xLBHcJ9L4V+YN+31gwg116TB1\/ngwjfvqla5cotuv7AWW+WckNMQGoS2EYDWJH4Uq0ZUbTENG\/qanNdGm8G85c0h2dl0eq8kn4sXYTc7lihVx7DpaoIJtYZ4ewJlA=="}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671699048,"flow_dst_last_pkt_time":1592171671697674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":4453,"midstream":0,"thread_ts_usec":1592171671699048,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592171671699048}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592171671699048}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508516 bytes
-~~ total memory freed........: 5508516 bytes
+~~ total memory allocated....: 5508540 bytes
+~~ total memory freed........: 5508540 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2220 chars
-~~ json message avg len.......: 1390 chars
+~~ json message avg len.......: 1389 chars
diff --git a/test/results/default/quic-33.pcapng.out b/test/results/default/quic-33.pcapng.out
index 2d7ff703e..cd8cd68ae 100644
--- a/test/results/default/quic-33.pcapng.out
+++ b/test/results/default/quic-33.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1607938456563491}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1607938456563491}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456563491,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="}
 01638{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
@@ -8,7 +8,7 @@
 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"thread_ts_usec":1607938456566452,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1607938456566937,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":115,"pkt_l4_len":61,"thread_ts_usec":1607938456566937,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAD0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwA9AFCoAAAAAQg7VxcI2Jvc+wijB72XkxHdoUAcmTt8MUVh5MfFjPiR6HrZ0x4AXuWw5hgay8870A=="}
 01306{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1607938456567204}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1607938456567204}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508350 bytes
-~~ total memory freed........: 5508350 bytes
+~~ total memory allocated....: 5508374 bytes
+~~ total memory freed........: 5508374 bytes
 ~~ total allocations/frees...: 85888/85888
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2513 chars
-~~ json message avg len.......: 1529 chars
+~~ json message avg len.......: 1528 chars
diff --git a/test/results/default/quic-34.pcap.out b/test/results/default/quic-34.pcap.out
index e17d70e20..eec59e887 100644
--- a/test/results/default/quic-34.pcap.out
+++ b/test/results/default/quic-34.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646827637244077}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646827637244077}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637244077,"pkt":"CAAnfrFjCgAnAAAACABFAgUATWVAAEAR9m3AqDgBwKg4xtpIEVsE7ChNxv8AACIIoSj95jI1XLcIjUy3QAcovkkARMqtPUg7uXRSK4kMXX53Es5onLzxtRemVGyuMExaFbMut6vDuqB2U\/DpzOfUlq0FvRt9rUJpjW6yDtUJ\/70ztz+CDYIV8VpKhQLQtYfPD3mmkKn2FxkrrQO4KafazVucb4cvV7T4N0u43AnJcMtc4d\/GXnMaac4VfAlfHe4y11Dgg0O+0aKijzEWoPXxyRR4t51aC7Nkbv\/0J5dgWKDBQk9w37dytb5zwjbfQHpRVluNBzZHs5I4DMZ\/JnNB+PrUyuyBmXrp0gR2XnwVjzQ3flNPFgcQgu2\/JTVF0L13Ckxt\/+QZlc9B3wBoysEquMpFluVCxlhpsJNoFK7jPg3r2c+uxRQG0p8pcZpnvTksWL+f8WqFT5coLPPdZlZwBn02RKfGTA+uAZ0LaE0O1ka34WEpgqpoVc8fayaTadrjLyO\/JlS+dq\/Kdd3y9KPe38jjexcirOrW1+qlPzhwIx8piSprhOCyEQY2+fljrQNCpUoPKvzdasj+8Y\/vgOi4aANXTAspd+NPZCshlwQpGBYQdC7CEZbf5QlwUnySFyecnPIsokfcy7EJCJxGVFXATop39f5agqqDgJBBxbV7Vy06FK1qkx\/0u8uhGfVjqVKRKmprwi9X1kSSqhXt2GH8bZxjiM01oC4BQV78N199Rg9tYJupRv8l6yvhDS9rct08zWWNVxr58lebQUaKNYadQRmZaFtRmnN0sxjkvcxweUxbZooL7E4GGIqIljR4ZhLlzlK3E7B66OJGtQAC7VyR46GafnwhTxp3HrOyLyoZp0Rw7xcWItz9Tv6lT2BoA4Y0DSNY9olTp+DPyrMnUG0vqRxzRhJ8374jg6MVKZMEa\/87MY2irhA8kK8hZoC3M19FTaOnneltuWAhMrf+Q8t8BAlD7kUkH6oHx9vkYnEZiK9+\/sfx6Qq8taGMG\/mcWDWaYEb3NXAZqmf41FHteU\/OwdmlZSqoqDS5DlVhB2wq7tLwmLKxoxTkhjVXaunTU\/kfczBDm1AwklxFw3Hw5J5l+LHrwOolcProF6qLDBkbDOvOptyE1ll3vB0t4SH06Wr36sHzRz1uCQR21A9SHZvKyJK\/SCg1uApsLqdmJZ1f\/+1id8zTEwjq1qmsHED38lQ4CrlbWfoLvOR3f3s\/z\/QkitvfGtHhVZt0j0WepakKe07\/NGHX1V0dM0mTgqZKJh2Io3kvFvctAo6sUjbANXF0S8wxlOujZbFzW1LOki1CXDYWdPlq+SJtyeBxUEDNzFZ71VrbnwsnJNOpHvvMzPqdRV+ndVLZfpyQXSEsFc65QVoQNOu0MGerIkZa7wLe0y4mX0pnI8L\/R\/y1JTawqiJeeUx8r1l44ku\/g3ZE2uSVEJxuuTdY8TSHXRMxr7nqZuOWpvSIaUcGS3Q1TZnsiOTFYcvBWzEbQ72OmSRWUJzCCABBzidjiDpGWzPkhe8\/ROyjlc\/5TRQg67rXC2fAj53uXQRWw3a6jszT4xodZsJKooKIos5G3CpYzzQSJCrtOeOr5\/ce4c+q3Hx2rzKhdgv5WRhVAr2UV23TNUJd0OkmVeoZzs9v+FDb0PtPPYVDKHvjJqHAzOy1dUyjTbdc+UjRQ\/Xh3vEMPhsnnFc+0+ln6b2hntZL0z9eF8yMJK4KNw=="}
 01723{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"Draft-34","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","ja4":"q00d0307h3_55b375c5d22e_af0a630e9e67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
@@ -7,7 +7,7 @@
 01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1646827637247940,"pkt":"CgAnAAAACAAnfrFjCABFAgLwqq8AAEAR2zPAqDjGwKg4ARFb2kgC3Huyr\/8AACIIjUy3QAcovkkIkbyxu2YmbzdBBIfexsm7espBXzGKaZrAS7pggZDUUIfbdQ\/09SYdxmJiPOboVA5GNyIN0WKEZEb2ChDB1GilmJgW7Qp24EMucpJ8B17AVuDTPfEx7nyxUZnDxLnOV1NZxSPDEwEtlJluh20qRikrub3PX5DmXIcRaHLRejZJ9hsaCYWsq6n5Gfas0GF7MLGzHn117Y0pGUO2eqVFiwenMssI9+ug1E1aDiNVvZMQKSFdyDe9LiLFeCdes2+kAlg73TsTCPbewTMdEgVZBgLZaqO0un1mix5Qt6BKTBkVA8VSZ95v+EfSMYEwA9xZi0jAFqqTGyp+ZP95tU0r4nGCl85tIQDBKXfcBXQge764C41Mt0AHKL5JAwe7F8jwhPqhtghmuHu5o5uyPLm0TwLbmCTREzsDZ3DsGt5qVRU9QIvOhWBrh4V4uljh\/BtTxVptxRkCktu+NWT04G8qsIYXDgRKJUfYMbGUdCKTsE7gC0FAzqopaBfgolmLGZhX7ZxOjTG5NpEGFq+sEmPjGPlDauhq8NTECzVYfToMEehRp8C3bVLHR8m\/W+k90FLQ1TlaEbOqjuZyM\/9ouIFSCmQMPUymc3wxlPi0V28D1yaErAIjX4TP0GolGAZO78ybzC72YMWFqgmnosw3ju1DxFOnMm4S5978OZU\/wmbSWd91srzQp2fOyLvD3wvvNCgP73nEBs88atgYEK5VcrbDFNBrhyEvYixxRMTIqYTLkuWudZVMFEpbA6nhu6WPpaKYD3hORyKUUBLP\/t\/DIvXUYAsZ4s7fmfApFG7wJnzGak9JU7Tkzy0XAM9yEGedigZBltqQA4wPLvuXascBjTXzqxcRPwVbbiOpsQwIpMGnMJz4+XgHNI2WaH8iPl9H\/sYwWUugeEAk511PGx++JwUxDqTYxBlG36Eym55D9c1vN\/8RDw+9AAMguw=="}
 02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1646827637247974,"pkt":"CgAnAAAACAAnfrFjCABFAgW8qq9AAEARmGfAqDjGwKg4ARFb2kgFqI1IDI1Mt0AHKL5JJhXLILeyY0WWPPDGqu29pNjeQrsiCTUma2TcFGcgbIzRZdr6JWtplLqpt4qp74KLFQm7PESBrbW0e3kxD7S6yxhRI9JMLupNpVNheQDAE\/K7XDfSJm30AU1TktsrpLm7TfiD8USojXAxktLUfFjAiN6LG6fZddkhXh9AYZ7\/h0cSCCBipC+n3QCl4ZZLZob0nwewGNweDzedLSJHUiGlnnueifyEhuiUGtXgMNSJQ2JCiSHUKseCTMenBQSit9kmsy7m3CDkV8IpQHFpr\/KQRujoM5BDa8Yse\/Kl72IM405uisqQWn\/dXsCi5ce0bromjyo8SztDtTdIO91cc6sieObVALVrCc80ocAoEYgJTF5jiB7H5bYa3WWexHOJ0RxlkZABh5u2jRD60ENUaaMQfRFLTHtUlzezGzCFCF2IcS+WMBhwrHXLKOqpraJzqb1zDOgJyBdik0G2V7FsAOmmWq3kzNfjGuZ9T+fzSlxcobToHpyKVTh6yk3HH\/NbQjEutFtjDN8kzm6LZzftTMHupCPhu4ZLvz3A+qM2A1zwi5jSX7eTyP43nddNE8lSxbMriLhIHzadZrX75JISFbO5VwDvJNjuwIti4mRzJx\/4KzmR2yO+rvFcWV0dZs0\/MF6uYevBnu2YYbkzfUlVDt3QOqbxYzfYCPmQ52L75hajvvSWRTptBZWSpmDGOJ4XTD4avP\/kx9dpBnYVyb7KTOWud3jCtY9Dy0IFLUvwQTXGMQvxY1rW6hgIdpP+kthOl\/nWzDcHa\/PUhjS5EgK7B4SmuoeF3ytxRLbZxnjULC98CUv5fo7Ts14EjgMrhQbXmvegnsHXM\/e81QlFpnv8g5MxanFkxvc8tpr5XG8iFjGEj0B5WpJtuN7iq3z7nOCacYdJnYIiQ1mj01qFmCvBgbk7YWiMeiphglTgqhzvKbmvdg64HnjW1Es3AsdqJIZcqRus1DnD6rJkzYrRXchiyBhuQib+k4UQlm5hCqRnHhCo0J6LX8G3XGKSCadYx0g\/je+W+T0O4r2F5fhnLGmT5SAaG0edh3T2twOAFHIE1AKO0jwTDI8WzmuX8IYPD0YnpDPvt17DYPFIyDeOH5gIqsgYQjFZlXs0IHo2lM5JW0A12vTGEMsk8+9e6Z5fzuyATmFSi\/OqkgDSsNxnDgACPXJNiajuXioxc3erSKiDoxs9ouJzkif1wm\/7ixnjoy5M0DOvckjBD\/OuCCshIfuURfWTv6hvrPEQlix1SFn3RMCx1Pk8jg9thsFNFl\/Ho4MdvMw2RhXIz1+gcRUh14NXK1ApyZGsrTB7ViLQn5jNKtp2pdyf3KZPbaFL0Y7xQwOI0mvHL8HI43doiRf2crOMA1e0xs022LMvm5ySxZslF3z12zvalkvgvXb5OTKfwdssL2Oe\/UhdSppJObBzjA+FEs6Qfqh5bbz5aLbnxUlfYLmaNH+0BGi0hDTR9gZKHvTc2n4i900kDzzljVKsSlloNHgG4EshpTKWF2qFT2gsSKXypzJ7NmQ828JJYAZILIPg+FVeltdmCKZo2lO8FnakEKnB+A1cgn3\/xiCZQ+iDtSE0PJPFtZhhnpzFVQskhj6YomziDSO1a9fnQS0ICnwazdMcaC79GE+Zu7g1HThSx1E+aCxOD5MiNFMbrPUttd31nncq5ZDTQlklu9YFBeFEnNhjw7XV5SoHsICDX3Y807hcaww8O+S3\/ZZCHYrSiEoVXHK08+KrmgIfxu+0uDlNCswB4hQR1\/YEd7kLTjTbBWxK5h2KWCvESNP9hSvk0ChuucR4GXTRQ8ZJIb6PxRfICjZ8FJPDMEqg\/LMJKaLCiKRq62PLTEgbmtE7W7wFMwBCvtRBZFheSD6YcHVovYACuFKvgHYWtpT3Rd1wYRfqLJlwTjGraxth34Sw"}
 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":3416,"midstream":0,"thread_ts_usec":1646827637247974,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1646827637247974}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1646827637247974}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508365 bytes
-~~ total memory freed........: 5508365 bytes
+~~ total memory allocated....: 5508389 bytes
+~~ total memory freed........: 5508389 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2460 chars
-~~ json message avg len.......: 1492 chars
+~~ json message avg len.......: 1491 chars
diff --git a/test/results/default/quic-forcing-vn-with-data.pcapng.out b/test/results/default/quic-forcing-vn-with-data.pcapng.out
index ad49a5724..6d7e649c2 100644
--- a/test/results/default/quic-forcing-vn-with-data.pcapng.out
+++ b/test/results/default/quic-forcing-vn-with-data.pcapng.out
@@ -1,5 +1,5 @@
-00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679647550075975}
+00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679647550075975}
 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550075975,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJpAAEARv2bAqDhnwKg4aNjjEVEEuDJfz7q6uroQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMJ\/Xmnp2jeT+WoWwVvVQ1b6O31rw\/qrqxPBc6dRBLf3lEnWUBd3\/w\/JQS4pKYmUdU5xWZGvD8Ne8oIH04WmJmwXaQ\/wvsWrbYxMO92iL54vc6xp1YgRdxw06FeOPLguy4cuHkDCcnYaGKZtOt7y8kZNvtvYqVsxKCmdDYro3zFaHRpQGMtI\/2BuaZBboKETxeu8KUSeXMOryg\/KX2YYDmA7UmGc3kubU3ivUS1f+9ssIOdiFDX3AjohVcBNsmGvrXwTji3o4Dv2KTrLwBHjARD+\/HIuQNvwgHIVOT5\/pWNHA5WLk3tGMFGtipZ3L0RwYWrpR0zUek07xhYkSEEfPEtxXB+OXiXWb+BcdhWB\/SBgLI2MZqCKctIdHgsKw9gQe9RKvDyUP9hML1+k5xfL1Z\/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01125{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}}
@@ -9,7 +9,7 @@
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1679647550077628,"pkt":"CAAn8IWkCAAnf+BDCABFAACBibJAAEARvpnAqDhowKg4ZxFR2OMAbfKe8AAAAAEUmtalAo6QjtePoQ8o0RQu0zA7LvAUcWOciqnjsDzc3SKuu6g5K5ExooZxdWljaGUAAAAAAAAAAAAA\/\/\/AqDhnVl708WxeHhsa5mBcIA3qI4k9mX2UyYvHNrwCtPdyFmY="}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679647550078584,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550078584,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJxAAEARv2TAqDhnwKg4aNjjEVEEuO20wAAAAAEUcWOciqnjsDzc3SKuu6g5K5ExooYUmtalAo6QjtePoQ8o0RQu0zA7LvAmcXVpY2hlAAAAAAAAAAAAAP\/\/wKg4Z1Ze9PFsXh4bGuZgXCAN6iNBMBQ6vULpecHOMAGYvn9a7v5AvMXNhHDADjN9w8+4JawyIsFcXHSykMFbD54LHYQ0Y0\/gglw5uN0p44Z+7ai6KXvl9RuyJhEtdciJ+dYAYmzMp2MiXXnkeLuE7JLbpEpT6gFTjs4NN7ToadJAWHHhNOX60rnA9b5iTYa0VCKX7vVloRLUhxpcePABr\/SxFgF5LMJGd87ISOSaIaeoCltsIM8MOeB3o1aJEgNsGDysB\/iMwRNBSdVFP7ziX73ptxXwVuRIPMSsvRNOYSXyJinUqBZWtKWf3C2oKmz9VL8pHiF1GH8SnrZmbB4PXoA2kAqm\/7vQUDXwqk97ThrGeX2UciEQiyQkeuDFANh6SgmEVjeCan9sdW84wWot93kMdgpOk9VZI9f+t6L8EyrjtnFkadoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01348{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550087772,"flow_dst_last_pkt_time":1679647550087186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5466,"flow_dst_tot_l4_payload_len":2691,"midstream":0,"thread_ts_usec":1679647550087772,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679647550087772}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679647550087772}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 21/21
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506938 bytes
-~~ total memory freed........: 5506938 bytes
+~~ total memory allocated....: 5506962 bytes
+~~ total memory freed........: 5506962 bytes
 ~~ total allocations/frees...: 85902/85902
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 589 chars
+~~ json message min len.......: 587 chars
 ~~ json message max len.......: 2149 chars
-~~ json message avg len.......: 1367 chars
+~~ json message avg len.......: 1366 chars
diff --git a/test/results/default/quic-fuzz-overflow.pcapng.out b/test/results/default/quic-fuzz-overflow.pcapng.out
index d245a7081..e2eeef11b 100644
--- a/test/results/default/quic-fuzz-overflow.pcapng.out
+++ b/test/results/default/quic-fuzz-overflow.pcapng.out
@@ -1,10 +1,10 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633957625000000}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633957625000000}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5}
 03089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_usec":1633957625000000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="}
 01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q024"}}}
 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633957625000000}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633957625000000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5497974 bytes
-~~ total memory freed........: 5497974 bytes
+~~ total memory allocated....: 5497998 bytes
+~~ total memory freed........: 5497998 bytes
 ~~ total allocations/frees...: 85860/85860
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 582 chars
+~~ json message min len.......: 580 chars
 ~~ json message max len.......: 3094 chars
-~~ json message avg len.......: 1758 chars
+~~ json message avg len.......: 1757 chars
diff --git a/test/results/default/quic-mvfst-22.pcap.out b/test/results/default/quic-mvfst-22.pcap.out
index 224ac743f..eb2377628 100644
--- a/test/results/default/quic-mvfst-22.pcap.out
+++ b/test/results/default/quic-mvfst-22.pcap.out
@@ -1,4 +1,4 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":24710880,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="}
 01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-22","tls": {"version":"TLSv1.3","ja3":"a3795d067fbf6f44c8657f9e9cbae493","ja3s":"","ja4":"q00d0109h3_0f2cb44170f4_01b7bde4a3dd","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}}
@@ -9,7 +9,7 @@
 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":24710880,"flow_src_last_pkt_time":27201767,"flow_dst_last_pkt_time":27283563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":6836,"flow_dst_tot_l4_payload_len":11997,"midstream":0,"thread_ts_usec":27283563,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":163341.0,"max":2090987,"stddev":507077.5,"var":257127612416.0,"ent":2.1,"data": [6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11]},"pktlen": {"min":52,"avg":616.5,"max":1280,"stddev":577.0,"var":332915.8,"ent":4.3,"data": [1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280]},"bins": {"c_to_s": [1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1],"entropies": [7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":301,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":74922862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195043,"midstream":0,"thread_ts_usec":74922862,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":302,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":139922848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195075,"midstream":0,"thread_ts_usec":139922848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":139922848}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":139922848}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 490/490
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5522304 bytes
-~~ total memory freed........: 5522304 bytes
+~~ total memory allocated....: 5522328 bytes
+~~ total memory freed........: 5522328 bytes
 ~~ total allocations/frees...: 86371/86371
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 568 chars
diff --git a/test/results/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/default/quic-mvfst-22_decryption_error.pcap.out
index 5c0f020d0..61df838dd 100644
--- a/test/results/default/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/default/quic-mvfst-22_decryption_error.pcap.out
@@ -1,5 +1,5 @@
-00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593498296832000}
+00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593498296832000}
 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5}
 02182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_usec":1593498296832000,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"}
 00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"MVFST-22"}}}
@@ -8,7 +8,7 @@
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RTgAapbBAABAEXAICuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="}
 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":698,"pkt_l4_len":678,"thread_ts_usec":1593498296833000,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296835000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":38,"flow_src_tot_l4_payload_len":3572,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1593498296835000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593498296835000}
+00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593498296835000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508372 bytes
-~~ total memory freed........: 5508372 bytes
+~~ total memory allocated....: 5508396 bytes
+~~ total memory freed........: 5508396 bytes
 ~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 592 chars
+~~ json message min len.......: 590 chars
 ~~ json message max len.......: 2187 chars
-~~ json message avg len.......: 1385 chars
+~~ json message avg len.......: 1384 chars
diff --git a/test/results/default/quic-mvfst-27.pcapng.out b/test/results/default/quic-mvfst-27.pcapng.out
index b29e28b97..ccfaafc45 100644
--- a/test/results/default/quic-mvfst-27.pcapng.out
+++ b/test/results/default/quic-mvfst-27.pcapng.out
@@ -1,4 +1,4 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"}
 01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}}
@@ -7,7 +7,7 @@
 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="}
 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508664 bytes
-~~ total memory freed........: 5508664 bytes
+~~ total memory allocated....: 5508688 bytes
+~~ total memory freed........: 5508688 bytes
 ~~ total allocations/frees...: 85901/85901
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 2275 chars
-~~ json message avg len.......: 1421 chars
+~~ json message avg len.......: 1420 chars
diff --git a/test/results/default/quic-mvfst-exp.pcap.out b/test/results/default/quic-mvfst-exp.pcap.out
index 24c757858..b808c3ba5 100644
--- a/test/results/default/quic-mvfst-exp.pcap.out
+++ b/test/results/default/quic-mvfst-exp.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1600365863681233}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1600365863681233}
 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863681233,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="}
 01340{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","quic": {"quic_version":"MVFST-EXP","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}}
@@ -8,7 +8,7 @@
 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTY3BDg+s6wDgAIQAXJhFchLk9Evyyob5bYFNRx94bIG8Pq3hC5er0qmaO\/vmymM8o\/cApqIrJy2g30SejxFFp4qLrHRBshhLdfXAgbewyxghqNYdqo4k4fpzcK0xKawv3CgvxOHcjXBqnCGSVcOt5upMpAgkw54ZxaWqJXqyhFuwUnmywtzo46yC6KvzQQc9tfL1B9K3oU+MT0vl22vWb+0Lf+ZPccL0Zt1Vo7c7S+L6sEFDGA+z74v400bOtFD5pPoySzO82f2RI+aD0cO71iR8QdY1NDbmd4X7Moe\/yOsMq005\/rpHUk2+xJ2FPzq8yHfLobQcqchii0EMfDk1rPsS89JSeCNY+vs0QJr7nQooTrHMjcFcBWoVkNz4ZMShcT+41geU9drLAJFokpeyDmOzN01RApZm2IhjjYCjQouWgT\/RoPALA70snIVGTxUaI8effEdV\/esvRgO0wPS3ufzmveSbRNR1KcV3V6t4SuvG2+qOGFSPTdVrzd7HwpgVkYmpC9kmjvG8DKo22x7ZojgSkioA0bYQ3x\/KLQBexVHIB4Fzaf4jo+Lvjudx7sa5tts2dktvsRG3D+O4zxLAMtTsnECcINoJkxhsYW9jjkGEoUHGbtEErWBfZfnh8zXYheEpRjjsN2JBNbpwEir2p3EFFNuMzs+J+nsSyty4dS\/NSH4115DAW4aZcQSwLfK4aN+vZKGwIXYj1E4VOhcmeni9823p5qJQhVsRpFzsv3nflFBO\/2jt2Ejyv0rmMMyF5E9UNOP58UMq+sLQ+NnFaJNiaL7FPFtdEziXyVmwzDrEseD3Xtqj5WXao2ssrb9ELRX3v2h0LqYPqr38ho12KiIjeOF89DmimQh\/R84lVnYxOM45NO1EI2fjHnuvSSpL++OZVJ3Pdv3A6wgrpI+DlboZ3MxMau3oF11F74N2YkE4kQ+yG51LL46zd8RHea7sUx7RrEcm2QsOvwgrrU\/Z3y\/quTgZ9MyMsxzAE5Z2ywzGQJ+tVm99R+d0LrBTiXATdH0bTOf+ppS6xyk\/7sY9nVoFyAXPE7MDiKYXlY2h1SMzUHpL8AmcR3wAnQ1a2QDFvWLtLKW\/btEjTf2b7ByngLAfA8CkwmSsL24kpXymT\/ZhRFFnqnXNK9CXSLgl53RVBDcmmqQgxqUnZfIldLBt46O0LHX2Q+Q92YDI4WDBqGsgXXpY\/4py77CpzvWsdICv+Cv6g0K52IxIthchxDT18F1aoGuaKPfIYvjZakAYa1kpKN8XUWEQ7w+enUpmmYfpZ0xOh9vG6o0hjQVu8X2GXtJb4GVQQKUT63WyKMfspY++Flxrxr5vkDm1GmVTyDQiHqlpI270U5lH9CYOYQz2cKc5fxJWES2\/\/WZtNqYINm4e4GZUsTXenMiwdd918MZCq4CFYETnbAUx0P0X1v+Rxh6KAau2EE4GKnCJgPdrvzKpOHtaC0U8wdRmYn9lK0BTXw3++M2TAKJ7kPt1R4W4mdVG9PQQGlwVWPyWPj5pWt2DnNBHNUXj0FX3zRrt\/7+DrzSqWNFKrYcEaRLurEvc9I9wibxxwcGNF\/IAT\/PHR810uEvT7csMZR4O5za7JiCcKZYtoTcWmUJTM+hP1+5SQaIyACBf1xadt+PZzeKqrxvwpLFA=="}
 01300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":613,"pkt_l4_len":559,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAAi8ROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wIvdFPn+s6wDgAIQAXJhFchLk9CFmcM73CUh95lmczPmpzf5ZNI8IeO1WAp+GYM7Ki28TOD3rDqZeVpJ4eVbE3sXqFxAv48SfZC4RA1WIY6\/RvKVhj17YMRO1B\/ABoaHyk5UDr7StQpOuCHwbL8GyJkK8V\/AfNgFOoeaf0RiSxe3Z189tM2PUGiQ6SWWFDQ\/HsxYbe0cn6JAXiZk5EN1Wm6zkCb+qzQabFz5TgK\/Qo7I\/hLmPt4Cnsy7Zv4BmmkYC8j5YaLcbyLo0WZBB6VGUUcEFHgI+MccFtfD7y\/Soyos3ZZf4ARZE32lJQwHciqD1QkvR6oVrSAqPEM9SngERqYruFpkL\/ha7bCEe3C68LXjWs2M0uOGQc8CM6fQ+pVCklz0cpuyl4QBvIZREZAHMzJrTfW1oGcQ\/tTjPoG4CffvnsGgn0uH3PabZriRqEQ9hOWyC11Ea8bdNWvNOuuSjB13uS2KuLfV5xAJx2sMMZRF35OBURgpm1oSsp6lG3J5oIWyJEk\/NN9pTMisKM1Lb+h132vTa4Zt9oBWjd\/a2\/995t8CfXGS+9lrd20XD75zGzc6S9RXwKzEP\/M1lvotW7ueHDsV4tqmu+8XxnGd4cCaTSnMpiogUMUXsYzcPFojS+oAI7YLxyoSj9ftVhfwyRA1t4Na6tBzC24NM9W\/hbT7AZlW0YX5gE+8LXmfFB9Gktd\/l2tIPsJspF\/u+DabDf\/9et1Fgqr0dP0uw=="}
 01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":21,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863836720,"flow_dst_last_pkt_time":1600365863839043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":3496,"flow_dst_tot_l4_payload_len":20953,"midstream":0,"thread_ts_usec":1600365863839043,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1600365863839043}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1600365863839043}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508957 bytes
-~~ total memory freed........: 5508957 bytes
+~~ total memory allocated....: 5508981 bytes
+~~ total memory freed........: 5508981 bytes
 ~~ total allocations/frees...: 85911/85911
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 576 chars
+~~ json message min len.......: 574 chars
 ~~ json message max len.......: 2229 chars
-~~ json message avg len.......: 1398 chars
+~~ json message avg len.......: 1397 chars
diff --git a/test/results/default/quic-v2.pcapng.out b/test/results/default/quic-v2.pcapng.out
index 55bbe3984..9afcae4db 100644
--- a/test/results/default/quic-v2.pcapng.out
+++ b/test/results/default/quic-v2.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671528048896780}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671528048896780}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1296,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1296,"pkt_l4_len":1240,"thread_ts_usec":1671528048896780,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusE2BFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbBNgE69ZrM0PPCAcmJyZC\/C6yCBH\/\/epFJCK4MqGWwvoV7EqZs5m5EW6yxe8jMGVCOjOsFtsb58R1QeHbyTN7wDJrFztAv8sR0ltkfQ6BQcif1dT+CuBqOkliOSyekcLhs5IK4\/EqcSiu1Vc2I2kZCMmWKpNsq+GH5az05AR+b+iINMh+SMq2M23PZZk03\/wTPgtGcudOgaDYAdQf1qvbbgTCfZyDF3HiyP4OAl\/iKBimU\/YJu\/f1ADkrg1eb2y71BQd5X3v3pjyTnpxrgpLZ+vv9Da\/xk1DMsxxHOYHdz\/NeLURGVCejzo9fkdp4w16Ueb9tNytawgEphEx3BSVBBA1PLxVn3d2G6+CxjvzeZtEJjuejMOx3HfXtyZuqqFPvcrCkm2hdl2+DYA5bvtEvscEj4Ym5CnWFvz47xC7wF9Bgy0Y4pOaTzJ4EkWvl6mv18LRqqhZmGdxGWg3bJbiSJiFrcNxJAUKE7lEso7o1TN0m\/cOjbl5BaTBp5\/qJ+0XYxoeALINiRA14qyxyfngnr1ZjvpOd1IiKziIUGV0OiGH337zAw8iGwD7iQk2WAZIBAVjAFnN7Wm7a8J8T9l2DDkdsQaB8fmut\/B\/y4qcLDxrVUe9Cng72sNhbCDTAj\/3vcK8XRa1huDOBM5aArjm5yS5c24R19e\/Xt2s\/eHcSZDGWC2Clphs6Eu4eXx7qeVixbQxIWZv09r7jazNDzwgHJicmQvwusggR\/\/3qRSQiuEKjbkbUQfjD91bGCNQXlD+3eo\/cE7mUA+W7lNaoCdZ837\/+ANaHhiU22Ny7mg2Uo6oIDI\/kA3nVLT+YKlIa+ZANgDT7CuUEsoBz3FmhicEmq5\/mNliNEDT53ADrsB6HKdZjQE4A8OOOkCr3LiuSOH3KuWvqK0Rbjz9sK6+z\/AGqFSv4dMjUs7Rr+\/W2FnoTnKTNpxqRd2KzATp7bnvLn+b8E7MhNjbdlziRdOVtYzAqH94vIJOOIMe8a9\/oiQUotTxy8fNG1ajZZKRvL0nqVU6zdUqHiMru1\/xuSazSUwLz+OU7EXMmSkQ+ZlvAnTpz8YPtPeuQl0psmTzQqm+uJOI\/7y5JNBbYWPmB3aRjLjBrdUTsn7ZcFEuutFbIlbr24xD2EVN76OB+Tr3ew4PEVf6IJTmwj6AHOn5mzF7oH4Nt\/sPvQ9d9wwsmDr4X8cE+tgmJfLo2SOvgp9rlCf3f3fKQ5p16JaxdsZIN1YBsYWX+SQX8zdljVWNog8l31o2YdnLB2Wxu+uGb+nSU+Jtm1h4JgIR0SEY4NEhbB1FYM+00rhga37Tsdpg2pibU76JAxvHwEKHxQsn5SO3eCghAtmyeJIaY9FY5ftTcbD4+xbrHGBKtQeNlMei6Yvryacu85Vrl4yAdRD81BOqXJ3h60g\/wuOc+2g18Ui\/UZ77sYC96U22hwkgmIwXSbv4h8X3bm1QJ\/hkUWqPfFinVo4HIMDUoT8lJQQp8HWbnJ80ulrDCZkdU36fHxGW+ZVXkYr+DuUBKTyZrDfADc\/jeI7kMKMkqnDPnplqmJYyx1bJuwfdMBUMNZ8ASLhnA9bBm4WcnFFwAR+d7gRPUHnNFZ5X1xttm1Mqqt9JcGKcqFj11uexFaRRssg3lrESzZbA0Ur5MBXNLKGA8"}
 01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","quic": {"quic_version":"V-2","tls": {"version":"TLSv1.3","ja3":"5e685944fc983af5eabcc813add3dca1","ja3s":"","ja4":"q13d0310h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671528048898845,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":212,"pkt_l4_len":156,"thread_ts_usec":1671528048898845,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAnBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAJwAr7ZrM0PPCLhE1vcYdf0dCBH\/\/epFJCK4QEQjqN6ZuLL9MJJBLiNhJeBu1W1LK2Dw2EpAnvhN3X7\/Bjzg6IFOJXDuMbvIvafcgeSIFtrBbbfsrmqtp\/0BDJ4uUOkjFg64RNb3GHX9HW16DJaZYrP5pKZaca6ZmRU9khKs082+s7\/8kvB0maTbmbBpsZJQfB3KjOhCfyU="}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671528048898856,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":119,"pkt_l4_len":63,"thread_ts_usec":1671528048898856,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAPxFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAD8AUgi4RNb3GHX9HTahAC59jOEgM22nHO6jxIbeEiGpaXFX16v56wRTMhB+4p34Eoum6PVghpele\/s="}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":11,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528049435550,"flow_dst_last_pkt_time":1671528049400903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":2034,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":9532,"midstream":0,"thread_ts_usec":1671528049435550,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1671528049435550}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1671528049435550}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507155 bytes
-~~ total memory freed........: 5507155 bytes
+~~ total memory allocated....: 5507179 bytes
+~~ total memory freed........: 5507179 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 3324 chars
-~~ json message avg len.......: 1935 chars
+~~ json message avg len.......: 1934 chars
diff --git a/test/results/default/quic.pcap.out b/test/results/default/quic.pcap.out
index 54a792679..c76d3a6b8 100644
--- a/test/results/default/quic.pcap.out
+++ b/test/results/default/quic.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431155536815947}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431155536815947}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536815947,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","quic": {"user_agent":"beta Chrome\/43.0.2357.45","quic_version":"Q024"}}}
@@ -8,7 +8,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1431155536876734,"pkt":"ZHACjT05eJKcD6iOCABFAABBHZJAAEARrmTAqAFt2DrUZeHpAbsALSjiDLLeXfFPVUXrA67v5IKthu5daKgPQycb1I+P+X02zD7nMJ4gZg=="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536941384,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431155536941384,"pkt":"eJKcD6iOZHACjT05CABFAAA8+xkAADYRGuLYOtRlwKgBbQG74ekAKOqdAAIPpl2KFMpJfDQ+pZaM0w+K\/5VnEsUISIlT4r5r+nE="}
 02213{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155545866860,"flow_dst_last_pkt_time":1431155545859249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4333,"flow_dst_tot_l4_payload_len":4661,"midstream":0,"thread_ts_usec":1431155545866860,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":583684.4,"max":3197585,"stddev":963931.8,"var":929164558336.0,"ent":3.4,"data": [46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004]},"pktlen": {"min":47,"avg":309.1,"max":1378,"stddev":382.9,"var":146578.8,"ent":4.1,"data": [1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455]},"bins": {"c_to_s": [0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0],"entropies": [4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1461850699450756}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1461850699450756}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699450756,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q033"}}}
@@ -17,7 +17,7 @@
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1461850700501096,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850700501096,"pkt":"OGO7P47K7LHXhMJyCABFAAViI1JAAEAR\/jIKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwSJFGwp3LQh28QKtVwAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1461850701701181,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850701701181,"pkt":"OGO7P47K7LHXhMJyCABFAAViI7NAAEAR\/dEKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwVe6cdVWYyeyFNdPaUAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":252,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155574747686,"flow_dst_last_pkt_time":1431155574746268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":17168,"flow_dst_tot_l4_payload_len":220360,"midstream":0,"thread_ts_usec":1461850703450276,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1463060980301154}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1463060980301154}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980301154,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}}
@@ -59,7 +59,7 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1463060980460380,"flow_dst_last_pkt_time":1463060980434758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980460380,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHB5AAEARn5\/AqAFprNkQBLJlAbsALTJ2DEPl1BjSnP0KAzjJULyfLco0lkyo8NxPEjOmoNDcdH7jUMYuMg=="}
 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980460459,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"}
 01197{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850703450276,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980460459,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1463075953299562}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1463075953299562}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953299562,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"Chrome\/50.0.2661.102 Linux x86_64","quic_version":"Q030"}}}
@@ -77,7 +77,7 @@
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":44,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954280999,"flow_dst_last_pkt_time":1463075954300949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4226,"flow_dst_tot_l4_payload_len":51309,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980449696,"flow_dst_last_pkt_time":1463060980446842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":2700,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 518/518
 ~~ skipped flows.............: 0
@@ -86,8 +86,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5532800 bytes
-~~ total memory freed........: 5532800 bytes
+~~ total memory allocated....: 5532968 bytes
+~~ total memory freed........: 5532968 bytes
 ~~ total allocations/frees...: 86485/86485
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 554 chars
diff --git a/test/results/default/quic046.pcap.out b/test/results/default/quic046.pcap.out
index 12a259467..e7ea0020e 100644
--- a/test/results/default/quic046.pcap.out
+++ b/test/results/default/quic046.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584456191933380}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584456191933380}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1584456191933380,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64","quic_version":"Q046"}}}
@@ -9,7 +9,7 @@
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584456191936043,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1584456191936043,"pkt":"ILABHGh4AJqdnpsZCABFAAC5VxNAAIAROfvAqAHs2DrOVsWbAbsApRlJ01EwNDZQtKT59fQu3TkAAAAFpShUaKLmTN2T3Ey7BEBxhhlPz\/mI42X6i3+zIvnvGPOAlaAMy0sQAcxegKQRA1QQwNG9N\/8cy92QCI0CXWZ1odCXSax157XF7S\/xa+HfI8d71opbqWvA7umD5My\/CObMYgq6GFbFgtUgONNyTSlCdXpaygRYfMn++j4RkGiGTRdqEUPLH8obgjwk1Q=="}
 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191967570,"flow_dst_last_pkt_time":1584456191967633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4485,"flow_dst_tot_l4_payload_len":23197,"midstream":0,"thread_ts_usec":1584456191967633,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":176,"avg":2207.8,"max":29469,"stddev":6263.4,"var":39229868.0,"ent":2.6,"data": [987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228]},"pktlen": {"min":48,"avg":893.1,"max":1378,"stddev":591.6,"var":350034.9,"ent":4.6,"data": [1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378]},"bins": {"c_to_s": [2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1],"entropies": [4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":63,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191984839,"flow_dst_last_pkt_time":1584456191986142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5170,"flow_dst_tot_l4_payload_len":81927,"midstream":0,"thread_ts_usec":1584456191986142,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584456191986142}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584456191986142}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500921 bytes
-~~ total memory freed........: 5500921 bytes
+~~ total memory allocated....: 5500945 bytes
+~~ total memory freed........: 5500945 bytes
 ~~ total allocations/frees...: 85961/85961
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 2324 chars
-~~ json message avg len.......: 1444 chars
+~~ json message avg len.......: 1443 chars
diff --git a/test/results/default/quic_0RTT.pcap.out b/test/results/default/quic_0RTT.pcap.out
index 6f0ea028a..75f60298f 100644
--- a/test/results/default/quic_0RTT.pcap.out
+++ b/test/results/default/quic_0RTT.pcap.out
@@ -1,10 +1,10 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603888789791229}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603888789791229}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789791229,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="}
 01384{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","ja3s":"","ja4":"q00d0310h3_55b375c5d22e_060ec1c6a056","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789792113,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1642696459202000}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1642696459202000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAABpHCNAAH8R13bAqAJkjvq148sEAbsAVb1N3AAAAAEIZbnuI7NzRNYAQDw6ETJgJtnaW4Dzps3McwFi0x8VnVwO7RJLNCBVBqiWNmzfu9oL42X8gbNncXuRY2lvH2rb4p2qGfmxe2Y="}
 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":409,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":409,"pkt_l4_len":375,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGLHCRAAH8R1lPAqAJkjvq148sEAbsBd7Ag1AAAAAEIZbnuI7NzRNYAQV5mqkZpRs8e99gEnxpMKgcyM4ebNtzOcUmv1eRpS\/4Y\/mYyP1B30U9uS4NGHjyOGaFJnHQyUbtswyTwz+8uass48b1GPbmGmqQGpgZzohRjGIpGw5eZwAz\/Hue6+YW9hwAmx9m0UhFfKsxUneEQJWrND6vl7b4\/1fQnPQDJpSQzDhzIhJtH1Pbfr\/WxE+M9SYDl1quiMttOidtA3D1KovBObJj1YlosZRsCpK8jwfULuNPkMn0+JgLUu2\/2STd82m+o+3G92qTNfTHYeBX+Sz8bpdn3vD9Uzax\/wWQI6eIrKNESFD3RLvXcx4+iyLJ6EqD8eYRGEEvi4b4XufDdC9OsxQBFVDeX\/54chXjPWbYOB67nyOuSaNm7e\/7SQG5tg2Rrb8\/P35bz7qAI+r9SDAYGGzm0kMCD\/gcU\/eB9a0NUUKHN\/qxjP0dTa9I1hufPHnolkoo70d0iz7y+nNj5LA=="}
@@ -14,7 +14,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2AABAADsRN82O+rXjwKgCZAG7ywQAItXNXm+IJiWIMOQ7CKcNHT+QszcDtXkUT0taPAE="}
 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459408000,"flow_dst_last_pkt_time":1642696459432000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1874,"flow_dst_tot_l4_payload_len":2674,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1642696459432000}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1642696459432000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523993 bytes
-~~ total memory freed........: 5523993 bytes
-~~ total allocations/frees...: 85932/85932
+~~ total memory allocated....: 5524046 bytes
+~~ total memory freed........: 5524046 bytes
+~~ total allocations/frees...: 85933/85933
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
 ~~ json message max len.......: 2215 chars
diff --git a/test/results/default/quic_cc_ack.pcapng.out b/test/results/default/quic_cc_ack.pcapng.out
index 088d5ee65..209210049 100644
--- a/test/results/default/quic_cc_ack.pcapng.out
+++ b/test/results/default/quic_cc_ack.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623513645438057}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623513645438057}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513645438057,"pkt":"AAAAAAAAAAYAK2gQCABFAAViCAZAAD8RiyWYDt+RR2LkXd8ZAbsFTlqVyP8AAB0IP2F8CyEK1SUAAEU0pUADgai63r\/lItFGP+9hC24roELpliW3esH+N23zYsVnHaLlDALQ9HmbSfFZdOGFn1N0tiCxBoce6EnFP8qxgIGvtolBdqVO4KtI3I+xzDEP1dMbrxXh5kXHhT9281\/Su+nx2HNihx4eRSrnG7qGfBWROROddmS4TWWAqhaVPJstau6yELSzb0UA6xOcZDDOFIrtIfaHHJNL73QwlCCVC8\/X6+gOB63o+ixHncf1eOknkTc\/XYOWJLMHSLd4BZOA3LW5GmIXKYRfAuWR6FNCEsog27+JxH38wH4S8BIHq9f0AIY3YXQVkFE1PLeWua7Hc3MsiUcYvgoAhVb9+JBI5eXYfDCwdHERnY1IQQmUAu9SFx2J6nuGff5NC96rDFPIdNELe62FpMiG++tWyxBT1jrqduEE+GTJGana2VRZO0mNKPo4k96XXHnlrmLHJtxgqk0CAYVVoULGC7QmHW0IPw5+QC2mMFdQ2JXXCHchmXNwhcQoDjPepV0Tc7gNhPo5bycXS3v5HN4L35Ns7nhQwv47t4TyZK6yYxdFDGdbuycCS8L2dTXwUF7TstgFGUmpVkx39Ih0cfz4Ml21l4W5OxPMQLwymZcjFN4ZcsWF1RYDZqiwdizzKmJZ2dywSdNp0mvGKgOCMW\/zEpCDahdneaO5ePAihedJrHlLWjrIcNPtMFJvsCb8J2Zs2JveZH8M9ycGrJuRHIU6iNjJ1KE38VCB5Hf1tALUvZ0BBj\/qC+Ij8B4Ro+yZstJd7Ob6BhH2uaRdc5I68e0jjwGpe80iacH6GsFPIOjtZEEbNYvDZ7w16Rc+ITnjSC38untM8Or\/bUIMrMDMgaZ0v\/C5OEdfOGlvxCBCC4\/o\/90Kx02rZnFEL\/i8boI7ePY0ReSck8yGfszVfqzNgiwK2v5Xb9wSfJ6a8GDsAhSfZ9BXpA1BdfBS8hgew+G98kwh4cHwLJ7guN9fdx1HmkzmFzzo53D9m0lvXudsnc8ddqbXGk2HsS8RT8gqdE4Qp0HmVJpwPar68+ZRDzIVr1NO4grcPGts3UheNWWdX22kIGFFoWJQJ0Iud4hNuShy1HzqTQ1lyp0YYC2JKUrnWP1jn3LpGqTH2BpZ2wK9\/yL0GdwgOVZWGlPVBBI5DulktahfK8IcRAXIoSVEE\/2BFDm9HCokMUAXZ7NOPTsKGJDxCqTZin0sZ\/S2a+q9vrJzdzIYDluIS5EynegX+P5Joc4GPrIZc3YnPU+\/jEQ6WmwykKvJwcBvW4q9DF9\/8A9K6qBXWUAE\/f3ls7H3ipOg+w\/Kh\/WzO70xs2OJpZb6vVHkFmXehlT0Ib213P4CBiVWI3EwxwElbpSAUUK\/\/VARpnBPiA9J+ch71rajSMnje0HhIlInLryO9owSAQ7f93iROUK3RJldQmsCIOfxHUjT\/D9SQRsq4felL1nQ7DtW9jJkBIxJNEvuacIdV\/uo77CehnUSmwufgmQjj2L3ej6HOYKut+6KBPceNlpM9C1g\/\/lK0TvimOKIRh5lPHZnjbRXhK1\/2ricgkmNL6d4mPnYWLCcJhWSclF\/A8b\/ixrplLwQsuMc4NgUi8p4L1IcSZhnUxtTszMmKomu4BZaTzCIvV8croOgcxm97AvxlkZRjUy4Pb5rdJcTpPFvUeyaVjMB7toze81GUUg0VFp8lOemZ2cFjZ+uKOYqXrcEJFF9LwKAjMfV1JtVs7Svx3g0n+xvnlW+JM5HoeSe3uvLKwvv8MdjFD4tJpVfQSeZPJIaH6fKbzpbepdPhIKObLCQ"}
 00969{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}}
@@ -8,7 +8,7 @@
 00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623513729660364}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623513729660364}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5520837 bytes
-~~ total memory freed........: 5520837 bytes
+~~ total memory allocated....: 5520877 bytes
+~~ total memory freed........: 5520877 bytes
 ~~ total allocations/frees...: 85911/85911
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 575 chars
+~~ json message min len.......: 573 chars
 ~~ json message max len.......: 2352 chars
-~~ json message avg len.......: 1459 chars
+~~ json message avg len.......: 1458 chars
diff --git a/test/results/default/quic_crypto_aes_auth_size.pcap.out b/test/results/default/quic_crypto_aes_auth_size.pcap.out
index 4bf0ca827..f73e813f8 100644
--- a/test/results/default/quic_crypto_aes_auth_size.pcap.out
+++ b/test/results/default/quic_crypto_aes_auth_size.pcap.out
@@ -1,5 +1,5 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054047280433}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054047280433}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054047280433,"pkt":"AAAAAAAAAAMAKVHRCABFAAVifypAAD8RWHqGNSQrjmgmHohlAbsFTlBUwQAAAAEIajnnvXpZQGkAQKS1+N8fvEy\/IOkT4oydortAv2EA7pMR1b57qEUN\/CWLgwIsiaJrsQ4hFHO3l4u7VGBrkULKHI\/lxjDWdE1irA7d2B7h4jkYKWy0HD2ljAAwNUaCq2GQKYIMFYPPnjUgnc6NRkaRBhSzAe8fZndm3nU75Z7WMus4y4FiuskzWK7wPKBIM7bxQiBvpY62McQkd0tyvv46Jp9sqnschBDc67JbIa9bgESPp+gcP9R53I2XHVB+sKt85pW8jfCDOYD2MzyGLQ+T55Kb3elNggevRPNt5\/n5LSD1+BaMwPIWniyhyXqn9M7ZOvHxtplESf3\/ummwgMYCFjWE4x4CgV+8lqttLnKDT+33uPLxFmhUHvuyRgYs53v+N7Yn38UufUU6ZhOXmHE8+XWeHs3tu8WDodE6SWRhM5xseVzCZYLGTT3X6CjYNFcJl6kyqmquwogEu3CCHnXmS\/INjB4uSUiyMhRi4SumS20xZFVtqZZynkmMlWnK09e81BgkY\/iuisZWvJRuJHFdwM30B5LDjtpgqfazbpCu6Uwmv2u3GL8UYFg9JXJ6XKW7RjDXv2OXecpNpV7Ec+NZ7S+Eblk+2y7gdGGGOJ0YWQ\/UdbM9tjr75mYZlmZ2XmwaOWA7lupjotCEVtvNyVGjw1p0RQjwWwkUNuy\/TjEqMcudShKNa9WCDQ8bWEIgXHDXASO\/PVPq3gEIqJWQbO0nhO2rHJC9mtpB902MTnQB3oRhiTtUMf7fAmQ+6s5GNn6c3en3gGYGA+JPXusJvDjsRu3PwCbxmWJ5W42P6X61ctfR4ImfNUcG5Su4UNFa8ImA7GgSH608jeNlAEH+oOj8LjAiKc4rTEvo1LMxkcm0RbEgQ5zCg4gb3K695U7hnkuVkbZ2P0\/0RHqSidtcHdfWB8hEkFLyKuUlyFbgTj26IexnKPiu\/sik7Xf0GfC\/8RFWHPg46bSbOrQPg\/gjKdjoVYkal7TJgFaID+VHNzeQm+hSPwwtg2AWznQWRmFkp75yYX7gosdtClYrZYA6FFirHqDW+0GJykjlxQKOXDmUJPLnyG1hF2irp+YW2l8A4zScFSFMH7ORiz7jakW38s4r3LjbMiRb8Tx+m08\/My\/lJnC9xZh8q82LXT41dv64cfwg2eQtvH2Lqzs2I9rgcYmsyHnPyvR7699rVEk9J9YaLrjr+fk8N7MwS+A2tX9iODZWnJOUm+mTNwC\/T\/RWyAERM4hbUAEurepo8J\/aEcXnBHo7os5GSVLmj\/GiHweHArDF0myFhpn34cAp8f6Y0QM3kFU6FLExLGABdnyQk5FEBOr15qkQbVxZ3kiwHa5MCacTRiiIRbM6fJjJYMCKTLqYyerVtahDJjc9THoEHqkc263xcjlUk3B+44Z4xuqgt4XeHolWU+aZMt8oRurkAG4Tuf4UKqTmIxukJT2TMBWkasVQHP3Z8Wausgp7GWEQU567iGHAcPK670SSe9B9hqsJ8oOEYcON5apMj26RB8Zd26Q8fiq1vqWEGo1PCxuUi5unaVFgNv+c1hkvn7meyjHS\/L5Rc3CDUEpgtYy1aOHQJRbXUKAeBVqgmzVlTFgKNAdhCllApJowozwlhoVXS7RvypYWLyqEFM7Zu4iCwMajFBhTXBCFwHLDlfiSC1hs3iPlIAICRuCzOLoHacQfJq+YMBKP9Z\/B3dU8jrKoUx8rHfRizok1fJto91R9llaEwHYg05bSKiD9k+j1zXsQMK8reMddzvzIMatcM2wofN5hnpTHOrEb+bb8zNLy1vI98DbE"}
 01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","ja3s":"","ja4":"q13d0310h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"c570fdf41c8bf336ac9442888680bf3a","ja3s":"","ja4":"q13d0310h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1639054232898553}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1639054232898553}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525143 bytes
-~~ total memory freed........: 5525143 bytes
+~~ total memory allocated....: 5525183 bytes
+~~ total memory freed........: 5525183 bytes
 ~~ total allocations/frees...: 85917/85917
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 587 chars
+~~ json message min len.......: 585 chars
 ~~ json message max len.......: 2366 chars
-~~ json message avg len.......: 1472 chars
+~~ json message avg len.......: 1471 chars
diff --git a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out
index 2eaed0971..18a1ec890 100644
--- a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -1,5 +1,5 @@
-00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1616775370814360}
+00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1616775370814360}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814360,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="}
 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}}
@@ -8,7 +8,7 @@
 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370815052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_usec":1616775370815052,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="}
 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370828465,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgTYBOuNAAAAAQhbtLKZy53KxAjsAiiM0e27twBAm7orpw5qxd1lVUqgjQB0t6bjTCpm0HrYctLZlOW8RxeFqYLpUL6aQgJgsqWU2IeDMkSEWQxNoAD9isTk9Yu7pj0FCV0RExtP\/DdNmswmyNYMjGETYolLSYO5r9J9yPDA0Hm5r2Be7ZsaOFJuaPcG+Z8cemvuyam4YpqgIkUw2fRqAGCqYxFG+6KmJKwipCWmTGX93+bCnHXzHjo4pAAAAAEIW7SymcudysQI7AIojNHtu7dEArButeYco\/iBezGaaRrsPrjlQJaXfjGrGOtxyW+VEUk\/MjXR3nhkzs5hCQvCoSZucW\/0W+ecnkNmCHqs4SIt8zySyF5lpDfgp9EZivvNrzkJ4n+PQNK45RWScN6\/LidvcVOvPedmQJOG9nF6nKt5GINaBYIV4DAkyRKqDgwq9zUb7Yz7KbZ4\/U\/l5J7VJ1IcyGwyyxkiATxj0nXz5iL6S0i\/Qff8OBcicPH2P4+Ard1Ld6HdHHjevwx0KBLIR\/1gx8y3jBkMb7NrDl73ag0KfXqIo6e\/H4rDtDyvQi0MpOujutDnn7iduSAyMAttxebYk\/V9FvCkMKZXO\/f2aw6MwYM5XiQfiS0EGekYNUqu4tX0eDWRfSvzPoSK3zwRx4JPCDcvlmXgRKO5rgPMPeHxw\/4R8pwK77EgYt1YvugWPg\/rFjo0LRZvcA9G8G\/1gz6DPb5lDFEY+OBRlZ30ZE6tLUP1ZFYbG5jdeb5yhjd7f9M0RbEJ7ln\/y8vbPI2C0bUmD13Rt4Y0G7RfrbpAU3FY2suAugOO+boypmtiO4rL6zAODnI6MCvVUhjFhDUP1ZMy3DEbE\/xnUPX\/Up0RcMDRMmYO6PresXQ5RkVkt0ae6aInaNXOgytqGgSHQfz6uOr\/L0OHDt+bSpAApU\/GkfBM7SXUX1s7HyotBUmo6gVS8HUZuU7YrbYGRso8SY50+dw8BAi3q47Zp9QGbX1DzI5w9oYPtTUGDdLZpClat0gKKcURLG6oNQRR5\/a\/JtzIWMdkwQUx7OfFsqZADmUiIoX56wV2pU4xEtLCFSctyPKTea0f+AM857zRIxI5doKRMWBQCReS4eJtI+yNHDXx6msEsTTh2FP1cyyPpHQPXWO68SFhWiSGQJi6ng98NXq4DS5OGBxniP3A7SYa3ygAOZyBymKqUpag9lF6VLHr6ZcfFBz68AaXUvP+0PP+sUaVWbv5GAaFkJhjceA0c5G1AXQAxAjwYBgFXSEHCZ+nyt1bRzD34wOG9Ui9\/G1LO4TKEaGQ7LK+XoEPq5xZpNj\/iZUA+jo0DVw8QZXc4bgx8e0jAquDv2o3cBMoVWhbp5uoSPs5qAuuEJPvn95LwoGyVBuftbARv+sEm5zZ+no\/WCBkS2bMuYrjzmfTiTl3Zagm49VDzuUjI8TYTYcniFkZefA2AU8ighAo1jD2vIVqP6oCcqp0gGjHWGXQJpIi\/72JF8fqcMUaIrAYkZr327d7g0oopaslOaoi7acasbJkIDuiwILeD0eSjHNpdusKEqM8ru3UWJiUf+xvi88b2UB63AqrZi9cosVzKiZJNiYgJtznIFN5GeceVOKOMBQX4zvEc8NWY\/ph7nUhzt49aTuTiYeNXwsPqA=="}
 01444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":1286,"midstream":0,"thread_ts_usec":1616775370828465,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1616775370828465}
+00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1616775370828465}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523031 bytes
-~~ total memory freed........: 5523031 bytes
+~~ total memory allocated....: 5523055 bytes
+~~ total memory freed........: 5523055 bytes
 ~~ total allocations/frees...: 85907/85907
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 597 chars
+~~ json message min len.......: 595 chars
 ~~ json message max len.......: 2262 chars
-~~ json message avg len.......: 1425 chars
+~~ json message avg len.......: 1424 chars
diff --git a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index 0fcd7ac39..cee1985e0 100644
--- a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -1,5 +1,5 @@
-00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00670{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621417111064920}
+00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00668{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621417111064920}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111064920,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"}
 01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -13,7 +13,7 @@
 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1621417629532013,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417629532013,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"}
 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417630732572,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtVAAH4RzqKTxFoqsVYuzvDPAbsFTn5DzP8AAB0I+raMAglwITcAAEU0w4P9mb5\/3cAJaj4ppvPVfM1e79oi6647O9UrDvxHMvw6wV760XlpSjd61VmKKMxqPGYPlva3z+F06oB5C5oudSH4\/k\/HgNY8EZ+f1zMxLEV03HYvd3eyZ2Yigb2EaaYwKjEGJTIAPhnFqoauAh2+NlX58F7j0QXxOBZNFmYxTg0U2ixrG2zc81LXcer1hlphJjt2T0DJryb7+H37VnCGZV28ta5KuFpJCEHU3Fd+Au8hzAdacFpKvFNnEUxffVdh7LgBkgWaVuMdCe6yQz92ZCsCzBLddU1kYPj6RsuYCawbvUqb562kpiZjfFkIOttpasGIi39tj\/u4v+6d8j28V1orGO9PZqXvQy\/8lCwyfjm3k0DcU2W3\/tOXF3YDgVOA+NYuef5dsvh8sL6Y2zGiut+QW3tAqTRsL41MM+QyzTgsUP92XE2REPCVdMjU+ZIArKLV+PZhQEMEltTUCaVI8sN1kF3tnGaBAFdJ4MLfX8o+rvJwd0AlR1I0UPhxZm51ZaCJ70wXahMqe33eoOnF2efrrFTGLRJVQjJzGYGviNutDC3KeXcpbH4fXqHVXwA8L1ASWNywa4RobifRQWTIDiyeTm2aFLHckbvi5IJvvPvnpIXXzVtd7lNSRojof7DLLLHH5Sh9MJDu67gcXOomZlUg7yOcpexQNUN75dczjIc2sRYYZZrxl0OgwRBDav0XDGXFuU5WHO\/vOp5NjVJ2UuXp7FsurhXvGJAbAE4FOp7kuYa\/ApYFR2pqTRIboQp9DJdarbNibXR6+hzTMq7WOo6ePO5+ZILoF0GFYVO5hMThECA3Kc6QzOpREKQgESXdX5ctFgyHOQKvBPOVvSMrVyI7tKQV+CCeeLPyYTVggovh0hGzowFxkk\/NdLeFz6rPoKgRAyda1meb\/KkXjgYf08b4foJ3h\/6I0kE8xiLDjSKXk+TeI7hUzuuZbCPA9dRpZ2MBO03rP4oKITQG6AljreAq0TtXBhTVlUpi6WqLB65hUZQZmZ1FngmVJas9iH\/peYm8YAq40PQZFcepCCybIMxESKXO4wQPKParQ72ob5VHzzpFoLivQA7oY0yXAuRPhKkZa4cB\/ZEJyab5Og2\/1JA8HV9DelwdwjObFO8YWZySPL+5lShVsPkk6NyMIkgqnrPUZ9429DxwJZF9DRWha9nyGoqw+0N4OtE48TVTIojBpDvcI\/CTXNaRCq+NNQ\/f\/RHGp7OL5KL6+TDhKzMT+zzHQrhBJpIc0hWz5QeuCYul+OTpdvjea5r9+J9nkBp3Vj9JMEQ6M\/iXF91ma8TRXEdDqbKAg449PYPC8M66hwolveyS+2EObExXYBklmq6YlojZm6PjsD8eUEaG2RTQw6TQqIOLKW+jsLOLrD0Cax9gUMArAnhTzmw\/Xkn3mdkQzSWVu4aAF\/\/d9caBq5UL1UsyZF8wXlxfJlBBp37aJpG2nKuEvm6BF2LJ8drxqSr35iQyCsS96IaxNG1QT6mySn6yUJJsBFTQe022CdM31VNWaRoaHtpRLujQgB56qEnNkgULsTC795AnjwrRgWfonX0MDkzYh1F9HazGYLRzSGrlEb6ozqXsakFtOHCe4RE1o+khHM+ddPw7xhK7MIQerOF\/fL3TRBMI\/AmEtXrZOePHMjy8JY1G1\/MYpf\/tT4ORBCPsA7vaoI1Tokn1HofUnqqv2vleftYM6lBm0h5quun1SOOjRX5uNSKqoAw75uyHCkFAUwF+izoDgpIEEsrscpvjeKdQ92HbKA4t87cdwGTHX5Qo"}
 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417630732572,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00675{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1621421253470357}
+00673{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1621421253470357}
 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253470357,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"}
 01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -38,7 +38,7 @@
 01023{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
 01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
-00678{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1621425498439786}
+00676{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1621425498439786}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425498439786,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"}
 01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -50,7 +50,7 @@
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425516873917,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"}
 01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
-00678{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1621431299729996}
+00676{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1621431299729996}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431299729996,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"}
 01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -150,7 +150,7 @@
 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858501078,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"}
 01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1621431907429875}
+00681{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1621431907429875}
 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431907429875,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"}
 01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -174,7 +174,7 @@
 01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 01056{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":177,"global_ts_usec":1621432545371354}
+00681{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":177,"global_ts_usec":1621432545371354}
 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432545371354,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"}
 01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -249,7 +249,7 @@
 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433110371220,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"}
 01371{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1621433283660100}
+00681{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1621433283660100}
 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433283660100,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"}
 01354{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -322,7 +322,7 @@
 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861875678,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"}
 01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
-00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":325,"global_ts_usec":1621433949433327}
+00681{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":325,"global_ts_usec":1621433949433327}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433949433327,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"}
 01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -344,7 +344,7 @@
 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_usec":1621486316206218}
+00681{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_usec":1621486316206218}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316206218,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"}
 01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -365,7 +365,7 @@
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1621486385780013,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385780013,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"}
 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1621486386389522,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486386389522,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"}
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486387592524,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZtAAH4R2k40uxSv0OWdUcLYAbsFTgQXw\/8AAB0I+aKrjQG3wPMAAEU0xCd9oY\/N5GDZbDE4\/dOAMM8w9gJlBMdgsJyYzUVv\/0YsXpimfRnBwl29RRLJpKiN2vb9qt4MuD8jjaA8\/Ma4PVpfwUFq6LbJeRQBUGSZvMkZyGwkFinTbjgUyAkhfj1a3T+A\/pYdS+eiFki068+ZjjYzXXbovNfHhBW\/avWnLZp+g63\/0bEApzU3SRBSWovLccBt37mDz+\/X7ljq3jZ56mszVdUjpMySh8HlAUXPd44quqaILcmJ3XzO6+AP3v6NtRf+Ez4FakJ6ZHTyZ9cxn\/M2cpxjR+88FCSnW4BO6n04wyVghjBoPZKUE0x\/efmEPxlFiHyK+V\/S05omMsEg4KyTXtoH84NLY9j6s\/sYLuTGf+1niq35+5vNk7z8FQTqkx0uUQiJxEBBandMjRYJziJI0IUvx74FTlpyyrzRdLO7m85Wg3l6V6PR2J\/blE\/cCYxryipemZLCaQtm4Wt1XvwSrBDG9or2S\/o9aTdo5cLlztIANl8QlKqMe6BMy5b8l1JPu7CoRhJLfvOYoN8EPhRAEFr7S9cgoTIWicvaNVMYpqyDloZuk4HrvgDNT7BcW0+GudrrH\/SRagWbVb6HF\/t\/HVBpJ8wtp6qBqTQubvJiwnMW2kyOr9zCX4HIZlDeMk7wncNRysDJVtF98R2OBfM2hFkrBJOSqWlBpnPOAq8ld9BhIIF\/KOOrIQa5umfeiYL4pA9ewygJg8JTfKlN8AVbT1Fj0NqzKXvt2naKmjJNcvMDcv\/sA9XSuRhyBH+Ya6lzfH+ATMfha7m457kJ7SDdJC9RdTvl3MaNXuwBcPVxgMkDUAwanLgj4Ha5wyi90iwhgi1Fv7yhKuHS9dm0DR6v9w6reCyaarbb\/MuTQamIHgAU1JnxgXNVRb1+8JE\/p8JNxCNRubXAe\/LfeqOucvaqBptZocLopG3UGhD6FDdFEMPBSubwiPFIl8iSb7adiJkvTOl9R44Au33DEkQDKqma1vEZdngOkX2y3a6i2QlLYezmNetOVaSvgh6hWKH3wPjmZv+KbKBxgQHwgeE8LBFdhp8R9uXkyumqod8N\/2ZZoNsIzdT9hG9MMIRbROhqoU6YXimXMLMobsrBl20jmZZj81VfqHvhl8TR+vZyq78Bqp4u1jryKf2imnuEPBKdCC5fvNlBb7xs\/sRBPvf8csWmkLHH+Y+i2jvExRNzaNjpNbVcSgcynEzupt0GCBmnvQNrIguvrmnsw65Ynm83oGpWNnPwZnMaOrwRxwiAoIKWlQmm4KMGWUp+70IslYOfcgLdLJTLHeMC9ZrqLEXBcB9v5JEr6k48H4VT\/4nsaMcRUoMlCbvZVgXQrDWhAVWD064fuJmpaQD6sC33JaBDQC7SNYZA9v8xG04uqWAaBYhq0f4GXZgWCf\/pL0xDIQPr5LYmXNQ8oR7baWpT8SnrzmKtfZm+3Eq3mkta\/zSAinzJxR\/hv\/chAQRtJPuytYaLuIFjJqWGPK43+vg4u28ITj3Lo6sid5rW0ETnWXiD1HWPxLeqo9IaxINyUG3VTbEXGQAy9RaFypmaGa9wl16uKZH1LXbQGs9n+Mszgvdzu9j4OQ2ZoJWk3bI+FSt2JRKGdGIT2nmFeFyt4OvnEmemYlsSr34VtmNZxUKNLrI8H3TIjqGgBGqAPbNjgCzNSjbgcuAZzfm14qerHKESSs\/NgV8nbw4APrHMEEPlmmODnlRp9aAe3QL7ti+0V2LpiS20xNUK4EL2ygfdueMEB35Nif2zIIDr5vCmLLJvSvw4V0PxhUdk"}
-00684{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":368,"global_ts_usec":1621488172593774}
+00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":368,"global_ts_usec":1621488172593774}
 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172593774,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"}
 01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -375,7 +375,7 @@
 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00684{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":378,"global_ts_usec":1621489064431574}
+00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":378,"global_ts_usec":1621489064431574}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064431574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"}
 01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -383,7 +383,7 @@
 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1621489065332574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489065332574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"}
 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489066532587,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarNAAH4RWUyfdbB8xkodT8LLAbsFTp+7yP8AAB0IkZSau0whIqIAAEU0BwsuzplommaW4cOaNFNfBbVlWj574kTJFs1IYQY7jVQ0fwx\/bk9uBa6dyqdV5eYUbwLM5ll3+0fTzjfJ5LiGnGqI5Dlx0wLhOhBEm8o23yMxuEE8j5CHpPQ+VGJUpeZ+mQmUJbCKaNGvU1hK220dqig2H0Q\/gbIDGyIA7e7tBju11nrn2OaVpWiUpR4kalTiyZLq83YWTQgWGefSb\/cUS7NgzFQJ2nQzhWnex03MLry4hcuLChwZCa8vjowX\/2FQvNLcvL3FdW5gWHFb77eW4U\/0LuZGiwPo\/IS0dGqQV+TXqFUfACRHequlz\/IKllpcJbNsgFQl3D9KYJvTmLTRoPImJKZVZLY3YHgMKuxjB1IlTbeN8kL5LtY8MHgga3G5yCRBGDhM96Gzl2CtyQKhLkdi3zZfBry9PliaOCJJaC2DNZSO4nz593tLRNIUgTrQg+iZm9ArqUx4MLMnQx+7HD31eaEVoger6BVTifDQfkSGk9WUl0iP2s3iYn55jW2oFPXFsYzByQl8Mc+UeDW6UIqF0upRcHTA\/b4bvHXC4\/8eNk5gdzrIwHcgb414kTxZls4asGzJ0W5bv0Duf7URx+ds3cxXnqyhFqMAJkzfu5PRPV8afX92PdSxbaaQY2c+HY6oi1t16lX25DMWCzR\/2i45LnRmmy\/cWGdhu4nTtIwudeGdTxOTSYYzbNNZ5UeQoH80GmJhXbtrKMR14NmQHGikeMaOKxh5khhzNxdFk8Yc5nc91u5\/Vn0EaUuRHH6V5v3jXwrmscId\/p\/+IcsxDgUkRGCvT2BnSNjz0LhtOXU22NQOaepyaOlxUeVhcEsgY3RMmFKEJeT0BeLoNyc1uWgPmVKLC0jsikqbO0jS4TCvNYEII1FUmgBKlYCbERGfw\/4AIs0eCSwNzBVTgxzxhM36lLetBO7hfljteKmINhilo8KEryoyuijyIwKrnRih8j655UyZ9wcDspBaTzhqw5pvDXws7coJTgt\/yfA4Qu5\/6c0RUk5E5MDuC8IKLTBoqYhExNGMuj+7\/yKKf4y9rr1s9fbSiCNeOKRHplYnbUT323nfZlCYXkp5VDnX\/YoU40LCTsj718e6+EG8ySkGbakcxA+ponr8Q+gjyl7ZvitJ8UGeSQQjl5bDlVs4eBxZnDhW3v8oumsrtBE5jyhdAaWjCeWgLmtqIP1pW+qbgKtmS+2uZmLdDd2h\/Lm8q8XsWb9ylDAL\/+Ay88YtGX42sfaeLNDbax9DlFOP9zW8h7xjs2PFM1\/Dpr5RhDGyVLS5o5SgWiA7LRO2oX2PiSV4tfxAJpOp58y+7FaPMKxiX5ycCt8WNxagUgUcvT+wAFrI+\/tdZ7PH0UjLnAfb9\/w\/CAkoNHRgRsrT9AdvAgvVTWLlxz7F6vl9xpY8k\/UjXnBEZZ\/k1WgFgWnJC7X0Hmxg4RC\/6WGy3HiFE3+9FEtKhPeDeZFXsxObk5bbl0j6vu3elRRXFJOmOGFLgLZiRONrt0igKi5FLGOTbJT7r39w2tcI6Mkf1jc0m8H8TZUL2nftaPg38iJFf7zLFUO4hmLd61GsBtg1NEWRRlp4QCU3ZGhPORMimertfRfyKcxuLWWMMuMnXXmT3oBV+TahXrCFmXld3Lvj6ObUUMGVVd33nkh\/+oRGZ+wkXFar6RgzzYjK2\/1qR6u0v2GHpYubicuiAcbx7ADlkkHgoIYyE86p+XR+iPd6dfk2GmLhHZOuetz02fYoDH7XGZ+HdJ9svlmmPULKbBTu9ITB0i9CLhX4LzBJn4Q6"}
 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489066532587,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00684{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":386,"global_ts_usec":1621490937698475}
+00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":386,"global_ts_usec":1621490937698475}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490937698475,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"}
 01361{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -402,7 +402,7 @@
 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490998210174,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ9AAH4RpiA0uxSvbKuKtt7qAbsFTpUkwP8AAB0I1Car3PgqXoAAAEU0MsalNWrpYLQ18ZAibnOvvkWZkLaIOwbFtZhqtVtu5TLZm0soV7JG76EmzAqx1qs\/svpEcqeI4pSwDtsl+NK2QalMMu5vgg1D2hPQHGIt1aS4eoayRIJ3VPcaOSNDV83C3AR0mv2KtvC6teWdJygUetGxKQ\/UYJ6QLBDaKvUCmZZj2vZVqrvBuwDyBKND1rK2QqZl6RiUTDCl4nSVZcyRuOfLolF7OYJOPKZBD4t6WG+TGHM79LiymXprKcILUBJ2K1YaiLCn1zs2+vDUCMAWHQZyIbgwM\/VjHVtWoKynWtpCDzCERMjIJ1zxQJ6tDBzSIdjb\/kb+1tQF8ay5gJWSCph5fhN3WlUXZQDaBOKBUJ2I9dopD5QsCZmrDh487J1TehodFvqwYeDWoFQ8srWDefQk8SoiM1XPeVmNODrg9QeE7FRqxEMYSAJTscHu2ysTRpS6u0nW7YzbouCZVKIBWVyFIouUM63vfE1LhTevhKNyImiHdcWgdhveodOPIQdru+yJ\/CMsThCPBXufZLrNRtOOOXBr1ZzyP+aBX0McbDQcpj+ciAJGTJjSHxWUmDDQspqx9narwsCPEI+v4ArKERTnUdu7\/6nOi7J5uar38mApB2HiANKRB\/OASqUgAc8ACIO6FDIFjW11hEEAai48sDt6vBB9ZO8VrPaXnCSEefYtr1CkWMMDU+8J6J1a3OUjle5I93NjA5n54f4ZpYHMAyPBvVedwbcLoV3w6OTQ4NB4vwrAnUm5p70JkUO+3taDma+0+invcrNJGM1FG7anF4zEieOhJtQ4mllfkwjpM2\/x5WCHhL3y7rITx2sMJSwM7QBFBt8JhAn\/+JK\/J1kmvUgqqAXL\/MeNdQiGOMogmyEMpcwawAYBv8KuiGxOfzlaQ9nyyxUodzR+YZRwElQHmn4\/cv17nYnXqt\/soP5mHB3jK7WInbJxbQtyjf\/2E2taACT6y4sbecs1ieQ7lPKAP8SRjyzKNzmrrWdXqI2Da+1Doo\/BmCV8A7sm2\/elK+9FIm4M\/IlEy+KLnlG86XzY2C42ChunILwweHBE9RNiC5L3JUHBdmZB8qhCJS3Gyv2i3tAgkYBYisv0ySZ8o\/0SvcyE2DQpP4forHbdy6TdkccNmXvbo6MS5QfnS4suI5biaLo7Bc\/MXSst\/E93BkvPQfEuie00Py4FeFONibIef+lonUgkkBPYpiKLNmUivROF\/dSQinZWmWEdroeZho3HiywTGBppaxcVTuH9qcsHGSx6LJBydHlbY04gLSBtjiXE9\/E0JsQcpK8dBe48AMIRl\/T0NiDAJ3DFspe45EgGog8S6cx3njyKHMlH0bDH8ynfVV0XI77o\/FZdB8rdeO654rA5kyXlMYZ\/2swLInXPTRDn2WT\/FyseIu5So131zAfhyOaP8+FA3IhKXJkyNVNc16adllGwYmnKZap8VsalJ+Z25vFfbFqb9gqxHIFSDP9ywoC9aWwCfT2DI\/I2yQM1zWc851SNzpkt05NV9qoXzAV8UPMCE786OxcMbPijrx6UR\/Ej2qgdhZo\/W1ueBLopVSUvaLmnCe6U2PPHmg06ma634pfxGhtn1YwmbXZ7aZ5N9IM7S7Rl2UQkH6MpHEKmSxufz1uLW5e+mbeiCjtHWlwuJPebWcZipkjfontJFtxY8JqWR28min3U923U6vzulHQmxO+b1E6vPO6sxgCl8kQJJugJj2mdMYA7iqdA5aBhULx5lZ8+Uw728RNXoKYWbNt6Dmw3bihemdgHf0rN7ObJT6Q0"}
 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01027{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":405,"global_ts_usec":1621492846202030}
+00685{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":405,"global_ts_usec":1621492846202030}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846202030,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"}
 01376{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -412,7 +412,7 @@
 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":415,"global_ts_usec":1621494599158885}
+00685{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":415,"global_ts_usec":1621494599158885}
 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599158885,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"}
 01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -420,7 +420,7 @@
 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1621494600068782,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494600068782,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"}
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494601272036,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq5AAH4R6Ts0uxSv0OWdUcmjAbsFTlPfxf8AAB0IjEZZ7Twbo9wAAEU0prv+U7F0wdX+izhf538Ajti0HKLGYuh9e5U6Y083jD\/QIudUgm1tYlkI2kM8cWbsQ+zC8GmWvIe9R2LBEf03sk43RvCMkoIhJHFcYa\/R7mV9IOlJWhxtrx+4DL\/Ff\/sTibLd\/qSnC24us3y1TFX8\/ZStD1RSAktAosgZ4wiTdFHkgawgHp8fWdI2t2s\/f38VKNnu9Pc9dIzDRZAEuKYsDhH436g0EMRXk002f1wAuTiTiXes1K42qwRvaem1MPpvNUcaqjarzwaBJMbmEZ3MZt+3q2iR6fg2WHuhVAnDc0y9+VtRAAhpESOqXSJpZsh2Mf8gCOlmP\/xMjfZg9cH88RFprtur9A\/DkRQnUe12QifWj4ykhp3naaUCqMqCGZRKXI79KqstmUWWEgsOd+ckZ83E2BHO8ghy8VDlrP3n5Z0cwuHqlqX+4A46VKC4s3MeThym\/zeNClA3QJGTQm99L9bYjtZe\/hfoCsIGS+0FyHBR+z4CuR6CIghEZzrqdZCehaPFn4uBPlvGIvKSr3TJa9FZHd0+TR5haVnADGPEze1B8Sd42XPi71apcKerlcTUenvLHJsLB3ugmAjsTMt1y8xKJvVEC6U3+MABAT8o8cyzzhcJL+QRVFNOwdFqpz10Gb0bNCM5tYLS\/+WuwnSBlxFppLfz9FUqxkHdM5y9iLf6QLIZWjiEJiQ+KV15o3keVzVoq9YS4jcfqwVvJMRWbqRuTNKWQ5apS4g+Q+a5K6q2uFoa7rUKblp7u8edlevenqLtIJ7idXc\/Ehqu5e9o+MJpdtgY1ODSnxbIq6tP7t7ZtSEsZAoa4PXSgZKmcc0GkDVq8kM9HhlPycMl\/GyGGBE\/Y8sAVcih7lnhYPhG6I+eBJZuY6wv5NAMIgo7fEzKAeWbh24aVTdrljsfq0+dlQ6dXSb1flS6eCU3h3h9wPMjNT2NWNxkKl\/NqEOG9GnxDV09u3yw8AA3OKWMHhnsfoAhJ917Vt3wyuwEH53E9vodhpmpLN4VGqXr9Y5istpTcHr9AXs75pucnLXRkHLhg3UmAgoKQ4pxH9AQcMlJKUUNzPA9qgvb3nU3j7MRRl46acIbwP4KTUWP7yYFdWqPnhJ3fvwOvH7ugqM9\/RGl9lJDXk\/nj8AqJSNeILT8U5vIgKhmf5nf3sxT9i8Ks7KXm0Yx1Nk+4sc1TFT8PdLe7lL4bzFLnxRapDpK2af7jy4lv6Pa\/BZDHzmVUGKCpKoAZPE+zlrO6pJXTTJlWqgcrKj2Tqm\/suo6dJqGGNe7s3eahMi9jpxuJ3YX4KAZoObAPyhuQ4H0a9MJQqNDc\/ZzuRszbZPKzxd4hivLrcn2tMi+wxGPij1ZcPLnzwwMvEr2BkH41pHllJK+uB3pS5STPRWdRbdIriBqiR2vLu0kzg8p9D\/rypfR6\/5sLwgYcovdb1RQ9aHb8y15hD9fpivmLWCmYaWLlP9\/nyztdJtf9F7UcZk67Z3WV95ccKRpIZqV7eDN9xlWf1lu6NwRTvPxPX+Rq7B9tpA0dJ1VsCvWBmwKcUKBnMJyvWt0BsYqviTt7c5\/dfn4FvkbhfBgQ8P6cuZwMFtSzRQamMxlZu4cb54asL8l03klv9yXFKpeYFgactkCG0i8jq4UIg6g5gpYTUpuMs8x0eO\/HFi4Hv9wkBepGucKMzD6F5qMf5hviTeSYggr\/tBofODo3FKxI0UzrQ7JDvfWKNRM9+0\/lD9RfQ4DCr9AUTzo\/4\/1pmzKIyChjDf3IPCKdJdReH3k0FK5ov9cVz\/P"}
 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494601272036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1621495208068843}
+00685{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1621495208068843}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495208068843,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"}
 01376{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -531,7 +531,7 @@
 01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00688{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":534,"global_ts_usec":1621495911385504}
+00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":534,"global_ts_usec":1621495911385504}
 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495911385504,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"}
 01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -547,7 +547,7 @@
 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":1621496438462569,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496438462569,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"}
 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496439665849,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYLBAAH4Radc0uxSvxkodT\/KiAbsFTlw1wP8AAB0IvPCERtRr\/7QAAEU0RMZR\/c4tn3st8xG1jK6DhAREMBO4FycwIijipDGX33cbN0C3+bsgjYYoGHalVFDkYs2ftMTHhs11vLK1rQnsFtTiQEYhzkshZi\/uLzctRyolFhFHSDjCjKDJMcXIs9obpByeSIH8jZJZIPmWGPlHTZXamH8s4vrfSGPbq02Xdwwn8n0UxFCshOFU6UauULWw7dyYPe4SjTsZrJnc1QfbwWNXS7gqUJeBunmttTv22EfV5GoMfGTcChj7EHFGIA2VrznNmm\/lNfLcLPh5KbhgIfobxo\/NSOBjMfCwFJ0Xb\/2TlPSjM9auOpr8hl23J+M+H7oTDFmZdSrcloHyQQBAYKeZTkpVJYM3gmQjQ8vDmhCy1x+mafPHnT\/kNaeeAZ4M+0Nv9U+fu7oBt3x0CP4kElUhHi8jS4I98DK2HvIxnP7SfcqByAOV\/\/dkJ+A2ztPjwMInWIn3pYqTmXZFVgxMsomM88R\/D5EgZWj\/+homNPtc+Rvh19icRn+VwvNgqYfLaJtwKRnU0sTP4YJS1rsNoRXJAEHVr8+LUuKhYmlrB2e0Ks0Hx6kvvvcmfKs2YqvYxWSjijdvjkHgCIe4iGFGm373d706t3kTDyq2vnLcDALlHhUSspxS50sBp\/X4J\/Obmz4u2VcSFRbgIlrPD6tQCJXCbtvmr7B0G2HzkdAz+y+79j2ymK7kXEtdy5JlOEzaCJWHB61Pq1zrRTSwvPxBgMFBlf3V1aZJuMeQxbw9pWF8QfPyQOy9MIfoE87XI\/pUJ2aijtoFDa2IG5U0RKi+TQ6Yr7sUnomvmBLdRhiIEkDheKEiZP+gPuweIwNQ3SLKZY0BkDAovO99qNEwJseIWua7WgMj8w6rQI8udQA9XDchM7g4qyJT23H3WrLekWZVPWSnKMJz42FXxqLdOToodhQ\/R34KTgIV6SlQlBbzbZ2BlORkWUYrIJ1NonEAr9MOlDbKNr6Xt05SZJHOnpiWP1mRTm3SDjTOC7TSEWcT+nEdf1GEJYFDGeqTX2nnOK8CRVWSu\/V1zPKbWrFU4H8QVs9sOIbDwmkddGcgULHaUIxa9IykvIwcTJzYJhg5f8B5tlRNZ4RXFR0sW+LJD88lFs\/WaRnbfh9almJ6oF32c3OI62nc8ScewCpufhoxg\/n6WrY7XA6Q\/4+akxpmQ9Wc4ZSWGmFibHYuYkc3bktMuQR2KLovT+u7dojOv7zWuxm6EAZnxQ0QxXu4DVqn5UZThYJdmPj2kPgxEoLI7kDvftmTRWKbxxxJURuLYY53ey8LigeCIzMYssMyJ0lSy5VLajuN7pEbHnFeLat8RdeT2a8iEi5NpW0jrJCa64YkFRGNG\/1RLw53JyFAltEGL8I\/AZQNy+LaDxc5GwvozkDqNstNabKIuPZdAHaK9uAbww5+qb6qWkmwYyvMesNGpozi\/ecN7nsBrBBgGhw2l48N\/Q0mB+MC\/D\/SktFImY9lJZse\/D319zIlaeUtyW1Y2CM82sNULg5DKAcuvJSLDlrQiIksi89VDc8UQIRkt2bAmBr7xFXX\/6GnPlePZLhM2vB+b8\/Zd\/lPJCs8gMoXW2fwieUibwBhARfI90eepr+yjUom+bVIlsNLyM+cdw1lMDw149\/6W1iOlYUIPc312vlJ662rsUHM8lEXa\/CJP+MLob7exHeHrjTRJoPgE7vtKIdiZXgafWX0YCPitn2LTO9ApzYxMOdRF63lU1N7r2X77i\/36gRXKSjFwKiLjoYZox3We6H9HyMDKh58MhJtykTNxI0YA5lf"}
 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496439665849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00688{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":550,"global_ts_usec":1621497523457937}
+00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":550,"global_ts_usec":1621497523457937}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621497523457937,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"}
 01400{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -559,7 +559,7 @@
 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_src_last_pkt_time":1621498082422634,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498082422634,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"}
 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498083623668,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYR5AAH4RYuGfdbB8xkodT+8SAbsFTmzBxv8AAB0ItDBJ3NIuqUkAAEU0nS+0w4blUhqvknb548XC\/yn1Gor3DKwxlbB7\/uu39QS2DSpEDxyStWc8WcyIZ8c5PgyX14TZwIUytEJlBS\/8n1TweCLcrbeP7MgpZ46rFSzOa8D467ZWE41EpukRayYejde\/G8ICnBqzjWfBvyq0jhK4mOUBCxRCcqSyUkDoreKeEnJLy8KsVPiDiYAH6DNe\/Q+lDFvSPyNZGxmCZOw8PnKQy4k\/Xv80GgnSkni9aNAYcvDCEoum391\/coWdVWE4L\/zhQJ7j9tpmJISaUR41VIJ1dglx\/39xJ9\/01vrSa3OkFc5Fy8BBj95oba7xwYHIRxreBnRxTlNd4vpEEdFCKprC2EHtxSZ4P7Fol\/19yabIzVGfrXk7pjZZBFfVDXyUCMzmvdsLWDs9LsNlyoQzMKBuF8VoRMmcfljrP3a0FiPAlZerqbbAf8Hu9eIZYsm\/yugGEdXwEKyhjhu1+YvDZmSjAXdaXqtRafwUvoKJvKOD58O\/gEeME2uLit3LhKB8oolU4Y2CeanLvQ0Bd9uGIdnp9FPSHwJRfgPRnBkYxuSiBlo9b2+yU1kPEnXno4jwWowGMmlPGobjvEwtGiJFuc3qBeTVGeRb+oZK3yznz4ooQSL7mIPohmeRd+Rx1zcoqIwZW1r3WTSFSh6GeCeImPe6iGHbBd0AtAFB9ICL8ih0D3yroNz2Lofe+8Yxr\/6Xw3g\/0nD2+ze94vt9qGWiHYwCJRDWe5C4FXOCx6xvwiSyBPHn+UWiFgdNlhpTeCRcxWm3OvZX\/3KpH7Z7if04QkBeuZ0Ux2FSXC48W6s91+35hS+WqQ8flQwk91inucMSRf8DrQXU6HLzij8d\/ufZ6cqIXgAbCC3+D\/5UKeQzzuTTA+cxHiC6MH8M+mCmeIocfg4VLht4EHV9xXYOfIHuXNskqxmXPAFbOph\/wnHE2YELf9Ug6M40kxzp5GfscSsJ4\/+F9+X88vGFNZAYZIQ0fXbJB9drC3AzgiOz\/dQoJBhH+NVAbbzi4o\/epLdDnU+pCCT3pvyBUiQfrYugPKfQ3C2nMgHk8YjjSoRW5j8rXdLqLftjCDZ\/JbG8rfCMd6cuFbBeb99wdGuxJIcMbwc9cvILpE19XIAUn4bvD2rqIm+SuWfcZWN\/9CNoNkQ2jrjPWR9LCDSA2u7MXFGhJoFiJrKEKwS8t\/w54Lyj1xy9zd3bgRKOto7BBzM4vobLG8+A75iWZIThG7vD8dUjCxUGvUG94fK1WBcP15ArBQ91O4Unb2X9Ov1f+Wycl1LV\/vwSLkZ7cTAKcJ7vKj2\/FUCYwORzVtE1I6aPqQWMr3eyzVJd8NVYj\/oBBdZHgOCokcrcnonn3Ps5fOiei8JlcX5P2LPy0fe1eyBW58+eq8FRuXxFch6vlwcR3K7lSz6kwNsDvqSz8BLQpPByYiuT5CXy8ELiCcWnqEWfDGSOlabrYQf+epIp9hTKNLbSF0V1NCtwIuAIDHhYy0je8v6cD8ExDV\/42DBww6ZJIEudDTA4IlMUEsUfuKZLsiCkicFbZ0\/4oUGu2YL5L8vXNUCUXk\/xLVLI+bjNLfRZlL0AbjxkdJM7VUIxCP+J0XO0kohpW3\/Ez4AzicqXaasofkO+aX2iLfksl8z1jppxUjL3We5lUmH7R6ILJpZ4yqty4WLx6UcN2I3UX8FIHoMXOeCijmRnkv+JLDGY\/cKbpQdcVjWO0QYhxTXVm\/89SuOJEwvL2\/qpMBK6MhPg2sAuL0mqP0\/yv8rnHP\/KAsfjDVUqlpfhSIqeHhMh"}
 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498083623668,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00688{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":562,"global_ts_usec":1621498212950392}
+00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":562,"global_ts_usec":1621498212950392}
 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498212950392,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"}
 01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -567,7 +567,7 @@
 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1621498213850512,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213850512,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"}
 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498215051045,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd9AAH4RAMGfdbB8gPgYAcFxAbsFTmjlzP8AAB0I+oTf3zKXQjsAAEU0LsN5lwBuBohPIk8WcNk8VFDhA7Vgriyi+GRtPBL9m72qnSXpKDRNyBr1vJSoNoPBA7JyhuAi7fT1PX1I2vjlaUVWsgc8kYgBIMx8qP2kNZwqjvx2TBVJwAj3N+yw8LwNKtzFKB6+TMsZLYLIMH9IrqYxqELZBIDxLZ\/QF1DfFyVw6THtglw50C\/0NZTEx8NCLc1o5VghXN9CxPQdDw+1ARCQcUgGUtcrl6apsDZmCIY4dlws7dq0+YRFNo4nwVv1\/NhuhhymGXU1KbTNUd3wu7IacRh5ZozQGCC4lpAyCYdi0M0tb1cwxp4eVAaxEwbV61pLGvzhHonyk27mhmmRKXHZp407b+3bdtylhWuru4BdzonBsrsOm5yoIB9EcZSCDuZWdNfxOPA49dQ8yeouXSBTteMFZKZgN3gy+CscZNgJ9VJ3XzPbaT3Sjwfp+Imm0XMiNLMPk7vk24DJeDvfTOWrGVyb+Owny8XN+kQs\/4jkzKd16hVcK3EuxZUJ3YL7kvuAMcyXATuy2aPzq\/qUCR+46oadiBFjQ+AqJGDa4DDn5pIlThfKhuL8W2WSBWM9NHdsijsX4AWK52hukic+q66F+b8J8SP6Iv68MuXawvVhzPS2VvFOVeSwGqbo5gNZY9kTkE7ENXEwKBBGjbiwiavOCMALOQbsE0Yk8jb3I1d2lf0ZMf7DUTOkyO\/ETHwkbJj6iFt1bYdjiO9VGkaT2DXBf7gPHAW9I7xVrnqcXaMDPwZcM9to2oq6Cvxi6ZFATdSTaILAoAlr+WJp4\/x4M5wyF\/vAP\/yTQzIb2bGKZ7pnfl5cywlo0fgpjvW5QOc\/RgHf18lMdRrf62sRFnaPGhpKXITH65wo+vXJhObyIozCXX3rt1PRJH+wShh+XckrU4wJJoKVBUHS0heJb0mgTITG0CMa6vcPljLF3dpoi+PDPoTKL4V+lpEkt+V7VHXk70t1Fy5Sfv58RmyfC5FEvWxQlVK6c5Oev2wm2PVpGtPYGHcT1Iaz18hBeOf47ddsPXqsB90cLN8jZHFvyg91ck4Sa+OiVIavMiGozag7DsBiYZ8cGD54lHrs8bPj\/V8liri7qpsDuJ1FEnHrY4lxVPCks3i8hNv9ZRv3X6jXf+I3VEaeHGDtUw9oLKnCBpvU6tAubBi41m759hiTFL4ykhxb8tn5m5aeqxR3f0Q728RgZWXTlctXVYSpB5l3jpLSWwBfpB5vATfB5gT7GU8Bfiwc8Z2Vr3zB26ThoifPDKQ7CgBF7D1qETS\/A7QkJLZ7MKggZ08HQ66IgwIzaMcpZFaNRoYH6V6hXlhmGbG+dUcLjbMwKPo0h2GVYGOukOa+q+uiIK4ndjQ+zbiA+B8c0Jn0cMGLFWosA6pKHn5QCpAq5EbGETn\/U08uM35Rr0A3wjYh7mFCvIdwkIPPE9qgAa7saF0ZL20lJZhQYvUfGCPd2lQAsjRu6la+JaXaBTMz6cwgxShegqVQwQvNyeg9pY8ZQuPw6hNhqs9vTZZXrpxrybFqtjAGrnLjnih7sBWF4yhTe87scov4hgwKG2eZyL3exAqujf8Reu9i6mCyS+S2bvDYnaOYKeHR2QKLBAPcuhLrodBina385kY6tjQo6GHkGYmif9zt\/zLi7pZ4bmsZ+2NjxgNI9SH\/j+LReSGJv6SOdxEDpBda8SSsYwXwzAG3vi3mJsrs0\/wxjaF3kkbWOJvHnm9goo8ySx8hG3LpiGXG9HMu1imyQOH2gj9nhFLFvWx77NWlPWL60HtwRZUPdmPs"}
 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498215051045,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00688{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":570,"global_ts_usec":1621499083794242}
+00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":570,"global_ts_usec":1621499083794242}
 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499083794242,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"}
 01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -580,7 +580,7 @@
 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_src_last_pkt_time":1621499131747389,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131747389,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"}
 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":4,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499132950390,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavpAAH4RX400uxSvxkodT+9mAbsFTu3Vyf8AAB0IgC3o3GMiP\/8AAEU0CCLAunxqEvsNA66X1EEh+HbB3diR8XOH+Nd+j1EA4i11RuMwRg4MxupRcBE59Wr30pnjCvG7WwSJ+Kp3Pp36kOB7bwBm\/CUaK3NvIUefVeiKu8aB3CitnkZlHoeoNve423fK1rGAI76S5HRFw2q07mGxbnOjhM9z6xCXAfDBGYiZmMsHObjQtqpKD+hKkc9zgcNA5nnAz2gfra7JyAqYMe1ZUl7EL5EA36o3hG0JBLWzLWX8nuGkbVaoYaBg7t74Nq4rXY8dDvLpV8nmxcysLq4Jh5RmjmrbXKF2Gqj\/q0AATOUlwI7mcPikDdLVyWc1g0Xd7laqkEwx5KG+HewMfBJ\/fs238LI4MOjBH3XFRiuNJ\/1PLDSVDk3Xl0PC62nbYbDA0ukzghD9h7qydxVHb7ofbKx\/ss3NAcRz9V2REHASvioY+v23gDsi9mnd9vmwpZlpX0aQuW5jWCJz+S+SLjnOUxq0ePjaF+BsCsRhhGX8i6WG2b5bLSOXs23ZSR4DE9X65QwocgVyH9CZF7V0g9mD8Lei9Spa8\/tGhEc762\/3x\/1MkuQ08WXE1eb5W8FD7NrgYf6o0QymOpwaXeXqUpZu8j5oEpy7iwjhLsjquFYTlkgkrV5P7EeuLtxd9bB8K86LFk4PPHiiVjBA1ZXeZeddZ9IO5+XDyrp\/kWDHTHn125\/pCeok\/mbP1lysqSICU+SavcLclf9iczGDubjMy+HxKcYBHZUI180+Z5bQIezFSl936qYJamaCa8ycGTpRPgFEueKYfkAyAnZkTtq5DWZDfFdJrM3n+ClXxB3nxKxe46aHAdmhexAVCdEsAFZhkjBnpwyd3xB8wOgcTOS3YOczXzarKmRIaYTKhReCbGXIL1oX+CKifyp9K2P7wqZHv4GRunQQ3oRCPCRByLb\/J\/aYJExxgDqkp5u1fIotrX93+PYJgtNU+cj\/AbP5q4Ce+\/JsCepvzTCvwU4r7bNXCDbRqDxZklxSS7YxZ+4UU5WsxKBN2\/p190KJ1g2AWmz3B7MqmtEst0ASYrC\/yrtrXPNYy5yH9ArSVpHDkqpJUlmi4BU91eIZ0kox+SXJ6VvBkjf8ZEp+qR6pgJh\/uVekk\/u9xUsAwsqz57sKMqWdJ5\/nGXjyRlDq\/TRoxGCKPO\/873K6h+0HEh3g9j1rU3lTRcVdWrmf9kTdGWMxa3xA0DnwHoABYC1ea5FDCBgn7\/w7shEnRbLHvASNCKpNPisAiPQp3BojbJ\/pK\/MnTCmT3WADNrOZytcxn+S2gLTymok6rg6ZpsloRw2wTfQI\/OCoJoCeThhTtmIQ75lcKluNMBWyZH1zbt1HY9uB9nKZamEKE3DVrB13yt0D8U6wSKhAaZDUsXRfd9Gt7evuxhL4Hb8Z9WDG5xo5\/tD8LyG1bDFKIiO7hDbTQHIh3UEPxXajlTHhjXQu7xnGAM1vFyccMX6YrS9i6UCZLkMiJYmNzx\/ZltM6JUnD5gl\/TEnjyNIBP\/D22Fhijc8guhKm+73yXto0qQMlGkuxvrqhc+0bFYe2RRrd4hWPK06ywX38tLlMZiJdebI6FcNXes2NEGMU6jzVKztzylCcoSrevOVNOm2rtGAym89hwLgT9RMA4C8ctQlYlekEg8f08n6dv25\/MRBrtpe7HHK6r3bceeC6Mysecla\/Y4nnPZko5jKfeqRqbP+pdjqFGZXZTISD4Sao6OEfl9vauwPSKfsFkLUqIkOJ9X9gdm49hSkDfJ0GfseC3GLK7JAAq5DumcX0d2IHEvGxiYDd"}
 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499132950390,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00688{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1621500710201121}
+00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1621500710201121}
 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710201121,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"}
 01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -615,19 +615,19 @@
 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501305362623,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"}
 01387{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00691{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1621503088279869}
+00689{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1621503088279869}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621503088279869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"}
 01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00691{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":625,"global_ts_usec":1621507440293528}
+00689{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":625,"global_ts_usec":1621507440293528}
 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621507440293528,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"}
 01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","ja4":"q13d0312h3_55b375c5d22e_f3854ce178b3","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00691{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":630,"global_ts_usec":1621516392616564}
+00689{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":630,"global_ts_usec":1621516392616564}
 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392616564,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"}
 01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
@@ -658,13 +658,13 @@
 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00691{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1621521142479654}
+00689{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1621521142479654}
 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621521142479654,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"}
 01342{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","ja4":"q13d0310h3_55b375c5d22e_b064f0e3421d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}}
 01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00693{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1621521142479654}
+00691{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1621521142479654}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 179/179
 ~~ skipped flows.............: 0
@@ -673,10 +673,10 @@
 ~~ total active/idle flows...: 113/113
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7438110 bytes
-~~ total memory freed........: 7438110 bytes
+~~ total memory allocated....: 7439926 bytes
+~~ total memory freed........: 7439926 bytes
 ~~ total allocations/frees...: 89979/89979
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 612 chars
+~~ json message min len.......: 610 chars
 ~~ json message max len.......: 2404 chars
-~~ json message avg len.......: 1508 chars
+~~ json message avg len.......: 1507 chars
diff --git a/test/results/default/quic_frags_different_dcid.pcapng.out b/test/results/default/quic_frags_different_dcid.pcapng.out
index 776d847ed..17b5b665e 100644
--- a/test/results/default/quic_frags_different_dcid.pcapng.out
+++ b/test/results/default/quic_frags_different_dcid.pcapng.out
@@ -1,5 +1,5 @@
-00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705784462738953}
+00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705784462738953}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462738953,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fZAAD8RG12BFVQhSbkirJFtAbsE6q4WwgAAAAEIrEmJjdxFkOgAAETQ6cs6Ccq1pNEEMNJuNBb9lu79dBj1BHV7\/Hab9lo47p5QEhqAOkEybAWlnO\/UUjb4NU+PkZiX1pRszXdD6sBVUmeCUh2CpMA4YeE4QJuwcEjDjsc96Q8Lag2Ur2dgQut9eX+pvVWhem00MwzP+JnurbkOYrjv0bXG8UAjB9WdDJfutZ13Epk1gyOyIUoacw\/jKI7O33QkruZyO9W1GQCCTlL9F3R74VCm71ki+WOVD4MOU8pv0LyNGVqyEo8ejhTBmGCoFws200ZL6kkfWYg66z+siAVNmqb6vKP5E1HEJZ2z5CNYFFqT+0WVXoYVxnD34ZyzysFJBYGyoQk6ojEJZK9zDdPlgUI8MZF0qE\/ShwrgJOvAG2phbHl5f6Lskubt5J4J9c4QkMzee2Jd8x9HrCW313q5z0GGsChL+8HjMoxcIWigrz4YK5GwyyQaG1vkwh1F4gE8+IeaCkwkOSpQvvaJbKecN\/ENmgOUAGUxlyQ256RNVaWe\/8+Ydq26EGV7MfrrDdWkZYHM9PQicYW9i\/DAvXTXEfFHwTmjAuUxHPvPT3czKYOb+XlCne2qxgpAUG1\/bLSV9cya09QfvwHn8IIOynI109JqChvGflrmeVBcgKm49sFn3BCfmtcOEINDCwOMbSdIi6gDMYHA2e9QsOGDqMNY4OrtoKaqY0zY8BJPYwiibm2+OaxYLfSl5yY5nV3DDV+\/OmaUZaeOLTxkqgzNbcGGy+EKMUwuBMGiZm1s+IMqKbdwf47B+0uQ3L9xrzTyNd\/UBimDwyzzCC5DVTWpSkoaGPdYUL5ULPDMZFQdg3gyN0JAeWQE5sCtpyJPxM6n5cn6eSYQXuz5RLHnQSEIjGYPrfGCctAn927NxnBuUhq0zt+GFxY2Hu1WCZyRfqdtfaCbjbYtVeI\/qATDFE9k1Vvc2z7tMY2N5u4EP7cIlezEHd2oIOpjohnDq7x8jRSaBrjTaOGdH+xIQ+9CjorXTjXDDrtLtDDoDeIYnywamm+bbeVsURyZaR\/DEMJpkyMs0mDXwEDTGvA2qVTMY4\/TPerwkQGBmA6kGIsaVdjS1LRZLcehUz\/ibWt06viAClYVTm4338E28+FD0deA37qN0uW8XQIR8NiJzEKzWN3FoExkCkWiHqsg4lfvJasS8fKy0r0IvdItAdKsfn0WMLBnCmkT\/wiqJQVgl8SWYiNqx8R9MpgcViBuNY\/HSEDA70tGw89Ak5z8hfd4fKS0YoJxpKtNnv8ac2mA5r2HbskOYwde2nXbZQdUSUsyb30dZYaWdFbfD1Lhu5tlRhHjobN9008UGsR85mCVJ83Gi1r11vJgUYEvGQzSEy9A51SVShxDEJ51rTtjb9+V9wKCQgLJ9uYskg6GcAGNoxN8cmCy0yfsbGisD8+IUVGlMdIf2B1Ci\/Fjpu6I9YcUePaM6AlpyFxoNSDwiLnbHeo6ml+Mn2dcoES5nYkcxcrPwZ3sF\/G7zj4A2xU9en7t7VfJykqzHbAdqh8dRJk+OXboX7iMaxM8C2fnbiDU0\/S7jGzKBldf5wTAWUXK0xU4IenizCO1sVDerbRTamQb0ppLT6q712gvkAX9bRK8IkDAkj3WbKoeg2QF7tIXvJoPCKP+fC1YK8iyVjLMRjVpK9Z1dVU="}
 00977{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462738953,"flow_dst_last_pkt_time":1705784462738953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705784462738953,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}}
@@ -8,7 +8,7 @@
 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1705784462994397,"pkt":"AAAAAAAAAAEACN7HCABFAAT+2fhAAD8RG1uBFVQhSbkirJFtAbsE6tr7wQAAAAEUAWS8ywvOst6PZK\/Jqc6mo2Q3q0QAAETEZamOiLKnxk6+6clU+bXTzOstOZ8c5cXT9sNOoQFkiOVgDYRmMaFa3hMp07rCZDDbcZvWrgsFfU7hsDimjCDfCaxFpg7y9+WrTrMLHJ7+NnxnYBPWEYV6sprlAwLLTy1Atu0eT6PBpwrvBAiTtgOMIZzsREaxVgyOIiBvaE8pOc4qQg3j\/AHw8SfhZxa\/W99cgeTknlH8I5uVQR0gF7KYPHFhcqo4nZ9ZfnaE8C8zNB7ahhNTwi8l51ZkvuGDit4ilAlXQ3XsxCE1u67CE+Sl2u5hueBQ57LDuKRVYjGLpdo94jmj6vdukbrbJnYDLRz+CHBk7mx7cRMU\/ZW1EiSIqi7mtCFhWqnCjjNhl1xUWxuxAKGqBVUFIy0zxvvpj88WGMEG9jBQ4XmcNY3QAI990P57yQb\/JJ4FEaFSDXHWJt1h01m295zYlMsqEqpRN1ffuCP9oZF2MyLRHvXabXdeWmv5T0SMNkfoH0MLOJM2AfK\/lJaos5N+LVjR2zdrXtFZKZkcwmqXHIt0N0JD8FKOZt9BE1kDqVhw6P5CraB336YFQ30lhjgXUULq9Nr3PBQoyyhNchxfP3wwwJHfQmzP+zVC0OK4ZGeJdjizTgY2Xf2wkxnY8nbH0lzTDpArqu6S1b6XdyM+AmqyA7vz7boj7HsFRaFPDofQdmLhTaSybatWiHetudJRfkxG24fxZia2dm+NpM5leGwzwfhm37ytnj7antROgzieqoB2O6HIKkfUQZlmT+Cz+JtLWY3pa2foc7aWLPy8WaL0H\/j0I4KyoETvZYAXAvtW9NFuRvoasjFy8yYWYCtnvfFEjBU\/YpF8qrVaXC9\/ZuD+6n6mE8KWADaTh7I1lKp7lwIu2043Yy20yVUwe+DiGSXR4\/LGvG9Nrt+5TXrAsdDHiWwkynckC7cV4gPkPDCxkLbijsiiuHOQZUYSZTYNLDdyBLRiI2wIINNmQ5aGePmYY5ueAZkxnW9V6VhExz4UVNTDJei2zVkoMefUnP\/PKiIBEIRiR3DNITlKPAROShC0sR3WvT6PsKXO5M+RWZeCn5JGZ4LLQrdxN5yY99rJfgYTeFlrvCH8X10m0t3M68bFKnzWnRLPe2CE2sDeJlukMcGoe9eyTr1ElLyv0b71qAejHjymuXnZ\/z1Zqm9TcOUUZRyJPr0cHv7pQCUpLrQWHWv1C7RuvTderrTjDPPd07JHa+mQ8UBbAL5dPwVcvrTLgBCaShAT715kwmey9jJl98mHlhil08+pqYpXZF2cOvS9RPEDodpaRNki6YjJR8mBbI0uBvRfiUq\/s5eqlA+jbP5ntOL1+7ElPWXr1ze0QsPPTFkbovZBUOKR259g6Mj3KlEydseFQAK4YZ1ekB7GhwhnYYyYobnCmcCjO4xSGs+BclHJaJ\/eF3ANbka7X3XlnIV4DyEP9HWCnWofqN94AoY+kzZ7DKH9Owxw+ZyZgmI0trVpc+4qtMRr58xNS8CrOgwS8uRRkWBW0oFrtMh84N0xnlMRicLmT7hSyh5NjVTrTALswGmcTGgKzuzY6pLPaXdwnPjsDB1t0ChuTFDNrdCdEPbTsh4Pal5HadTbwKY3DJAfF75GTCyhKaX7NAZZxQmn3frXii6FZ6g="}
 01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"cdnjs.cloudflare.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"77f2e7e7117b061992c6529845aa351c","ja3s":"","ja4":"q13d0311h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1705784462738953,"flow_src_last_pkt_time":1705784462994397,"flow_dst_last_pkt_time":1705784462858027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1200,"midstream":0,"thread_ts_usec":1705784462994397,"l3_proto":"ip4","src_ip":"129.21.84.33","dst_ip":"73.185.34.172","src_port":37229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","proto_id":"188.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1705784462994397}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_different_dcid.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1705784462994397}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3/3
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5522901 bytes
-~~ total memory freed........: 5522901 bytes
+~~ total memory allocated....: 5522925 bytes
+~~ total memory freed........: 5522925 bytes
 ~~ total allocations/frees...: 85905/85905
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 589 chars
+~~ json message min len.......: 587 chars
 ~~ json message max len.......: 2225 chars
-~~ json message avg len.......: 1403 chars
+~~ json message avg len.......: 1402 chars
diff --git a/test/results/default/quic_interop_V.pcapng.out b/test/results/default/quic_interop_V.pcapng.out
index 8fe884ffc..e64c81635 100644
--- a/test/results/default/quic_interop_V.pcapng.out
+++ b/test/results/default/quic_interop_V.pcapng.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603816434507204}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603816434507204}
 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507204,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="}
 01020{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}}
@@ -468,7 +468,7 @@
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816444490896,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816435194117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1603816444721572}
+00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":30,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1603816444721572}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 246/246
 ~~ skipped flows.............: 0
@@ -477,8 +477,8 @@
 ~~ total active/idle flows...: 77/77
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5671097 bytes
-~~ total memory freed........: 5671097 bytes
+~~ total memory allocated....: 5672337 bytes
+~~ total memory freed........: 5672337 bytes
 ~~ total allocations/frees...: 86978/86978
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 554 chars
diff --git a/test/results/default/quic_q39.pcap.out b/test/results/default/quic_q39.pcap.out
index 32ba75930..3dc429ec9 100644
--- a/test/results/default/quic_q39.pcap.out
+++ b/test/results/default/quic_q39.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1509098995610775}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1509098995610775}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995610775,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/63.0.3223.7","quic_version":"Q039"}}}
@@ -9,7 +9,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1509098995737241,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA7AABAADgRuYgVnbfjqtgQ0QG7ltwAJ9O+AAM4OmALOTw1M50FdwtLmPXhOu9ZZKxYgqiuY5AjrA=="}
 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099004752497,"flow_dst_last_pkt_time":1509099004382425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":14377,"flow_dst_tot_l4_payload_len":2074,"midstream":0,"thread_ts_usec":1509099004752497,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":577850.7,"max":6514643,"stddev":1531988.4,"var":2346988339200.0,"ent":2.7,"data": [8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948]},"pktlen": {"min":46,"avg":542.2,"max":1378,"stddev":603.7,"var":364512.4,"ent":4.1,"data": [1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84]},"bins": {"c_to_s": [0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0],"s_to_c": [4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0],"entropies": [4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099044522763,"flow_dst_last_pkt_time":1509099044559423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":18965,"flow_dst_tot_l4_payload_len":2686,"midstream":0,"thread_ts_usec":1509099044559423,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1509099044559423}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1509099044559423}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499759 bytes
-~~ total memory freed........: 5499759 bytes
+~~ total memory allocated....: 5499783 bytes
+~~ total memory freed........: 5499783 bytes
 ~~ total allocations/frees...: 85921/85921
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 557 chars
diff --git a/test/results/default/quic_q43.pcap.out b/test/results/default/quic_q43.pcap.out
index 894360cf0..f8ac26d2e 100644
--- a/test/results/default/quic_q43.pcap.out
+++ b/test/results/default/quic_q43.pcap.out
@@ -1,11 +1,11 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388060203207}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388060203207}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388060203207,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01005{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com","quic": {"quic_version":"Q043"}}}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1592388060251652,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1592388060251652,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1592388060251652}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1592388060251652}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -14,8 +14,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498031 bytes
-~~ total memory freed........: 5498031 bytes
+~~ total memory allocated....: 5498055 bytes
+~~ total memory freed........: 5498055 bytes
 ~~ total allocations/frees...: 85862/85862
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 554 chars
diff --git a/test/results/default/quic_q46.pcap.out b/test/results/default/quic_q46.pcap.out
index 73b0d50c4..f48b649b2 100644
--- a/test/results/default/quic_q46.pcap.out
+++ b/test/results/default/quic_q46.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559632338055044}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559632338055044}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338055044,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21","quic_version":"Q046"}}}
@@ -8,7 +8,7 @@
 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTrzqQArMTUQF+qfZl\/j6GDEC\/I+tHha\/dgY9YrBnIQRh7ycTzuKlQRveBbgIPaLRsi0ExNkrNV7kEMqhWFB8DVw3+iXp7Q0SPR4wk2prQv0Z9EAI0pujRDgT83qm1mSoLM4iQy0bz0Gm96wSsATMKmUKyFyFBnpTsLUf9Xvid5CkSvVYq5IyCOuKfH87rCz5QTkBH6YTC+QDCSrAGsbffYz9bMQO0R4i01YSA9\/I4aHEs98s23RNpdZor+Q4Oguj04Ui1Bg8f3CMHs0B1wKZWu7IF605ju+my8Ex28FSM3yemKCvdolaLftpnKyeHoId\/QpIb8iwutFlbt0BwhTCDewVFpV7BQBJRHSzzcqF3KHmxfGeJEz8HgPupbuU58vn9Kst3qPAnRfWPM9Y\/xuqQrVroUhIzD2KcGL44idNWqzV9MuP5s0aD\/0n00A8OknoaT1Z0nD6uS7MwoMEp3hjaZrYh1FVS6ZqzuhHdMfQUCymEejFbSmXbd58wxV444MjFUEdTCH9C5nplkg2PrEbadm\/t1\/rEMeg\/JOLjOqZeL3RVNZnVu+64GiTXTooYqjnh40z9xHOOmQOZyfle2iCVO8R\/ivXtUThQIVkJxvD+lByIAMuKs19fjh7OTQuW6brcmUpLLxNTED3sSOJ1MHHkPoWBfdRuMlOs0Ryz0ZCwxjKB2QykP3nGHn+U9cQJjEEK5qvkEMPYypV1+HtjqlPnl6iu5Sd3xNKaZ9FcaL83oG6RIF4zjJ6ihumZijejW+\/cRyoX2\/M6YpKMTtn1WRn9rhtQry3eVZPeQNVSd7XZL0VdvQ5vu1ggAQn5TQ5togK+G+4pXqF5jfiQ6DBFgLpBhWv\/UFK7aVWxuJrDA5S4u1lGTu45kd+19qZi53LcaXhMl0qJBJJF3oCyKeyoTTUDuHU27jmLWrpsAktKlqGf+4TuB3lSO\/EPFyrp8KLENcsfa5\/l+B8TZFRRUwAQv7YeB+SquPT+XySpsyvSWPmJ1OkgDGN40H8aBclc9K0qdDBg5M2dE8QYwGrrNKoCeKgtW9TnOyhkw6iCeSMxUnEz7I72YmaU3B4Qdh4i1suSJJS\/Is5YBD0LYW9RGca2psLfKVVQ3pVzCNm+8iuLUD\/+N5dsKBm97UDJJu9QZbvh\/17ADMdqmqjGV7a\/KL1diOzof+kNEM6D63PNaEqTcdTJU679aUQuDA36PwnjOfPQ326RaECpj7agr5AR7cT1hl7xR6U2rhzkl0Kz5J\/fIaAVikO2T1YDzpEa6ViQoL96Re5TbD3QjIjfR4Gp0AjyScTnvjlkaS0KPbZ3dZO0yuuI8K2w5rv+O9wTz\/j3JIVxILrgv+nrmo9uCpzcwBNXvDg5SBwN8NZxMqNH+W5G7d95IPrVS2zW\/4pG\/B+zxKwHjBFjH1xLbTp7hfN1GljHGDpVEQpGi4OAY8li971mNtDTBydQJmQ7gQlhjFgMlfgoeRtSHU+o01scTey2+WUdu3zYtDsTDdxFIAdmHZbOrHyzRES5q\/KmutL7eczEoW1LzE4ioLwIH\/g4j5+nlj4cThgEcmecZB7Bt1chmjIYfJVOi0zwKH0\/NJvwsPzAtyn1PIZKiwEc\/CbD40rT48BToIWSWBLXxWuohMPnE3FrkoivOd4Gpa\/0yzU1wMDSMH+mbgsZhX5zYEoGglp3CbY5FVv9cUPm5sCy1UpjiUb\/pbUisccf6scx\/oiXxAimL5KCP061NTFY85qjPvir2+lXCW2MH9mnIP3P3l0xfA0+tgQ+tN730D7+w1UgNyI6x8+Gr2OtccMTyA1EwS8"}
 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338309852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338309852,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTqtnQA9VWeqlnKi1He4wQWN\/f+ykkZ7EUoh++i5eD6CZN\/2OK1LLvIohuBQ6+oAOvGiKMTrPyoMy+bwMieLisXdiafKDJvZCKRyShiIE\/VsZZA592sxRa9Vg2pXH9j8435JRlNe5zXJlpHaHeTbO9GlYTmUN5Wk8dNnRtW2hdo25fc+9lOQWYGT0CaE9IiOnSr9tN9PQJxGm59j3+FpjB7JoRFF6QQtD4qRdkxQH1ljvfZOy\/NU3nHfLfeZPZJ75hGZb662tqPtx7u6RVD6+HRQ9t50R+x\/XDILWM07srC2XJdOD+9vMXyQZnHhaNfwt9CRyUEeHYvvI4s5LjOc7Mbgwm5E+3uTUaD0FMzn7S4eDN2dyeOzJGAHwGJcE6SUAzonQ4OeQrZPgaBZWVNmyKGxjKy3RWR618ul+UgR1pwa4+LeuwPByRnCcul0lBFI2RjWbPy7B4tvwCuJTWDNvttFv+HTU8o\/OMC0jVE6E40A6vQJGKHkOZ\/eHxWUXlsEKRm\/GXeQyO2JrKq91+JEuAU0WTmWUvpcxBbRgUThFcVxvkjStKjqJe0MlTP\/cYQFieJP8LkoVTkSd03u3SwfS+3XPGs5NZVFfRewRdYH0d\/EQA+OQ4qOBcwSzVxJTvoR9+aJTgns05wAao6IGVc00ppeEKy8o9B2PPCf2Yn13wVW2uR78+\/Sd8uRXih\/0hbDCAxr1YMdwv+eWb6z6r2HUEfmZfbZ2vZFFXy1XdNELipxBnZhyKw5gtJlK\/prcdMl689I0X4UmwUKvuaZSDK2qVQjQZ+WfWe7Y3+IIr6FePlmnyWxuwGx2NAcUjClYlSywa3SNafQ\/QnCxF9jWX851VWrmEKNrzufxVm9BLlnyE7TOg37UYKSnU7MFav\/5Y7S9+nCiGS0pI2h6bn9B89LgkNcy2P7evWjIvP\/b3J9WMvri5HVWcmKN3UKigYQLEtEZLWZFHS8dH+em70WrNuoTlSgtkGX3l78KdOLj\/JZ3BCtl8IlL8uhYijP1M\/3r1gWclDoY\/N++VS2piiStR0CBqTIjR1lVS9uLqnX7ydFKTP\/QLVmlxN2DahOn1ecixBGSgvwTN0wTqnzQ99268818kw4dNrfToAOz5UDyCmvlGbewpbh\/O7rwGiMjYWFa1wJFnhRK+U3vWbsPAKjCIVK5nitFyipl+JsLSS8NuBlvP1GXpicNGf68c\/aKS\/iTLOLXEYWxAXBoVkP8VTohEv+v+JkOUIqzU9aUAeXRmxabFQdwgmz6HZ5Sh6Wz588d0Il5MNXCmccVrr9R16l+BtvO\/6JwNOBkS2faZ+uXBgIOKPPEK\/VmJ2tHOGRGhP66mnMcsK6ppNBWsqw\/4teJOjdZ6zNkHNjYpMl1HHg9179N7hNpmxK3JQeEhM3Nd\/bwFjudZZ3xeZKb+RO5+HTvf6lOws9qjq9GRVdht6E7qZyfdu66KCGUZ236sgXx8\/tXdOG1GjNaZBSWQdyO3j8e3Szniom7EbDIbswnp+K0bpq6I03LBzwL5bcxiJ9cX6D22d2UJSBciDgro3a5rhSqnCgE5jx3RU7FGktThztnkynC0jB81m1fhkQfPfxfNUt1a9Okezhxk0bMu0BS4AVkvJ3ROO7KASlsLkd0UTIs2KqAJtOyK9weTtncnzcRNQfszERX2cx3V06dKgFWnFbRhfkN0NHXkYDEtKOXl1Mg2fVxyB0vQzYU6LSlvw6Dagv6NwzYn1c6Ac7E1lV9ZzFBiTOFF0umqRJzygwakMmhdAHqB0FbthGufvfPpr\/4MvkTCdu10K0kPvF7x6j+"}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":15,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338367037,"flow_dst_last_pkt_time":1559632338349062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":18936,"midstream":0,"thread_ts_usec":1559632338367037,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559632338367037}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559632338367037}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498597 bytes
-~~ total memory freed........: 5498597 bytes
+~~ total memory allocated....: 5498621 bytes
+~~ total memory freed........: 5498621 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/quic_q46_b.pcap.out b/test/results/default/quic_q46_b.pcap.out
index f7ae9600a..843084b50 100644
--- a/test/results/default/quic_q46_b.pcap.out
+++ b/test/results/default/quic_q46_b.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561708873328442}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561708873328442}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873328442,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/76.0.3809.0","quic_version":"Q046"}}}
@@ -8,7 +8,7 @@
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":39,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAA7AABAADgRW7Ru54YjrBtF2AG7sdoAJ2svQANZ0BQdTteTPGKYB0T\/Suu7ddNWywm\/bYiMAK8NlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1561708873542922,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":55,"thread_ts_usec":1561708873542922,"pkt":"AAAAAAAAAAIAGNwmCABFAABLWn1AAD0R\/CasG0XYbueGI7HaAbsAN3hoQNGjq6z2HGzRAkZgauR6jC2QY2hinAIQJlFz8Em5XwagPo8YW85xltrq2ilzWOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708874187856,"flow_dst_last_pkt_time":1561708876422246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2376,"flow_dst_tot_l4_payload_len":2844,"midstream":0,"thread_ts_usec":1561708876422246,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1561708876422246}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1561708876422246}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498599 bytes
-~~ total memory freed........: 5498599 bytes
+~~ total memory allocated....: 5498623 bytes
+~~ total memory freed........: 5498623 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2419 chars
-~~ json message avg len.......: 1491 chars
+~~ json message avg len.......: 1490 chars
diff --git a/test/results/default/quic_q50.pcap.out b/test/results/default/quic_q50.pcap.out
index a0b03601c..2b2f5d1b7 100644
--- a/test/results/default/quic_q50.pcap.out
+++ b/test/results/default/quic_q50.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388088469619}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388088469619}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088469619,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"}
 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","quic": {"user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21","quic_version":"Q050"}}}
@@ -8,7 +8,7 @@
 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591706,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuYYx1EwNTAACN9KCJ5O\/156AEU0Os6NcND6sMIhR6wlQxJqDPKTFInXtiCVq7Oak\/Y82V0XywIxz2Whx8Wb2xUiZNk47rWK6oUgAo94MwN6KceEvFuaQASNHR6dakuMekdgMvKyWSoy7n6Kx6gcRhAvSIyiyivq7Xt5HstbWGNobzw5kW16it7xCvkjNeguznt0iKfYhVjHujng\/mIn7KT3rF0NdWtPKuRStas2FlOjD1KkMS9uq7qrUmpT72kEMNvQdgQQWc1+qu\/V9YVOZimYCxvO7Wt6gPNNMXe28X0qUb\/R88QoC9tLiwD8VmQcCZWnnwHftQT6t9mj6SOPLTxi3J6Qy\/azKCA+3g0XWUroXTAyqyxvYOnCkadn3eydA79hvFfw7hRWoftcfjYhFjSSDB+LG0NyE\/I5iYus6u9DedOhynlL8vB6tzr\/+1AR1X132TBRWmEZsyQ8fcEc631CffhAaA5uGUHlkoJHYaU3kWEHVpwR760NENnHg1MfTZ7ZUhVfph1lE1r5XNITcJrjlJRyZJBxNU\/IEEI8MujV265G21AcaVMc6szhK1Wx874zM+OeIwciAaHgXMYrNj7WthHd5PBtM8MF8SaNdoGYpcgsddH0GoZ\/3tq+2Q8GGxuJpOzfa7XVC9vJio2Lw3JZIvYv\/iXFhHxbjvAG6XePfv91jtV\/kZc0hXFCusoaLXfFJihI7q2H2FISpAQQjo5VEWT5vu3FajoiER6SQe23SIsEmgwipJFln\/ukd3HPHxZ1ul5RU9Is\/C1aceCEldcNKaN4VeYKoTWyjCpZFVZ64+HAtBk3D0GgUGD7T+h8BXpTq2yhqs7mM8jmOatp0xZo74R30wT0FPlVt2\/yhC68rDIjWIKyB36XIie2e3N1Xg+Rh14NvxElS3hevnImODZ6pAtqV3lpijp9PYtcTNZZa3GHwCxtjyxLKyjBt2PmeukOn3Z+1TzG6lAu72OuSA8F7Ipdp5l6SSFMGx5IdZ\/MoWGwImeADjm\/clLuj9hTf5G\/5R\/ywjTXtJUbbj9aynNQOMVZaJZ910woNruWRoBiqi0nI12HJIY2+WrYcjbAxySUwBouZ1gItm05egY4c98BytQ8TgT4l751mRafsIpIXzjdSoVg+yujlBxrLT0Pf3rdxZkIsfCnfW9j5TP3lqyw5u++O+cs7pDfPEEZ+ic1O+bSI\/Hy9wEZWf8jFhxDN7sOlIyYbXUleuvu8g4bpmRks4Jeg6SP67NjLTg\/Y8HwIsuf7EmrJVcQwMp6TCzthaROgfcAF5zF0F82CE71TICU5u9o1CBjiGKKuZtbbkV9Yue1RZbgp6ebsRkTBGsOnDf4SAZ3Ky6SdFm2TnUzcSdQ27ckpzIRvE6KaAPHZ\/Yf7varSH7\/v0fO8TvowM7\/1UwrIVHhejk0hlCXN1oRocyWJ1els7XFynG53RKgHQgTt0jEpWtqMOF1vfKXQy9Ta+FJvvGTrPQNW+\/28FJOSPCxZCqAvZM+8lJkqCZdh6lCet5KlK5IGz\/iR9WRBe\/96dCxsyck4A4u7INRs4Pr19tq0wHFmvgwhgJwYWr+DSNR573UiQZLAabtKJydHVcpmdxUE4aA4j2mtuMf3nWgmVwYD8Rc1oJthfCKlIBu0GXZYIyFxH63RL2xGpT1ye8Y32QC\/SymMtquCU6WSC58R+5BrLSghz9Iilf0uRYrSAy4nfJy8rwI10f9qZGmFH89aOtamU8Q+MnheA2OG\/dOcdAp9q81plhWrkT1601cQ7LPkz37vAFF6jkUbyboxo\/Fktak\/07yc8Vi"}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388088618604,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088618604,"pkt":"AAAAAAAAAAUAeJuECABFAABG6fdAAD8RXQb4kIGTuJfB7ZkjAbsAMoiixFEwNTAI30oInk7\/XnoAAEAYRBPMrp71zr2EFj5wmqAqmjc3agH4W02K"}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088898970,"flow_dst_last_pkt_time":1592388088935970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3327,"flow_dst_tot_l4_payload_len":16267,"midstream":0,"thread_ts_usec":1592388088935970,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388088935970}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388088935970}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508914 bytes
-~~ total memory freed........: 5508914 bytes
+~~ total memory allocated....: 5508938 bytes
+~~ total memory freed........: 5508938 bytes
 ~~ total allocations/frees...: 85900/85900
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2350 chars
-~~ json message avg len.......: 1456 chars
+~~ json message avg len.......: 1455 chars
diff --git a/test/results/default/quic_t50.pcap.out b/test/results/default/quic_t50.pcap.out
index 421fbfee6..52740fac6 100644
--- a/test/results/default/quic_t50.pcap.out
+++ b/test/results/default/quic_t50.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598618820564956}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598618820564956}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820564956,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"}
 01321{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","quic": {"user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","quic_version":"T050","tls": {"version":"TLSv1.3","ja3":"a2fc589336b7c13b674c1bab24655ce7","ja3s":"","ja4":"q13d0309h3_55b375c5d22e_f68d9329452a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678307,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTsI14VQwNTAACFVfMtNfKdhjRTV+TZdrbCv33x6iH690PyehJilsagoNTR5bonnLL0dBgoMc3YX6O7TqPoYEmBQhBo9qpBXyGoeAWGhcJFKsYDc7\/u4ZX2hLTAloQ+a\/pdH22A8suHezIhbLeb5134q2RA5HFoZzTMTZSBCIhgTstv9PXQCwumfychHJYHs0Ft6yq7RAocqUEq1\/LWFpsGhK1ImBcJ8BnDM5dxDKgRMGlmxspqHoB9\/LPeslqcwLzWl9OQB\/VcpU8C8sGBntQaRgPwf94pa0UqHMz\/2obpKwKjbwwgbEskSQbqBuFooA5L9rz6S2jrVdw6PE85FWIxp4KWk1jQusgYQi5jN8GLyCPIvXHA53qb7OcsTkg4Ww7b64NWwW9ifQuXd+Gqe+UisPjifLIntlpGXlYNIY7BnAWTPSpwUdXy6Qtqrk8X\/ruvgOsv6aDjOLl4Ge8zEim8Amf5sqpEA8LJyB8Sv5O66dtJK+I50u7YFLUA7h\/tgVP1iPhpJTEnCH16DKyMXZFkbh9DilxI7c0pOAZLYJr48QuJox4RoLFZ9lMTvsKjVku\/fWAMDXEQvaFNwvlBvlnQb9JbaVASSjOzlsBofk50BdO9mypm2dSeER4kNd6Y3YDYqrbu2dewaFT5S3EXYNt0lT5NZS8OaF9O08WAiSZmR5vmuAfuLO1zLgGQ1Euwq86NKKfd7X3h+4ViguppZQrMcNF2YojGrt5MMBgpSYR9Hb3pj7xTb0uSkVCu72ZrfL98amuFAUy7Fx+treVOyYo3k4jCPb2dH2G7olLbbzBoDbI3iNF6Ekqomn+sjkEDznbOBqf5f+SFEITZLVshGDkaECMNIlb08WSbhHUCFxGcOQ3UPyKpjOEVlwdNr04Te9hF0D8k4p+KIgi1A+waaYVHLFETZeT8YPT8ZDHf6kMrYR4r7+vw1sGIhuXD7dlP3xV7QBWhPLWn09Zzf+Fjtn\/rGO7M7jIytdlLNCA7WWcqkE38zytO4rGXwn4Db\/WD3qNvU2vCguVZQJh7TYQjHrvQ1m\/kei6U2kUJxRU9pZY4RgTao34mbxevGfXtL4ZcIwdhIqpGsExlSBqASylYBW8VtVsRikCdpzuCR29+fKrJ5GQKsbKq67MSom7g1SPuKRUVpcCxxtEonsShqkNxNzZ\/KxLmT8v5MWSqqjE373M3Qtz+UlarcxgwlqXMcKkepFzis88I4xRmO9NUhDQaOshdj35UPLk\/InvvlEsTluejP7p5FAbc8LG6s0arB0tweHuxaedQ3ZSCoivRmpoiifHNeSVAt5G5yOhX3uHflkqbYAvXXJvJz\/9ghC6SZTst4VCRHHiBQrVKQogZkzh\/ykPsgutAYqQ0MMye7j5zhBayUaElfmpZhnfHZOgPfYCxTTc\/RtMexJr3LPcYh5ge32zWBwHlWorfSgmJcAhbebG7\/n9y6h\/ty\/9E6FoWOluyMMDQ7gv2jL3WXLU+cqEBJmMDsz\/0XHB8yjYAMFXAREmTS0tJ32G3QTeLJYyzJ7BvLKslWQtK1WmiJD+z\/wfOk5auh4iSdzg1KQ669g2tPVS4uwbx16g0jlqJL3MH78oeMHfTePuvb550Dwg8s3yCO8hnNoYt3ZDALl0JQkpBdmXoMEdlyv12lpf7U0iRGf\/4pr0CE0SG8rDso+ecL+ggGjpdwPWgfQ8nk+lOeLsTXddVYv03OgnFqwhUvd21zzUyTUY4mKGWFoQ1WIUFHdZw7rjCzG6mB\/mAXdXyriXrRQk3wIAGulMvV8xiE03NCdGQQ5kPv7nYJRK7sO"}
 00959{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_usec":1598618820678362,"pkt":"AAAAAAAAAAEA4e3RCABFAAFmAABAADUROGOm8LzRKJp\/yAG7wqwBUiB24FQwNTAACFVfMtNfKdhjQTkel0q94ZItOeKbj6OxbcFJoQQVaZZak0Bh1BLF\/\/NZ4vK9O0\/Iy6KVVmpDncSZrSRwHvcZHSWbwZiCstsEDdWrPtcbInQbWLg22euJTVfuU5XsciFULUWeQPLAOQqZdm4TGL1RYGogRCrzgy1YIhzTA\/sljiH\/YgFkGkv55prkYaQZ0L3X+SHIw3ScFYOOfEaTKZ9UZsO3Pvc\/FFafyEjWlGZWGLfwpFNh2DMcKPiZNzTcUxqJpYEehuKjdd3uPDmJPzfrMlq9RlSvd1c7GpiMmPJM7M1+8CxZcfUFGSEw4zxFM4YKu39AIJ8LU\/VWvgMbS5kedIXCxCBRacLcGxpZA9djAjOLWYiPP6gwUSpIvz7Pr2cVDzE29sJajeCR2+5l7nzkQtdzjYwH+dxZXr47q1lihmuSWcEW"}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820984161,"flow_dst_last_pkt_time":1598618820815062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2894,"flow_dst_tot_l4_payload_len":5022,"midstream":0,"thread_ts_usec":1598618820984161,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598618820984161}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598618820984161}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508701 bytes
-~~ total memory freed........: 5508701 bytes
+~~ total memory allocated....: 5508725 bytes
+~~ total memory freed........: 5508725 bytes
 ~~ total allocations/frees...: 85894/85894
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2355 chars
-~~ json message avg len.......: 1458 chars
+~~ json message avg len.......: 1457 chars
diff --git a/test/results/default/quic_t51.pcap.out b/test/results/default/quic_t51.pcap.out
index ead237a7a..98d40dab1 100644
--- a/test/results/default/quic_t51.pcap.out
+++ b/test/results/default/quic_t51.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598620434413428}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598620434413428}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434413428,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"}
 01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","quic_version":"T051","tls": {"version":"TLSv1.3","ja3":"92e76078d514999cd950474995dab2b5","ja3s":"","ja4":"q13d0308h3_55b375c5d22e_e7bc1e4f333e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3"}}}}
@@ -8,7 +8,7 @@
 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530068,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"}
 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530087,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvWw7lQwNTEACP+UFbWwBYYNRTWFFap3NZueejSHTEbypHeKREWRxqFhCyZ5IFZ0eMPI1H48IlicfZNkXoAWlnYiFV7bh\/SgyFOQ1pzqpY4Gn+dZg1igPWwPXjEkbDJ6Uie4ErETtBEXPCHdh0EPbcG66CEGsqP3FcGhBvmBZ6nLZXtHGFm8TZPZLCjcEWUg3j+yh1uJpfKvfgdjQXh\/BKjL946XeM8A3dQwTCj7w0RU4XQ+LgKO5R5jUOWwNACvmRA4ChETSCDHR4\/BAzDovDeZBIcfCGhDNPuYCn0YgSbiKK\/zKtEbn2g8SAWOGtzORXbtbz7cr3FZq9+52D1ciyRqZMVAhZJn6boHkLy8FiSsJcgUNmFlpFnM5CbmVt+Z3TalUOLmIad0ZBJ\/frS25nxzdMvyMkHuNowggmF5lhEeoHaWyFEIcqz0HqYgX9hRGG6fJHHJDeuqY2DZzkMFK5lXdq830OGjj5x2saXsr3OlkQRqhBSGhxG8UUKpcbzUIRCc14PBKwtK58SIzfKg9C2dH1Ndip\/iMgaZp1dLSjMgGMxpFjTnm18D2DnhMbRC3SF0n9NQv1yxds\/5\/VLS7vlRw085hWdBDcF5JsrSqCb7FrIGqCAJ6aEeEk2C5NCIEHLGpE\/8Mrk0r3V+oyUCi5EUJoj7yFrgbAI\/RLP2DX5PzYPxVTVcCPNWxwAsonFHo2UzqB9GByR9XsVOyiNMiXSmCP1h7RNHRBTW+W+GEKnZsHlit\/daPgCMDsn+uRJkfq08o0Wc8dtlQdBvGaiOyAz5kxn9XlLa2XMJVdY5fa0fvmKEA8kLRIsUWffWkNMWjlbFbe4\/4K6v5\/2vl6j4PIKwrTE3NX480XOutB0tHFeaBywMhTUrJM8\/2LEUuohxcw8ZJUMhyz8KLelYrkfR4ZEmPHlrlks1U+ptnZRctCqp6xS15oIDC2K9IvH6W4XVPXW5E6wTMgi2mDpZEkWMsRcntggQXrcuBYU6Zv2UWEKNUfFTBgz1KVhJpmpS4Xtc7F4NEQ2NoEIYQl+RaDfoFKprDp3shiANgPwfFEVHOLO72rKzBM1JtbcQAk2OwIiNamkunnJ\/nJitxlIW52Xeo0s2OwSYNPFF5zyhBUq5ylZcmxfa6MxT8JqgkvJT6UrrMDYFURtuX0ryQCk\/XPnIFL82IABneSi4Hs5V82gBRFJuY536RKXy0Y+Fmmlg3ORBkeur7nF4WNLwf4uKdeZDa4zi4F5ERbAlPepeCgnqktYXzIIcX+zttEmBzBP8oQgxfobusz6BiWXRPhFCorFz9af2XffpBUFzon7jFEaUHMZEWx2T\/G0b6rOVrMUsciysio8OUm3qepoHWfs017iLVwdUjBzLV8bfsI876uYCB7FOOWmpFjtlfEcfFvovuxYQo3c2P2+FTRFibJG3fxpLnuZL+xZ9WuB0sUCqoGe0Nj8mWgJjvIMlZr4UBHPVa9FuCSvw43Jx3Z4zkFEFLwlnXF7XomFdjjzfNyGEva90KOeWy3V0Xm36xhL9ZfJd7024bmBrSU07\/OIwQL4RM2pylqUn8vtXHdDenj0RW6L9cUJF5+gefDnLwPN\/LkqvDQ9XoQLkYPyIOrW3yOipSRZ6qssVteVhp7yz6wIlf+om4vamOC+pjDHdk54a1\/tUFkk6iLfsqzmXEDMc9twzy8aI6ruHx9Y75G06eKdfUoetoe+oo6I+bKN+bF3ODBFJJL3VoG2yoSGLlcmnzauulsMAmGP4trS\/oNUS7VcK8uv8Q4iCrkL2Z7LQ3A3kywkt3RVfSW0P5p96Zzps"}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598620434650828}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598620434650828}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508704 bytes
-~~ total memory freed........: 5508704 bytes
+~~ total memory allocated....: 5508728 bytes
+~~ total memory freed........: 5508728 bytes
 ~~ total allocations/frees...: 85894/85894
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 570 chars
+~~ json message min len.......: 568 chars
 ~~ json message max len.......: 2354 chars
-~~ json message avg len.......: 1458 chars
+~~ json message avg len.......: 1457 chars
diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out
index 3c5a0be61..8cf0f7f7e 100644
--- a/test/results/default/quickplay.pcap.out
+++ b/test/results/default/quickplay.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1429000030398627}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1429000030398627}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_usec":1429000030398627,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
 01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"api-singtelhawk.quickplay.com","http": {"url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}}
@@ -64,16 +64,16 @@
 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000052350287,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"thread_ts_usec":1429000052350287,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="}
 01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000052350287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000052350287,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000052688483,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"}
-01472{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000052688483,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
+01491{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000052688483,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000053611792,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
-01469{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000053611792,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
+01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000053611792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000053611792,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1429000052217627,"flow_dst_last_pkt_time":1429000054555518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_usec":1429000054555518,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000054595190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"thread_ts_usec":1429000054595190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="}
 01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054595190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000054595190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1429000054688452,"flow_dst_last_pkt_time":1429000054555518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_usec":1429000054688452,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000054967566,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"}
-01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000054967566,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
+01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000054967566,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkextshort.weixin.qq.com","http": {"url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_usec":1429000055158240,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1429000054688452,"flow_dst_last_pkt_time":1429000060332068,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"thread_ts_usec":1429000060332068,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAOBsF0AArQYRcHgcIygKNqn6AFDLKctUXpxwAbVfUBgIQ3alAADeuoa1+jA5Ry0mXbQk51nloyMd3bnpaoAhLaFrs1GxxS6MStN1DNXgV3PyV9xWtS4Bq7eqDyJDn7AJDstUGJi0\/pfjbHRxURqqSWq2lLCGNr8PC4\/zdGcQgXAhvJ4k342DAqdcv25jjD\/DCZL0NGZhuQtQ9EC0TG+Yxyi57FXdRjFSsIxVH3fsgYrcB9Qagjzg2cKnxCjR\/HkaVIYK1NtKzAhNksrWNnXwbZRgh55QgVjqectjQo\/f"}
 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1429000060559607,"flow_dst_last_pkt_time":1429000060332068,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1429000060559607,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjlkNkAAPwaGFAo2qfp4HCMoyykAUHABtV\/LVF9UUBhMo7CDAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMTQwUjIxNi9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYxNDBSMjE2LWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9OTViMDFjODMxM2FlNGRmYjgwY2QxMDI4MjE1ZTAzYjcgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
@@ -82,7 +82,7 @@
 01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110390234,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"thread_ts_usec":1429000110390234,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"}
 01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110390234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000110390234,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"thread_ts_usec":1429000110528479,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="}
-01466{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
+01485{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000110528479,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"hkminorshort.weixin.qq.com","http": {"url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client","request_content_type":"application\/octet-stream"}}}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 01313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_usec":1429000117728278,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
 01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000117728278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000117728278,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.account.xiaomi.com","http": {"url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)","request_content_type":"application\/x-www-form-urlencoded"}}}
@@ -94,7 +94,7 @@
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1429000156459448,"flow_dst_last_pkt_time":1429000156273474,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000156459448,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
 01578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1429000156459448,"flow_dst_last_pkt_time":1429000159329352,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":822,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":822,"pkt_l4_len":786,"thread_ts_usec":1429000159329352,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAyZ5rEAArAYClXgcIygKNqn6AFDLMd3YhLgtNF4MUBgIQ\/OyAADrwzX3RAicnUrik1zDx4PqjdwOmF3fe8pzxTI4oN3yFpMedtYxelwQ2rhsnEO6G\/cmlY1IJNm+dhF6bSA0DSydTzLfvgeIuFZXygwrH6gaXr3bLYeSyYjaCUjWjmQTt7V+t\/gKIDQ7qopT\/9MJLyH+KwU2kj6lGewqsyjKL2j5Quk4rIxkJFWbgA834c500rsR9UD02ykgxsrbPdY8neRLyWauu2MwdO8Be1DZjdaACskFpdJNZR72s2dmRfWv3zmQNDywLdy21xUi6VV5yyLDgFQBtBCXRV+cQVGxrWazEswNsOJm5YNkt7Julo0fagWzzfA6k\/UxfxEYcq2TxGzfSbcM1WAuTAlHKowbQoKWjTwGEc2bWIFmXE5q8JrHhpukUvKEnyPDmn\/EVfOSXk9pOu1LB9Z9OYZmi6y7tgB9EBz5Hxig1qph7haaqDsKdW4PxWR0VWnAjHI09PH7\/zZlo9FDGZoA+\/SUvcNGTG4xFbCoGdUVimgMQK7pTJ5Jlf+NZ2rrp\/xRZXpGeytFF1JKGu6T6\/t07HLyU5FKV+heWPuYKSc0\/F9MjzFgwPRSVBhFEnAC\/WS7fVzhr9qnYUWW2DlxWquOmitR6vtaHNaiPFn+YxtHGPG7\/93xpqqGHAO5k\/JlbrRpUzvT4SAJhoKdaOAHp8m4MN2ufQ3rIJqNONA5BlU4ZX+YUQI9CVaX4mikHnJVz0ekLAIre31tIlLe5zK0iJgb0WauPILeFUHfG\/hDtxzaYUBCdt\/hcRGKLkM7kOxnvCtJyHcI0rs0EKUtkKRvt1YG8GKC7we8kgHb3wKzQpqiwjdRZofEVpf4s39L+wSufN2yERClxc\/zZ5xM\/anf45FN326q10slGD1JayBMSJ8eMRTWd2jteav9aPEQic5zOuESF716eR6sI\/RimZhAJZBj7ByW9GcWmBoQQJsN64WYhuY907IORbVtU3zFysJ35lxofZxQ+WSTQF3sp9jroQuO1XT+yDkm8sBF8f4oY6ZuQjFjIM4yz\/Js"}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1429000179906897,"flow_dst_last_pkt_time":1429000159329352,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000179906897,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeakoEAAPwZF\/Qo2qfp4HCMoyzEAUC00Xgzd2Ie2UBhgH8TOAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTAudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":410,"midstream":1,"thread_ts_usec":1429000184253516,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01245{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1429000052350287,"flow_src_last_pkt_time":1429000052350287,"flow_dst_last_pkt_time":1429000055158240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":405,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":405,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":405,"flow_dst_tot_l4_payload_len":410,"midstream":1,"thread_ts_usec":1429000184253516,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000207973761,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000207973761,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_usec":1429000207973761,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
 01465{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000207973761,"flow_src_last_pkt_time":1429000207973761,"flow_dst_last_pkt_time":1429000207973761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000207973761,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"vod-singtelhawk.quickplay.com","http": {"url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36","detected_os":"Android 4.4.4"}}}
@@ -126,8 +126,8 @@
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1429000030766760,"flow_src_last_pkt_time":1429000039809180,"flow_dst_last_pkt_time":1429000040059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":732,"flow_dst_tot_l4_payload_len":2724,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000041481085,"flow_src_last_pkt_time":1429000041481085,"flow_dst_last_pkt_time":1429000041819556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":181,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":181,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":181,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000050062079,"flow_src_last_pkt_time":1429000051366980,"flow_dst_last_pkt_time":1429000052145575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":540,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":89,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat"}}
-01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
-01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000052348029,"flow_src_last_pkt_time":1429000052348029,"flow_dst_last_pkt_time":1429000052688483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000054595190,"flow_src_last_pkt_time":1429000054595190,"flow_dst_last_pkt_time":1429000054967566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":560,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":205,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":205,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031075232,"flow_src_last_pkt_time":1429000031075232,"flow_dst_last_pkt_time":1429000031382971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":53,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037600378,"flow_src_last_pkt_time":1429000037600378,"flow_dst_last_pkt_time":1429000037659613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":81,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000117728278,"flow_src_last_pkt_time":1429000117728278,"flow_dst_last_pkt_time":1429000118045538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":582,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":582,"flow_dst_max_l4_payload_len":775,"flow_src_tot_l4_payload_len":582,"flow_dst_tot_l4_payload_len":775,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
@@ -140,9 +140,9 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1429000375190710,"flow_src_last_pkt_time":1429000385363074,"flow_dst_last_pkt_time":1429000385174414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":2108,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000031698279,"flow_src_last_pkt_time":1429000031698279,"flow_dst_last_pkt_time":1429000032158423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000048159796,"flow_src_last_pkt_time":1429000048647467,"flow_dst_last_pkt_time":1429000048795905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":487,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":487,"flow_dst_max_l4_payload_len":1169,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":1169,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":145,"global_ts_usec":1429000385363074}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":145,"global_ts_usec":1429000385363074}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 155/155
 ~~ skipped flows.............: 0
@@ -151,10 +151,10 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5562749 bytes
-~~ total memory freed........: 5562749 bytes
+~~ total memory allocated....: 5563105 bytes
+~~ total memory freed........: 5563105 bytes
 ~~ total allocations/frees...: 86465/86465
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2445 chars
-~~ json message avg len.......: 1508 chars
+~~ json message avg len.......: 1507 chars
diff --git a/test/results/default/radius_false_positive.pcapng.out b/test/results/default/radius_false_positive.pcapng.out
index 07fcf82c8..771018e36 100644
--- a/test/results/default/radius_false_positive.pcapng.out
+++ b/test/results/default/radius_false_positive.pcapng.out
@@ -1,5 +1,5 @@
-00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638897892722857}
+00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638897892722857}
 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1638897892722857,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTW\/+II9QTO5\/6moMoBfKc4frxprVfBsxdaQAED2QEABgCgAQJbUkVKAAcAAABTVEsAOAAAAFNOTwBsAAAAUFJPRmwBAABTQ0ZH8wEAAFJSRUr3AQAAU1RUTP8BAABDUlT\/GwIAADVoRFFcZEfiQgn1oXI2ORzyXhwGYKf\/Flu1\/kK\/l4UH4q9DCId2Xb2zn9efGujSc\/F0aNOeHZb6KAjEeRC9dXjLQIA3XVxkxqhCJrs95QV3gGPSLgjsQQ873Rxpmhq\/VDe1SdA9fAVAXfMUX1s0Z5mAWpV6sSbDkPHYULs7X0KVe+fR2Ai5noT8neP+HJa14zskJKzRF7WTWAfIPB94k7XcyneleZDZy\/LsPNPpKzumkgJT693IGvFFGpwQ7o47hVb2V37u8BaJMyzZuDr4CIc8F1YA1joFN7OPyOLc3a+gm+fEb18FG1gS\/ZrcntqavJ3HLz5Vi8zFgzSja7rxlz5ZT0Fgr\/\/hUJDycGNBHRHMai1MLz1CKo55ez2Vq+oMFJFtHL8m7Yk0AZ6oTphvz\/47C32mJ\/BonrdxqQzXuP2SrkxlJp8ughvQJBkM+kPiZ+nnveyN+ypLny4LxyWPno4oScYJJSbW2FdJTZlTQ0ZHBgAAAEFFQUQIAAAAU0NJRBgAAABQVUJTOwAAAEtFWFM\/AAAAT0JJVEcAAABFWFBZTwAAAEFFU0dDQzIwYXTY6XlRVYYUrxtElpX4jCAAAK5TCWYobSWz756zKFc0+OhHde7JrmIR8db7Z6FsadZoQzI1NVZwm2DcDowaV9aKYgAAAAANAAAAcj3bAAAAAAAC1l9bpELMSn4CHk1io2ZOe6cCwpjjNUiKNMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 01021{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
@@ -8,7 +8,7 @@
 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638897892752869,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892752869,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDlccwABGVF2QcnpzsvNwXHhnVYuvotOEZAFZyRstLhm5Vh8Y\/qjK+eAOivL9FfakfqselPfzU8unBIuLM1Gkl3hUCkDyi+vg32wZhmWtIpghdDZrkT8mPeJhzpBInbvmZgkVuAprrK41CoxKKjDlIkF+W84hfikpn3qkgLCEYuKToKkyTwbJLdd0NDQonRVcTPtbDVskjblaU5087vFl1B3+DiXjvx4mrrxoJ1o2m4QK+5Itx4XXf\/cDDYpVAKVU4JUhg7EBvC5CSSa69pj7lgUC+G\/vuoC9GDJzbBnxQBog=="}
 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638897892775793,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892775793,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDluwgABfL8+5jX9fJKzrGkYq50E3Kkrx2byhv\/1lxrsSEANv3rwV8oSZP1Kf9LnwvyulYNqHc0eA8kixsVINh0AEVVU7DdtZDWH0NB+uRHdIIMWflJVbH+jmh9USiXpEGMxWJMIsMKuWOo1oHx\/4WcMYLRLNqhlbRCt1SlzydohkUP0dPUhy0JEmQ2dcM9ySIjkPYCfM2x3oISOX1bfEnNb7p3pKZ5PyZPkuqec+dbYP0kRWjDfMgN9cmqV8B57rWtYeFeQ7inL7drCI8NtuFQhaY3EFIVsYr2d9Va2PyzOQ=="}
 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498263 bytes
-~~ total memory freed........: 5498263 bytes
+~~ total memory allocated....: 5498287 bytes
+~~ total memory freed........: 5498287 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 585 chars
+~~ json message min len.......: 583 chars
 ~~ json message max len.......: 2231 chars
-~~ json message avg len.......: 1404 chars
+~~ json message avg len.......: 1403 chars
diff --git a/test/results/default/radmin3.pcapng.out b/test/results/default/radmin3.pcapng.out
index d6cb66a0b..579f9b9c1 100644
--- a/test/results/default/radmin3.pcapng.out
+++ b/test/results/default/radmin3.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1706118225579475}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1706118225579475}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1706118225579475,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579475,"pkt":"CAAnXtCJCAAniDE8CABFAAA01stAAIAGAADAqFjQwKhYxcJIEyOILII4AAAAAIAC+vAzDQAAAgQFtAEDAwgBAQQC"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1706118225579475,"flow_dst_last_pkt_time":1706118225579656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1706118225579656,"pkt":"CAAniDE8CAAnXtCJCABFAAA0z0hAAIAG+JTAqFjFwKhY0BMjwkhWkmpFiCyCOYAS\/\/+bcAAAAgQFtAEDAwgBAQQC"}
@@ -16,7 +16,7 @@
 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1706118225579475,"flow_src_last_pkt_time":1706118226345962,"flow_dst_last_pkt_time":1706118226346137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49736,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1706118232219766,"flow_src_last_pkt_time":1706118232220056,"flow_dst_last_pkt_time":1706118232622772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":14,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":14,"midstream":0,"thread_ts_usec":1706118232622772,"l3_proto":"ip4","src_ip":"192.168.88.208","dst_ip":"192.168.88.197","src_port":49739,"dst_port":4899,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"Radmin","proto_id":"391","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1706118232622772}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/radmin3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":84,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1706118232622772}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504760 bytes
-~~ total memory freed........: 5504760 bytes
+~~ total memory allocated....: 5504800 bytes
+~~ total memory freed........: 5504800 bytes
 ~~ total allocations/frees...: 85892/85892
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/raft.pcap.out b/test/results/default/raft.pcap.out
index 7f547112e..660cdbe62 100644
--- a/test/results/default/raft.pcap.out
+++ b/test/results/default/raft.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705997809280892}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705997809280892}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997809280892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280892,"pkt":"AAAAAAAAAAAAAAAACABFAAA0zl5AAGYGSGN\/AAABfwAAAbTOIypHoKR3AAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705997809280892,"flow_dst_last_pkt_time":1705997809280904,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705997809280904,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAGYGFsJ\/AAABfwAAASMqtM6Kl47pR6CkeIAS\/9f+KAAAAgT\/1wEBBAIBAwMH"}
@@ -18,7 +18,7 @@
 02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":72140.1,"max":137171,"stddev":57048.4,"var":3254516224.0,"ent":4.3,"data": [20,29,20,35,15,13,6003,6005,206,208,119086,119085,125076,125088,137171,137161,116381,116396,102323,102307,21955,21953,125134,125135,125120,125120,125280,125280,103357,103382,22000]},"pktlen": {"min":40,"avg":62.5,"max":88,"stddev":22.7,"var":516.8,"ent":4.9,"data": [52,52,40,80,40,80,40,80,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88,40,88]},"bins": {"c_to_s": [2,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.268320084,4.514606476,4.391446590,3.897243023,4.391446590,3.032760382,4.391446590,2.986443520,4.341446877,2.850570679,4.341446400,2.873297930,4.391446590,2.850570679,4.391446590,2.791660070,4.341446400,2.768932819,4.391446590,2.791660070,4.322574615,2.791660070,4.391446590,2.791660070,4.391446590,2.768932819,4.391446590,2.791660070,4.341446877,2.791660070,4.341446877,2.760354519]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809280892,"flow_src_last_pkt_time":1705997810407653,"flow_dst_last_pkt_time":1705997810388430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46286,"dst_port":9002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1705997809281323,"flow_src_last_pkt_time":1705997810410479,"flow_dst_last_pkt_time":1705997810388511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705997810410479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":38488,"dst_port":9001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Raft","proto_id":"392","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":64,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1705997810410479}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/raft.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":64,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":2000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1705997810410479}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 64/64
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506097 bytes
-~~ total memory freed........: 5506097 bytes
+~~ total memory allocated....: 5506137 bytes
+~~ total memory freed........: 5506137 bytes
 ~~ total allocations/frees...: 85937/85937
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/raknet.pcap.out b/test/results/default/raknet.pcap.out
index 0d3699deb..da077800c 100644
--- a/test/results/default/raknet.pcap.out
+++ b/test/results/default/raknet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946711624286000}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946711624286000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946711624286000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946711624286000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUl7RAAD8RIvLAqAJklJkjza3V6n4FwDU+BQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711624328000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4I79AADcRpIOUmSPNwKgCZOp+rdUAJGm+BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUiIAAF1A=="}
@@ -15,7 +15,7 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":946711673464000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":946711673481000,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/cD5AADcRV\/2UmSPNwKgCZOp87REAK0g4CAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUd9gSlRXt67RECQAA="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946711673484000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711673484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sVJAAD8RDvDAqAJklJkjze0R6nwAJOBohAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAAO7jAA=="}
 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624422000,"flow_dst_last_pkt_time":946711624425000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1703,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":946711673573000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946713048252000}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946713048252000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713048252000,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713048252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946713048252000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUUWdAAD8RaT\/AqAJklJkjzYC36nUFwGJlBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048272000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946713048272000,"pkt":"YDjgxTWgeJS0JASgCABFAAA45d9AADgR4WKUmSPNwKgCZOp1gLcAJA72BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqAAF1A=="}
@@ -92,7 +92,7 @@
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":946713124625000,"flow_src_last_pkt_time":946713244627000,"flow_dst_last_pkt_time":946713124625000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":66,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":946713304628000}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":66,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":946713304628000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 66/66
 ~~ skipped flows.............: 0
@@ -101,8 +101,8 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523779 bytes
-~~ total memory freed........: 5523779 bytes
+~~ total memory allocated....: 5523979 bytes
+~~ total memory freed........: 5523979 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/rdp.pcap.out b/test/results/default/rdp.pcap.out
index 490a3d100..a7c344b33 100644
--- a/test/results/default/rdp.pcap.out
+++ b/test/results/default/rdp.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559207465138576}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559207465138576}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465138576,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1559207465138576,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1559207465180991,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="}
@@ -8,7 +8,7 @@
 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465181421,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465227138,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465227138,"pkt":"AgAAAEUAADtflUAAfwYqKMCoAo6sEAK5DT3NDkeav735vOJsUBj57ULVAAADAAATDtAAABI0AAIfCAAIAAAA"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":7,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465466244,"flow_dst_last_pkt_time":1559207465509666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1081,"flow_dst_tot_l4_payload_len":1661,"midstream":0,"thread_ts_usec":1559207465509666,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559207465509666}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559207465509666}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498563 bytes
-~~ total memory freed........: 5498563 bytes
+~~ total memory allocated....: 5498587 bytes
+~~ total memory freed........: 5498587 bytes
 ~~ total allocations/frees...: 85881/85881
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 512 chars
diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out
index f0cd0014e..78e60fb08 100644
--- a/test/results/default/rdp2.pcap.out
+++ b/test/results/default/rdp2.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1622724948504706}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1622724948504706}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622724948504706,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948504706,"pkt":"UlQATzIvUlQAsDb7CABFAATsljsAAIARKb3AqHq1wKh6AtXnDT0E2Hry\/\/\/\/\/wBAGAG7\/1aHBNAE0KaQQMHfeUi3j6CMTWNjAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948618376,"pkt":"UlQAsDb7UlQATzIvCABFAATsY5IAAIARXGbAqHoCwKh6tQ091ecE2Hryu\/9WhwBAEAVNZ3lmBNAE0AABAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -7,7 +7,7 @@
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1622724949145111,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"thread_ts_usec":1622724949145111,"pkt":"UlQATzIvUlQAsDb7CABFAACtljwAAIARLfvAqHq1wKh6AtXnDT0AmXazABTBAfQBZOBkAAEAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="}
 01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703419087056}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703419087056}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"}
@@ -16,7 +16,7 @@
 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"}
 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1645516407326363}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1645516407326363}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -26,7 +26,7 @@
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"}
 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1645516407454743}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1645516407454743}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 39/39
 ~~ skipped flows.............: 0
@@ -35,10 +35,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503478 bytes
-~~ total memory freed........: 5503478 bytes
-~~ total allocations/frees...: 85924/85924
+~~ total memory allocated....: 5503547 bytes
+~~ total memory freed........: 5503547 bytes
+~~ total allocations/frees...: 85925/85925
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 2168 chars
-~~ json message avg len.......: 1366 chars
+~~ json message avg len.......: 1365 chars
diff --git a/test/results/default/rdp3.pcap.out b/test/results/default/rdp3.pcap.out
index 4f34f86a3..e18e63718 100644
--- a/test/results/default/rdp3.pcap.out
+++ b/test/results/default/rdp3.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1138119414226584}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1138119414226584}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414226584,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414226584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414226584,"pkt":"AABeAAEPABI\/YyDTCABFAAAwYyVAAIAGdLoKlgkVCp0EoQaVDT0VSOJYAAAAAHAC\/\/9UxAAAAgQFtAEBBAI="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1138119414226584,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1138119414283512,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAwEwgAAHsGCdgKnQShCpYJFQ09BpVuMr5rFUjiWXASQADoKAAAAgQFoAEBBAI="}
@@ -8,7 +8,7 @@
 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414283512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1138119414284882,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1138119414284882,"flow_dst_last_pkt_time":1138119414319556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1138119414319556,"pkt":"ABI\/YyDTAAWFpSfwCABFAAAzEwlAAHsGydMKnQShCpYJFQ09BpVuMr5sFUjigFAY\/9g4twAAAwAACwbQAAASNAA="}
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1138119414226584,"flow_src_last_pkt_time":1138119414897306,"flow_dst_last_pkt_time":1138119414854817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":519,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":1629,"flow_dst_tot_l4_payload_len":862,"midstream":0,"thread_ts_usec":1138119414897306,"l3_proto":"ip4","src_ip":"10.150.9.21","dst_ip":"10.157.4.161","src_port":1685,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1138119414897306}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rdp3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2491,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1138119414897306}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498853 bytes
-~~ total memory freed........: 5498853 bytes
+~~ total memory allocated....: 5498877 bytes
+~~ total memory freed........: 5498877 bytes
 ~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/reasm_crash_anon.pcapng.out b/test/results/default/reasm_crash_anon.pcapng.out
index 924ae6b3a..593516780 100644
--- a/test/results/default/reasm_crash_anon.pcapng.out
+++ b/test/results/default/reasm_crash_anon.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1410865705717955}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1410865705717955}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1410865705717955,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717955,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1410865705717964,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717964,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
@@ -7,11 +7,11 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1410865705719491,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719491,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EJAAABAQgKPplWLTphWIQ="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1410865705719495,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719495,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EYAAABAQgKPplWLTphWHY="}
 02013{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":9709947.0,"max":30165638,"stddev":14064983.0,"var":197823744180224.0,"ent":3.3,"data": [9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670]},"pktlen": {"min":52,"avg":155.0,"max":777,"stddev":234.8,"var":55144.5,"ent":4.0,"data": [65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52]},"bins": {"c_to_s": [23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0],"entropies": [5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901]}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1410866307727956}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1410866909737971}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1410866307727956}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1410866909737971}
 00889{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1410867180785359}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1410867180785359}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 209/209
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506082 bytes
-~~ total memory freed........: 5506082 bytes
+~~ total memory allocated....: 5506106 bytes
+~~ total memory freed........: 5506106 bytes
 ~~ total allocations/frees...: 86070/86070
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out
index bc14da531..f1584293a 100644
--- a/test/results/default/reasm_segv_anon.pcapng.out
+++ b/test/results/default/reasm_segv_anon.pcapng.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466}
 00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466}
 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -41,7 +41,7 @@
 00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976}
 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1550422844224430}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1550422844224430}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 82/82
 ~~ skipped flows.............: 0
@@ -50,8 +50,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500351 bytes
-~~ total memory freed........: 5500351 bytes
+~~ total memory allocated....: 5500375 bytes
+~~ total memory freed........: 5500375 bytes
 ~~ total allocations/frees...: 85942/85942
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 356 chars
diff --git a/test/results/default/reddit.pcap.out b/test/results/default/reddit.pcap.out
index b99d8214e..7eac2c2a6 100644
--- a/test/results/default/reddit.pcap.out
+++ b/test/results/default/reddit.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605291684451133}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605291684451133}
 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684451133,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="}
 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684451247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451247,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -579,7 +579,7 @@
 01015{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291691044050,"flow_dst_last_pkt_time":1605291691043957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7976,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":101,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291698488081,"flow_dst_last_pkt_time":1605291698522640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1168,"flow_dst_max_l4_payload_len":2333,"flow_src_tot_l4_payload_len":3956,"flow_dst_tot_l4_payload_len":41414,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690495529,"flow_dst_last_pkt_time":1605291690520905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":4664,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1942,"packets-processed":1942,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1605291698602574}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1942,"packets-processed":1942,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1605291698602574}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1942/1942
 ~~ skipped flows.............: 0
@@ -588,8 +588,8 @@
 ~~ total active/idle flows...: 60/60
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6399854 bytes
-~~ total memory freed........: 6399854 bytes
+~~ total memory allocated....: 6400822 bytes
+~~ total memory freed........: 6400822 bytes
 ~~ total allocations/frees...: 88949/88949
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/resp.pcap.out b/test/results/default/resp.pcap.out
index 203666384..cfb158493 100644
--- a/test/results/default/resp.pcap.out
+++ b/test/results/default/resp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702898943330035}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702898943330035}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702898943330035,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943330035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943330035,"pkt":"8C90rUP1aFRakVvWCABFAAA82P1AAEAGLqnAqFjdwKhY58qqGOuGnszoAAAAAKAC+vAzRAAAAgQFtAQCCAoubDTVAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702898943330035,"flow_dst_last_pkt_time":1702898943333135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1702898943333135,"pkt":"aFRakVvW8C90rUP1CABFAAA8AABAAEAGB6fAqFjnwKhY3RjryqrbKb5Ohp7M6aASfHA16gAAAgQFtAQCCAr2ajg9Lmw01QEDAwc="}
@@ -9,7 +9,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1702898943333759,"flow_dst_last_pkt_time":1702898943335142,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1702898943335142,"pkt":"aFRakVvW8C90rUP1CABFAAA0AAVAAEAGB6rAqFjnwKhY3RjryqrbKb5Php7M+oAQAPngFgAAAQEICvZqOD8ubDTZ"}
 02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898964665655,"flow_dst_last_pkt_time":1702898964668744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":90193,"midstream":0,"thread_ts_usec":1702898964668744,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":1376591.2,"max":15069914,"stddev":3743897.5,"var":14016768376832.0,"ent":2.2,"data": [3100,3194,530,2007,1366,2825,76,62,1842,1818,38,30,46,26,1566,1613,57,43,730,714,27,27,56,44,3178194,3181407,3266,15066911,15069914,3076323,3076477]},"pktlen": {"min":52,"avg":2873.3,"max":20324,"stddev":5036.0,"var":25361708.0,"ent":3.2,"data": [60,60,52,69,52,7292,52,7292,52,10188,52,14532,52,4396,52,2948,52,20324,52,5844,52,5844,52,12041,52,66,59,52,52,52,94,57]},"bins": {"c_to_s": [16,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1],"entropies": [4.792549133,5.312701702,5.078045845,5.327735424,5.053296566,4.681052208,5.026988029,4.653189182,4.962661266,4.634037495,5.154969215,4.594288826,5.154969215,4.638483524,5.169486046,4.692945957,5.207947731,4.656515121,5.116507530,4.706604004,5.169486046,4.658525944,5.078045845,4.651947498,5.169486046,5.347818375,5.210581779,5.207947731,5.246409416,5.053297043,5.398960114,5.159096241]},"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":17,"flow_first_seen":1702898943330035,"flow_src_last_pkt_time":1702898971841005,"flow_dst_last_pkt_time":1702898971840965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":20272,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":90212,"midstream":0,"thread_ts_usec":1702898971841005,"l3_proto":"ip4","src_ip":"192.168.88.221","dst_ip":"192.168.88.231","src_port":51882,"dst_port":6379,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RESP","proto_id":"182","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1702898971841005}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/resp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":90308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1702898971841005}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 39/39
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499104 bytes
-~~ total memory freed........: 5499104 bytes
+~~ total memory allocated....: 5499128 bytes
+~~ total memory freed........: 5499128 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
diff --git a/test/results/default/riot.pcapng.out b/test/results/default/riot.pcapng.out
index 1a423d22d..34a641649 100644
--- a/test/results/default/riot.pcapng.out
+++ b/test/results/default/riot.pcapng.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679740451287612}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679740451287612}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1400,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740451287612,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaetAANwGmP00KYeHwKgaFgG7ymlvVZVZdql7b1AQAG415gAAFgMDD+sLAA\/nAA\/kAAdYMIIHVDCCBjygAwIBAgIQD6KljRei+mqTVyEujADhITANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDMyNDAwMDAwMFoXDTIzMDQyNDIzNTk1OVowgdAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MTU1ODQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxGTAXBgNVBAoTEFJpb3QgR2FtZXMsIEluYy4xGjAYBgNVBAMTEWVrZy5yaW90Z2FtZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus13vndQVpCZQ\/6PU8G+iDtU3rn+bD7d3d5AQ0WHga2RFZSUS4+6wZSACw1hvY9jxBAMKhZCGI2lsyH3XsGZcqmDGaQNAesHLuc6DvGlXCziBRbNOFBP05C\/on20exh8HLy3EJ\/LZMxR89Y3ZwTAOu691hgcmW6+p0X71KlNaQIO7fGLFtbN4DanvTd4uh5guifZZf9uVE7Y\/bar80NdArcGHl+U6zztdb3TJScjZRMR153rnT1qzYEjEUWDpFzWAVWCPkDLeueyPLhUoG8Wi4cDjpqnNqH4oHo2cbTeuoG+8\/gGed9TZeQgA9QE3N7f5bmLcS7A7+s47IsJ1RrFgQIDAQABo4IDgjCCA34wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFFeL4L3PsxfrUVsE8HMc96hHy9G1MDQGA1UdEQQtMCuCEWVrZy5yaW90Z2FtZXMuY29tghZ0ZXN0LmVrZy5yaW90Z2FtZXMuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG\/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf70O7bsAAAQDAEYwRAIgZcAfjxYIGLSb7O8oj5RjpQ8KzltiTGJYuU6CKygHjkICIGg7XyVQ50yZJpsXatTr+CnOqs1Ofw9NfwN15OxsGC1WAHUANc8ZG7+xbFe\/D61MbULLu7Y="}
 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaexAANwGmPw0KYeHwKgaFgG7ymlvVZrRdql7b1AQAG4YEQAAJyAmUeo\/4SrvqAPDO9ZMAAABf70O7ewAAAQDAEYwRAIgbExkqx\/44d4BgvWQpdxRieBSelu86su7x8R8AGdR3CsCIDADQRj1HF0cGtcNaC1YS22cWe09BnL84k7bSvuslPfPAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF\/vQ7uDgAABAMARzBFAiEAsAO\/XUJkEUyCF1g0U+MQyf6ugkG6ZlpEvNTq+J8MobECIG4mIF3E1GfYS4up\/O+nPD3Fc6JMxp0dsgeIANHAro39MA0GCSqGSIb3DQEBCwUAA4IBAQBArYmu+AQtIEuKrCGgjIojRxWSY2o6aMd1q3E29BWJDeZO56UpuaUbOuK97nyjGup3Lr6fQa5e3qpL\/uejTwGkV4SeqDKMuM5D3q0MuOU0ekxfpXSxhGONh14TIDMQ1w0Z2\/HKDfIECyfBEfg5XhF7XcI3eKoTogXveVOzeFDgPja2UbS6HAh\/z7JYI+q3ymzgJIgWN15ksiiDFZVmRjD0VfmxNorVeBx6P86FPbnEVCiBXKe6fvuPwRCgTcjwUE377F7XetwlfTxcK\/rgSX8BPdMUonImi5ilfgK+EHj9++mKQrwbgVoka3afJB6Z6A3\/2l4WB5hZvkSD0v9l0LZHAAPJMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE\/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH\/BAQDAgGGMA8GA1UdEwEB\/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe\/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR\/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CA="}
@@ -12,10 +12,10 @@
 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7FAADUGHMQj6lXawKgaFgG7yu2QLA6x3sfhBFAQAH6dXQAAaZnszOnuGa18jh\/9epnGmEYL5BV119LNVo5luWshvG\/kifk9mHjtkA8LzVdsOkvCrmHBpzpDo4qyPk2lDypq04IU48JUqhFrG4kvlPz+VO7sse0uxYXj81FdNb2qoJnvAjqV+Zj4Nii8PIcuNGqghDjzrs2PW\/gEhkaWDikhhSY7DjOLiQIDAQABo4ICjjCCAoowEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1lcmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0\/AGi+6ke75C5yZUyI42djCCASsGA1UdIASCASIwggEeMIIBGgYEVR0gADCCARAwSgYIKwYBBQUHAgEWPmh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMIHBBggrBgEFBQcCAjCBtAyBsVRoaXMgVHJ1c3RJRCBTZXJ2ZXIgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9jb21tZXJjaWFscm9vdGNhMS5jcmwwHQYDVR0OBBYEFIm4m7ae7fuwxr0N7GdOPKOSnS35MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdMrY9RYwNyVgzeOqqcbdIxy5gHRQFbh3RTuIi0fsnbEh3v7BN+I3zmXJq71gyLOzG9wvqCulXtLQNAZnrlSacXichYDV5zdcnbBrFH\/CXt47oW4L+9yD5LPMKaSU5DP9DEu88ws+QAjzL6\/q+hP+CLQh0\/vr62HoEGS1+NyLfnJIN0RVcVDxBAwVqNF8MU5An98ZmHj4XaSPA6s2s+3794ULe6r2TzVXiLtun0JJ0kBZL3Mx0plhONvhq7jCsa6bYCF71DNs7VhrNUh+BZNdQvLqAdfQJtFY5EiWpExhiPC\/ZdtVYN5RfrOMCWgBbjnl5e2n5WYa7LM4HR+z7U+6JCBqaRjlbaNNLed\/qg+OMdpBJe16qJJT9E5Uzdc4PsUbL2a+9IUbuxx8nmrbQswe8p4yvcy9RLje07a4Y09otZ\/Aai3Gijup67jTCez1hd7VYIAuznqPos6SLponh2vVcHu9vQoT18OCL9janJ2Ilh3lJHUxv1kHD9IxZNpn0j\/QPzGFv2EzUXZVAECEQLS80qWh6zCXhXl6dVAeM84sSysIiY4Kv8oaXA=="}
 01073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAG6z7JAADUGIAkj6lXawKgaFgG7yu2QLBOJ3sfhBFAYAH4d+AAAQXkC3KDQtxS4HojCCDcr9BRjdC6yeOsNyAZHKhafRm3neZ4wKLcLSGhD4WtDfMXj\/vC3EqcYYEfmEoFTbczZesoRkvlGYZmJ2lY\/pkFu8SzYypIPvNwW9hYDAwEsDAABKAMAHSC0MXhZC1eR2qDSDBY8B01l+mdFSJcUUl10IHfhF\/8kEAgEAQAQUdC8\/U4nys3JUQGs8TxvFSJbStpIbrbU939RaECvS5n4IOPPX8nXRI2EMqABJ0IvFCQCxap8M31MXwU+ZJcb\/1IT9BJWzj1\/lQ5QWXimUiht6Gz8LdTtX4wAZ6M+YO3i+BWuK\/wTi7nhnL51Nxe8wCQWUPSDZ5VF0L5CiEmhjQ0AX\/4WG73GQQiE6MxIIMYVG7QvLpEsbtZo7DxUCLHKxpyaoG0A+2IZBv3huGFCw\/2bzTlQN3xJ7H82KHHVTiHI9+OC\/xlUCBLzaufql4+bUEJXgTP9rJIztltFGS3VRf7ioZwc+TNQHLqT9s8yvEK5qapHXkXGRLkY+O\/ULLmeFgMDAAQOAAAA"}
 01640{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"","tls": {"version":"TLSv1.2","server_names":"embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io","notafter":"2024-01-07 19:51:14","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1","subjectDN":"CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US","negotiated_alpn":"h2","fingerprint":"CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44"}}}
-01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01160{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1679740491800062}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1679740491800062}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -24,10 +24,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5521778 bytes
-~~ total memory freed........: 5521778 bytes
-~~ total allocations/frees...: 85893/85893
+~~ total memory allocated....: 5521831 bytes
+~~ total memory freed........: 5521831 bytes
+~~ total allocations/frees...: 85894/85894
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 2417 chars
-~~ json message avg len.......: 1491 chars
+~~ json message avg len.......: 1490 chars
diff --git a/test/results/default/riotgames.pcap.out b/test/results/default/riotgames.pcap.out
index 9bf456a6a..29c97753c 100644
--- a/test/results/default/riotgames.pcap.out
+++ b/test/results/default/riotgames.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644446178115000}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644446178115000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446178115000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOUAAH8RfLDAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -7,49 +7,49 @@
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644446180176000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446180176000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOcAAH8RfK7AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644446181179000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446181179000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOgAAH8RfK3AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644446182183000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446182183000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOkAAH8RfKzAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648063928092000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648063928092000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1648063928092000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkz4FAAD8R+pTAqAJk1bPY8r2Ow1QAECUCEzfK\/goAAAA="}
 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1648063928151000,"pkt":"YDjgxTWgeJS0JASgCABFAAAk5k1AADcR68jVs9jywKgCZMNUvY4AECUCEzfK\/goAAAAAAAAAAAAAAAAA"}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446183618000,"flow_dst_last_pkt_time":1644446183613000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":177,"midstream":0,"thread_ts_usec":1648063928151000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1654781451507000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1654781451507000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451507000,"pkt":"eJS0JASgYDjgxTWgCABFAABAaVkAAH8RJE3AqAJkovlIAfWGH\/UALPN\/c3T2DHIyQgSrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451526000,"pkt":"YDjgxTWgeJS0JASgCABFAABAcP9AADgRI6ei+UgBwKgCZB\/19YYALF0BcjJCBAAAAACrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1654781451526000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1654783623503000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1654783623503000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623503000,"pkt":"eJS0JASgYDjgxTWgCABFAABAtqAAAH8RVRrAqAJkK+VBAdPXHz4ALLwuE5sFlpUyRyCrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623769000,"pkt":"YDjgxTWgeJS0JASgCABFAABA3N9AADARPdsr5UEBwKgCZB8+09cALNVflTJHIAAAAACrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654783623769000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1654785423332000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1654785423332000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423332000,"pkt":"eJS0JASgYDjgxTWgCABFAABA04EAAH8RuiTAqAJkovlIAeL6H\/UALG1KXY5aogEy\/RarWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423380000,"pkt":"YDjgxTWgeJS0JASgCABFAABASwdAADYRS5+i+UgBwKgCZB\/14voALCV7ATL9FgAAAACrWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654785423380000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1654790643639000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1654790643639000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643639000,"pkt":"eJS0JASgYDjgxTWgCABFAABAp6MAAH8R5gLAqAJkovlIAcNUH\/UALPlTK70DER4y\/RWrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643680000,"pkt":"YDjgxTWgeJS0JASgCABFAABAVJVAADURQxGi+UgBwKgCZB\/1w1QALCgiHjL9FQAAAACrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654790643680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1655323563669000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1655323563669000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563669000,"pkt":"eJS0JASgYDjgxTWgCABFAABAIVQAAH8R6mbAqAJkK+VBAfY+Hz4ALJnHE5sFlpUyRyCrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563941000,"pkt":"YDjgxTWgeJS0JASgCABFAABAW6NAAC8RwBcr5UEBwKgCZB8+9j4ALLL4lTJHIAAAAACrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655323563941000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655757069043000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655757069043000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1655757069043000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkrucAAH8RlrbAqAJkQhbxCO6rw1QAEGNsEzfK\/hYAAAA="}
 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1655757069107000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkQStAADYRDXNCFvEIwKgCZMNU7qsAEGNsEzfK\/hYAAAAAAAAAAAAAAAAA"}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655757069107000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657052125163000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657052125163000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1657052125163000,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHYAAH8R5R7AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -59,7 +59,7 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657052126476000,"flow_dst_last_pkt_time":1657052126497000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1657052126497000,"pkt":"YDjgxTWgeJS0JASgCABFAAA9pxNAAPYRL5Wi+UgBwKgCZBwawJIAKbEE\/DL5AwUAAAAAAID\/PQwqd\/zywtfCXzxlgMLEt38OVBEK"}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052126580000,"flow_dst_last_pkt_time":1657052127590000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657052127590000}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657052127590000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 44/44
 ~~ skipped flows.............: 0
@@ -68,8 +68,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5516625 bytes
-~~ total memory freed........: 5516625 bytes
+~~ total memory allocated....: 5516777 bytes
+~~ total memory freed........: 5516777 bytes
 ~~ total allocations/frees...: 85992/85992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/rmcp.pcap.out b/test/results/default/rmcp.pcap.out
index 8458c5a81..83a43508f 100644
--- a/test/results/default/rmcp.pcap.out
+++ b/test/results/default/rmcp.pcap.out
@@ -1,9 +1,9 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685886497916092}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685886497916092}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685886497916092,"pkt":"xpffLU2SPJTVQTiBCABFAAAzHmlAACIRH0x71Bnlqy+tF8F7Am8AH+\/XBgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685905522978060}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685905522978060}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978060,"pkt":"xgwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrQ25ZqYDlVPrOohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"}
 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
@@ -11,7 +11,7 @@
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978073,"pkt":"AAwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrSJjT0SUoQEsuohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"}
 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1685929216370306}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1685929216370306}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929216370306,"pkt":"AAwp30Y4PJTVQTiBCABFAAAz1DEAAPQRz8SB3pkevtuOlOLRAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
@@ -26,7 +26,7 @@
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}}
-00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1685929316901739}
+00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1685929316901739}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -35,8 +35,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509007 bytes
-~~ total memory freed........: 5509007 bytes
+~~ total memory allocated....: 5509111 bytes
+~~ total memory freed........: 5509111 bytes
 ~~ total allocations/frees...: 85921/85921
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/roblox.pcapng.out b/test/results/default/roblox.pcapng.out
index 4a134879b..20e75cc05 100644
--- a/test/results/default/roblox.pcapng.out
+++ b/test/results/default/roblox.pcapng.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1686316283692571}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1686316283692571}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283692571,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARjlvAqAycgHRZcafV+XYFVItnewD\/\/wD+\/v7+\/f39\/RI0VngFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -16,7 +16,7 @@
 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1686316284145726,"pkt":"Jjb1W8R1CL6sCxduCABFAAXcEjxAADUGZiOAdHoEwKgMnAG7mHqQakPs+bx0zYAQAAnwhAAAAQEICkEwULPVk0gbFgMDAHoCAAB2AwP4BXPwGT00VIKjwhz\/iAjBX5hcQlAkH8qUL2GYRZ2JDyCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSBMBAAAuACsAAgMEADMAJAAdACDv+sSz2sc9nAJ2xwbZNggYo\/XMPVfMs1rZ+FhiOG7sbhQDAwABARcDAwAqj+ObT3wmRQmspaK+qrIa0FIN2nKpicKwZLltd1NMgyZxPs+Q5NFbKMq1FwMDFt7NiDihBiTew2A1WYHeDFdb5XjnvadO4mz9ZVoyi1Ud7AuqmJ+YhFC\/tSnrhA\/L9YMIX2NDYlSfhkKS61LUR3CsO5LWxV6DUNKqWrFqcTDF8xzIxNty2lMXpegl17yEWyWtR4qECJaNI0mFsBGmeiHmJCTnM1GmMWo91RdX4cVtapki45ZCFFhYF7chaucSShcOZFWE63CfZodB8A40WMSp9k7zkyemrxe5n0d6xWkWN8TPelzxLckRFGlo8kHq+PtReTKHOKWX5Zy\/6g4PcgoBi\/6rBmWM45HnQ+\/LknwOl9OivcqylNqUEfZO6tK2muefZQVPfbuuj+VXsN60KrKQRolxaOXUyCjHdGsiOv21Hn31cZeqEh5fNBDNGGOGaHas494sghqnDFo4qeI3vRmyL5KQVb3s9rt+Ci8FuYv10vMhHS1aLhUHGod3kY8qnWue1aHYZnxHYkk5YwGoz\/bf4MMd5ArSh27vxxzyYrYCFzNRDox47Dy1phgxx4k5IiPGwqGraYagHEj4rzEJuaJSgbhvXVx8ur8RBTFWlbn9V9o7zCyhFyjpdF8Vr1GNh\/5cfLE84m6h1kHKyQxl1YRe+0iZ6LpbSYEG3alX+6vxuOKfc8y9tVeg4A0MXdj3bf5SY8tForlzUVmEyfWkEvXuIG5TbGI3BbQTi\/x9B63QNDd8HujYxb4IKgGUYPxObk8szG+W3pZljxqX7uKnvHk7gF6WS1N+\/SdVK8FeBQZRRtnUXBSYfMNUQVr4PZnIRzwdZpS9BpXNqLj+w7eQcFCVWDU00\/cMybr2LM0khbNMHA0G9NB3RsWxJz2d8kJcY3XuEG3eiJnPzBo0AxV8u8rXuzBF56HtPyrdp6CsITbT2CK9OdxNnHlB6yXkXulNvClvweEwpJtm\/IxMsqEEOYhNsr4whK3WPvN7X6bOC\/dQfyaxmfyYAWB3dFl\/JGabl8sJoB6fxJaBAAcKLtRAXYmLBv6ZmmZj5WyC7bzZwBnoCmJmyMK1sMXQv1Pk5WMVJEPtEvxX0nxspeMnd+A+UZPGnb9Rmh6bp43bceptOmDswoXcUs2K31dd8Ly4f63mJHzOOcNTe6BlkHJf12AyJ2ke3vR2afu1m5ra3u79zEP\/SK5u5S0TNxJWBMK9F+WNbvSgx9WgrGqGuUWHiLuX9ckai13\/ulSH0DmgGDWc+V+Z6DLKD0HiOd+WQNkMLFV1jVvCZf3HDSS0yv\/SQ54Y9YBBBTdI+Y5i+Pv\/kQo5sBDRkyHDG33HajhsGNrGOZCybwHs5a1kpsDabpgf0VU8GZJBD5Hgd+lIZxqt1YblX3jwEpkKjCar+TbJ6HyKIVWdhHeOEhwwLFfki93bsT0beK8KJMz63nEv0YIOtQHWsiAuAwpzSnHJtznf2Z0+uCEPwMJgLEO5V7OAd5wxrDhI8ONbOPL3DL3HH6ggibiIQLcFi6HiI29Y+9b6G6RmmPAlyA4rw6PIK9cU9BFkJujokIKPu2o0\/4jJkMpL316i4xHdbWh4\/7\/2JB\/A9H9JyIhKoSZPq0IKNmOZejI9rUJowqzW+B9m3zB1DZjf8MdO6LjPPDYFYzeu1pKFrZH0c0aWZ8cwagPf5nE6xiuAQ8ZdqDMiYsu\/R992FEud16tqrGdqp0G6kY2eJinf4uLYYyuxMS4THTGHQDSMdrIGDdz+Ri0="}
 01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d3113ht_e8f1e7e78f70_b23652925e07","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":746596.0,"max":10785585,"stddev":2538101.5,"var":6441959161856.0,"ent":1.7,"data": [28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593]},"pktlen": {"min":40,"avg":357.7,"max":1500,"stddev":487.7,"var":237869.3,"ent":3.9,"data": [60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1],"entropies": [4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1686326648493170}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1686326648493170}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648493170,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbJ90IkFVNfxAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -26,7 +26,7 @@
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1686326648735662,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686326648735662,"pkt":"CL6sCxduJjb1W8R1CABFAABfhZcAAEARex3AqAycgHQsIbJ90IkAS7YiAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiQPawcSA\/bOuR7gJ5LgpDk+soFdu7AZnfJ12rVYjGKUI3M\/gLA=="}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283794515,"flow_dst_last_pkt_time":1686316283806465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":2977,"flow_dst_tot_l4_payload_len":498,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316296142505,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1686333469750635}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1686333469750635}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469750635,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbWryO4FVEvhAQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7nsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -36,7 +36,7 @@
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1686333470028956,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686333470028956,"pkt":"CL6sCxduJjb1W8R1CABFAABfb+QAAEARkNDAqAycgHQsIbWryO4AS++iAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7ncnCfOsPT8PcVse23VWPpNtYldufworZLI4u9rBGniKI+a64A=="}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":2,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648875787,"flow_dst_last_pkt_time":1686326648846178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6363,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":1,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333470172917,"flow_dst_last_pkt_time":1686333470150567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6225,"flow_dst_tot_l4_payload_len":1332,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":78,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1686333470172917}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":78,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1686333470172917}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 78/78
 ~~ skipped flows.............: 0
@@ -45,8 +45,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529075 bytes
-~~ total memory freed........: 5529075 bytes
+~~ total memory allocated....: 5529147 bytes
+~~ total memory freed........: 5529147 bytes
 ~~ total allocations/frees...: 85979/85979
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/roughtime.pcap.out b/test/results/default/roughtime.pcap.out
index 4d9a4d02b..e52587326 100644
--- a/test/results/default/roughtime.pcap.out
+++ b/test/results/default/roughtime.pcap.out
@@ -1,12 +1,12 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688459063439932}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688459063439932}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459063439932,"pkt":"eJS0JASgYDjgxTWgCABFAAQc8whAAD8RnDTAqAJkQOmkno2BB9IECLEkAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459063439932,"flow_src_last_pkt_time":1688459063439932,"flow_dst_last_pkt_time":1688459063439932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459063439932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"64.233.164.158","src_port":36225,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"thread_ts_usec":1688459068453261,"pkt":"eJS0JASgYDjgxTWgCABFAAQcyDpAAD8RJpfAqAJkI8BiM5nhB9IECARZAgAAAEAAAABOT05DUEFE\/0Wcq29INM2pt7PJg+O1BI4WJW5l7JY+YL+Mo2mtPLST1ZCeaNj4vUmemQfE0Nou3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459068453261,"flow_src_last_pkt_time":1688459068453261,"flow_dst_last_pkt_time":1688459068453261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1024,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459068453261,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"35.192.98.51","src_port":39393,"dst_port":2002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1688459897600597}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1688459897600597}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_usec":1688459897600597,"pkt":"YDjgxTWgeJS0JASgCABFAAGElUFAADsRe3qin8gBwKgCZAfSv30BcDv4BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWF72woTE4E5m4pnuoj1g82Q3it+Rx1lIQrBa+8w7HA20l6CzRcDEXkryqN2wT\/P+b3mIy6HIl\/aMzUOaDSVLEQsDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AwNhpNKX\/BQB7jicHExuCXvBNcLG4RqixZQOag9vqNLYumLuF3317E6Q8mr4tG+MrZI87Z9D66Ly9BFCOUmG8HUC4CmDEBDMsAgAAAEAAAABTSUcAREVMRc341JCd\/F7MyqhvbaGn9fBbN3l6OufgeMTVuHUjpgnyQAAyTDjLnT2vaGE5ZvT5lzQ\/oq3rcNcoCDZlulpBsQADAAAAIAAAACgAAABQVUJLTUlOVE1BWFRCqhilXUVGMeeZqqSgs6sgq6EAXuQ\/ffyzcVoUrgDAppCLOyef\/wUAkOsSRbP\/BQAAAAAA"}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688459897600597,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -17,7 +17,7 @@
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688460392257946,"flow_src_last_pkt_time":1688460392257946,"flow_dst_last_pkt_time":1688460392257946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"35.192.98.51","dst_ip":"192.168.2.100","src_port":2002,"dst_port":57626,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688459897600597,"flow_src_last_pkt_time":1688459897600597,"flow_dst_last_pkt_time":1688459897600597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":360,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688460392257946,"l3_proto":"ip4","src_ip":"162.159.200.1","dst_ip":"192.168.2.100","src_port":2002,"dst_port":49021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Roughtime","proto_id":"383","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1688460392257946}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roughtime.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":2768,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1688460392257946}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -26,10 +26,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504605 bytes
-~~ total memory freed........: 5504605 bytes
+~~ total memory allocated....: 5504677 bytes
+~~ total memory freed........: 5504677 bytes
 ~~ total allocations/frees...: 85897/85897
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 1889 chars
-~~ json message avg len.......: 1229 chars
+~~ json message avg len.......: 1228 chars
diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out
index 7d58351ec..4e569e425 100644
--- a/test/results/default/rsh-syslog-false-positive.pcap.out
+++ b/test/results/default/rsh-syslog-false-positive.pcap.out
@@ -1,5 +1,5 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464076252936094}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464076252936094}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_usec":1464076252936094,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -12,7 +12,7 @@
 00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1464076253018101}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1464076253018101}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -21,8 +21,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498205 bytes
-~~ total memory freed........: 5498205 bytes
+~~ total memory allocated....: 5498229 bytes
+~~ total memory freed........: 5498229 bytes
 ~~ total allocations/frees...: 85868/85868
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 366 chars
diff --git a/test/results/default/rsh.pcap.out b/test/results/default/rsh.pcap.out
index 012f506e1..4de14f246 100644
--- a/test/results/default/rsh.pcap.out
+++ b/test/results/default/rsh.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654277359673876}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654277359673876}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277359673876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8BJ9AAEAGOBt\/AAABfwAAAQP\/AgJQUgi+AAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2NwKAAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673899,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/+d65A3UFIIv6AS\/8v+MAAAAgT\/1wQCCAp\/2NwKf9jcCgEDAwc="}
@@ -16,7 +16,7 @@
 01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277362309472,"flow_dst_last_pkt_time":1654277362292703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277362309472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","rsh": {"client_username":"lns","server_username":"someuser","command":"some random command"}}}
 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277363725020,"flow_dst_last_pkt_time":1654277363725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}}
 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277360987203,"flow_dst_last_pkt_time":1654277360987169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1654277363725020}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1654277363725020}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505023 bytes
-~~ total memory freed........: 5505023 bytes
+~~ total memory allocated....: 5505063 bytes
+~~ total memory freed........: 5505063 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/rsync.pcap.out b/test/results/default/rsync.pcap.out
index ba4918032..b5b264ee0 100644
--- a/test/results/default/rsync.pcap.out
+++ b/test/results/default/rsync.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387144174826849}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387144174826849}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174826849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826849,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="}
@@ -8,7 +8,7 @@
 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174827057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174827090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387144174827090,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Z4JAAEAG1T9\/AAABfwAAAQNp1NlRGhcXs11wxIAQACv+KAAAAQEICgA8cJUAPHCV"}
 00966{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174967121,"flow_dst_last_pkt_time":1387144174967173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":346,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1387144174967173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387144174967173}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387144174967173}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498843 bytes
-~~ total memory freed........: 5498843 bytes
+~~ total memory allocated....: 5498867 bytes
+~~ total memory freed........: 5498867 bytes
 ~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
index f4e5afbba..309e09836 100644
--- a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
+++ b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
@@ -1,5 +1,5 @@
-00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502626544321377}
+00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502626544321377}
 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626544321377,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIxyZUAAQBEqXdkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXBNYU34AAB9AAAAAMgAAH0AAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"}
 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -8,7 +8,7 @@
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626548349503,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhTI0AAQBFJs9kM92LZDPQie3FlawBknhSByQAHAZMttF2TFTQAAAABAAC\/iwAAAAbBcE1hAAQFHIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626552361361,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIyDdEAAQBEZTtkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXhXnSv1AAF4QAAAAloAAXhAAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"}
 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626552361361,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1502626552361361}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1502626552361361}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498118 bytes
-~~ total memory freed........: 5498118 bytes
+~~ total memory allocated....: 5498142 bytes
+~~ total memory freed........: 5498142 bytes
 ~~ total allocations/frees...: 85865/85865
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 601 chars
+~~ json message min len.......: 599 chars
 ~~ json message max len.......: 1009 chars
-~~ json message avg len.......: 798 chars
+~~ json message avg len.......: 797 chars
diff --git a/test/results/default/rtmp.pcap.out b/test/results/default/rtmp.pcap.out
index 9f3453333..6964b0aea 100644
--- a/test/results/default/rtmp.pcap.out
+++ b/test/results/default/rtmp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1196541506793783}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1196541506793783}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1196541506793783,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506793783,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506794048,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="}
@@ -8,7 +8,7 @@
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506797539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1196541506797539,"pkt":"AFBWwAAIAAwpfMZqCABFAAAoK39AAEAGN3\/AqCuAwKgrAQePBJklcSWVSdLUhFAQIjhARQAA"}
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506798015,"flow_dst_last_pkt_time":1196541507028289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1196541507028289,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541507836444,"flow_dst_last_pkt_time":1196541507670099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3452,"flow_dst_tot_l4_payload_len":3496,"midstream":0,"thread_ts_usec":1196541507836444,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1196541507836444}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1196541507836444}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 26/26
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500775 bytes
-~~ total memory freed........: 5500775 bytes
+~~ total memory allocated....: 5500799 bytes
+~~ total memory freed........: 5500799 bytes
 ~~ total allocations/frees...: 85887/85887
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out
index 13680c2b0..0339b5932 100644
--- a/test/results/default/rtp.pcapng.out
+++ b/test/results/default/rtp.pcapng.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332741131936370}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332741131936370}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131936370,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131936370,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU5xAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEAAJ6IYAABZGAHAAAAAAg2oOAz\/8BcyOIdPfi8B4Xzz4VNYRGWcSjryldGYkqct6gbLBqCyFX7tOlxeIIyF41H7ve+11iRZEGoqbwZ8BxR\/mM7KSRJ8a7UYJLYgDupNskRvB7P\/F2+LyfF7a574\/f+Lxn4vAVwvkkYGQXzbheLgvjV4X8Aa7F5KLyf\/8U5YkvSlSWuDTEZb0+E4729QFtoqKTwvcF8OiLQsC+Lnxe+F+GXC9kYu\/90rt4WPWgJo2qDsfwPr\/s8F+F8Vv62za3pYs8Xhd7p\/i98XhSLxkLxBGcXsDIXnBeHYVhZ82dGyFsrGurb0PKNMBNPBU+DvepwY8CtUDJEhapZpZIfKDCenAv0sFZOFvEPq6SZq7ZGC0WNCD2rohpuFfeNnaOtWBov88A8KFlaIPuQZiCvwFUkMwNWSIPTwx46XBXMxdc42ukZKZVwxk2MwtjIOP\/GAoW2HqFRtGE73km73jLbNuNdOi46FTnGw\/R5AsQRD5jTGCdKjCRjiBlaZGSWLULBeGIXxhT0LGyulampWjYCxcF88NBf0Xi8LBeCcLwVpIx1vm4Wko\/FoveFXaTlRQDmASsdIAYgD0sFgelgVHlPWhCKjTYfCoK3tToCnTxwjU0U6tJ1AoURKc6uoVavqBuwaBU2OKB7UZZ3wVNNMoQYsCoZEGnR6rMgMCr1Frc0MVxHgMuBS\/GaQWA0H+4KeVNJ0oilvFwCGUrXanZuJMO1Ru9kW\/gGO8HW6BUMgZL++I9LM4DjgWRFoKwZlpAL3BfQAkhSFv51ulgMX\/AxwG+BgmOjn0tWELaDFAZG2y2GgOYBJdic8FLrZ1FZqzejckZ7ZxPnt4tN0qT8Owt4mbIBiOCYV7Wa0gbYzISFJsL7Z2HAqbO5veAZ+i9hlrl0GL\/luyqfe6BQ+WJQWpAFTDhlLguaUNNM9wsbX44KudOi8B4\/4RhX7EoFSstNLAXG0wJsF\/QrC+2C0xGKwtf+ZKIqQc6DFgSMykGg1F4NCAhWJteh8JkAM+AvF5WzpUeC+OQvBpQF4XzwtCtlK0STpXxwL8Kxfe6Lgq+bWQVZ7CxlrRWkFjIrCzh54VIwIaOLAtXTLlQJABIXeslIsZFAW+75LwHUAugsGkLJ4LbzreoPAx39Z0iDgXhM1zo46V8cFvAnqacHCmk+JEg5CoGb\/yMKTT9bClvYCKGC05V1BUOz4oBfCvje6uiZ7QMpjwfCwXrkIVutoFmhDDEHw\/we\/\/C+uZIRXre6tVwnDALeO5wFeLBusNLwWi+jfogBMF+BSaCxqbjX+ItQBiV60CR0F0JuLVopDELwvg0ACLtDYYhfLRqfC17qexbedTNNMnkQIwX2jclCk2IH6KMoYiM+S1ZNErU1PWiYcgqcKkhlkH0\/wVhGJNbvGupmesn9wrzn7QVSnoy3G1wacBeFj6ixeUt5riJwvBngE+L0iHSML5khhU2UjVGxKVUCQhkwSiYV+sJ14mSIDsJmv9RWtEIvCodYctsFJgKAsZY0zIsFIuTBiLwXYX+muPF4pFtBWFL4UJqKt1jGmTwgiPKhUFNPpiwoCYO3jPkT4Go6lAgL\/Zg46ysiOCNKUqM2M9lsBVwi4O20CYOHgsxRtsIBBjL3Bd+AvT4\/C4KXbgGE1mX9S772dBUjRhpD31BFfvayiUFKdZwCiYKT7Nb2p+\/qOjh4jVgqsQcRn7erJ2yk8UkJCFnlXLKVLO9F7sQ4UDMF8fCrgyf9ugQ6+o0e4A9ockoTBZ2gZH+KhP1Gi\/BkD5\/4sCzwsAq0VH22MxdSUYjN8B9\/8NwjCplKTaC63nKp1ZRBzrw6pDwViHpBF1IW6lIWYwVojIEKUDkZA+QCFT2MrCI2pTZmg5YFSypr\/qP9owB8f+g+H+FTvA4LaLWly3SoJwXoLEK3vUSA=="}
 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1332741131938296,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"thread_ts_usec":1332741131938296,"pkt":"ABNyjb9k0GflFGvTCABFAAOcU51AAIARAAAKzNxHCszcqxdwF3ADiNIkgKIBEQAJ6IYAABZGAHAAALUmHytcLGiML59YxC+2D4f7x\/dGA9s6LUsIgqL6t9mJKOwYsCwYxfFCTd\/EbKc1WTIyCk1LCi4WlIZNs3QVRZ0YtLzVrXAvQvC31Kk4U7gfk4NF\/6FcZEMXBZ+e81yFiMRHcxvlqbCkj2pxXGHDnS9oMQB1fON6nOtI0AKpgCYZlYdheFJ9ggX8QzYebHG7kCflEEcesByv1MlHJrqEBIUL1CBL8iFQoGOLjcsBzv4F4E6+kKFCBSq0ae0CiQ+zsCH75ZvxcB2VgFVgRCnBlAIpUC+zUwKqITTdXCYZNHuI9BVbULusaiwozjYOKBYIN4gEcYpGToyY6jExkpTIBl3yzfIHyVnzcBwv5Dfr8yFmjAaijTAxYENxAOBHF58LeyIiEejkXlh4KRN5mANBoAEiF4ZC9kUC8Bg9xSFbqryv9z3tqY6RthYJNOCuk6hDKLDcGN\/hwQ0mC3p8aYImFyIJ2fmFPWqsI18NKg6zc0EbSUfjIfkIvCmFCwZ8BSYnov4kQSh4cBof8MKF4018YTasVIjgcMrbTgz\/Rc3eDkGbATXu3kEIFpCorIxXzGmgMsLLtBKGAtp13CovkAInT5YWpm9VTurR4cjAGgAToU8CbURFZOrBD3yhVMgi9nahRiOif38aqXo2gwi\/eVjoMb\/YDlgVOoD7pC8Z+LzsVYNEA4Lw\/PM6YGcAYMcb60BScBi\/6ioc+Y3+gj0XdlEbEV0q880OV7rHE+CEDlf2h1AYv+6NBo6i8VhZ4y3NArvwJe40z10illdj+2pAODMwFgW\/uUPBkSAtR\/rJOF8XBaF7bI3hV+Z3mCANUkkaT7xOJgbABPrJycc9upGBDvu6ip7nStgFVZqOnTgyaNljAYz+4FjA2Ht1OBsXB+I45wZBsMXS3TH7t28fvc1E3AYv+6mzgsDgPSYcfWuamjTaUBsRip1u4vkC4L4JUF4\/JheFu7YunR6b+PxmtpNBnAFHkepsN4l6K+sMJShkaBY+6mBiwJNwWU0DYf5CFnDxsCNvpGgcUCbXRMFQ7RnBYD3\/4W\/AIohZSkMAWgXwsCyPyUXmBf1K2MheZ\/H7rp4VdhLRzwI4mAxJUd4LhcKh\/0lH5GP0AJIW9A0lLRufBcnB37e9RZ742whXTGAvrkJofgsgvmCYL5lcHrAReKQv8XLSajU="}
@@ -7,7 +7,7 @@
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 01890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1332741132001295,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1054,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1054,"pkt_l4_len":1020,"thread_ts_usec":1332741132001295,"pkt":"ABNyjb9k0GflFGvTCABFAAQQU59AAIARAAAKzNxHCszcqxdwF3AD\/NKYgKIBEwAJ\/qwAABZGAHAAAC2RhlqOQwsQc9BiVkAVPG8xsRapg8Ld2AUDMONR8vsLCLSsJ+BOFbxcQUHIhegZGQxF6zMeF8OegtgcMCC+nEIiFAXwer\/nDQXsBosdEF8L6aCp9\/ODpHt0CNlg1Ecb5xOCaH4VjUKTwC+gRngYwC+VENHS1iYRyh2z6Jfp1lboMyBFoubDoXhX+4V9KDWXiNmS0cxE9hKHAfEzQeHQp\/bWx3Ud+ibGha3xZHePpYlZhDB74DMbBxf7Ae8BCUc9xuXEqnxSWDFJlmM33\/wGJ\/cmgSGTCYOgwEP4z3YBdQgVc+CrehgEYLQZQCBjf5WqKSEPiosIRE2V4kshWdRcRz4RWsgx4EC+ShqnCwb6GlYMWBH7jfONboMcBcE9NDruM9Q8KAcr+CoU6QpvymhkDJ\/ykGLAv7RlozCz8ZmdW\/4q05dq9R2iohBPET+ptT4WDJnW+daK6oUIp0kzvaiwdod+GUSoQSQr\/iqpUXY5drnMpXxAycB9P8kt+ZGiutgRONZaBH4oCi5v0kAwIG4jhD6ltvQTJGOJkqek4flozuiofg4\/8F9gLNeL2ApC7QD3j9w\/JgsbDWZixT0atAsiwHwAWdlvZWGqpT6PSxkkRsMZSraWXCQfjML4sNi83C34vSiRKIBMHQJvHBY+43usJdXsupunwxGXH74tp6L4sn36YZetYl6Eg6gegtxP5g7a6OtEXNHK2nFXDgNF\/ioX0+F0nuC9ic4F9AC\/BV5Ae\/\/CnjrrPtXh0v4wByNAopbal+O\/lsVLRwi6pxNwcHlujuoIgBwv5YQj61GzYU8fk\/teanBXIU5OFn523gEGAVdIquIRVkGYenmGhW36plk96J9t1B4spMKnvFODkHb\/qFzfcqZD1GDhAQr2u9LRsMwGiL0rba9iOqeIHjYPB02BUgjU6HBON2xwJwvlhlkyP0pOF8iFg\/CUXkwWfmML2AyH9hXg17wqTo5VAzRogm6CyCzxu8rO8pQbBi\/6gQyJPeBy\/4QoCYu2OiGL33T7p3bu3V5lUph2OioXz+Wda4HZoLH7ESdPnUNMtAsqCKhGI\/NwvhXTgvrwuoPX\/vC+mJHhbx9Jq7z9IPx+7dqpwQFMwcAxf7HcZ5o5BVlrwq5QBko7fUZNCIOSkZgl6bCzpNareQs1SFsD\/mgxgF4ZMhyRrgKC2ugxIHE2dAqpj+6JicL+NDmmQTx\/Bni8J4vZPf+FXKAOgxgHQHa20OmkrYhkJOKx+cF50L4XJQev\/C1zog0cZEVeKQsCz5ZghFHaidFLcXmAmbiUZXgyCxtyzfxGOejCmAWcL4RALH7CwpF7ZgL6bBkhNA=="}
 02467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1332741132066361,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741132066361,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU6BAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBFAAKFpQAABZGAHAAAAAAg3oOAz+DZvj92FjUNSxqhkDRgJ62JgTcfirF74vFUKmEAD5fGx9VAFvKeJy+aq2BgEAGB+fJ42SxT5eAmqx5VhoOMuHpcBbgdpSZ62XIiEWoLP+tl7gvhoEiB4vBaxeC0x+96xV+zRvN6ke4LOJQKAuoiAQ3xVgek4BwMCDgplavzegpYCqHgxiiJCw38e\/SoKVnws4QMEmZiufXHrZShU1IaAOHol8Uj7QKXQYsCivRl7KxaVixWpgGIUlmQZBSYB0CCXbZR6jPF3i8uoiqmGQ94LBKBgQcu\/oHJ0FMOmiwZe6mB2f5WCiAvEHwc0CCj4hK1zIIAMCEqNHheX+oErEEnhiAZIJIKcuVgV4nY9EhvyKpRCOqx4srlQ+GIVMAwEMv9ikSP8ZVbYg6MQgQA8fW5qigXghldTu8p8TqwPK51QUjMLqL3i1e6i9+F9lZcKjovIovOR+bH7x+4fu\/H9JQsuEKhAEqiIooFv2Fm4lOAHAwIQrgMGCBD\/6d5YPQV7vKIkSB8NVcL\/gVS9GIWXAOBgvX28EovSb79LcGYBwMD8f8DB\/glF8SRT5DBNMsZQiYvU+ZVQCXByMAo8IHggiV8FKh2UZ+qpV8R1XqQCQDAhCpOqRgxv8ATB2sCsLD6sDi98lFQUWXYlLaKwhAeH\/oBwSdW8r9papKnAHVWEHwMIC+VwC38KxNNSxkXKwPLWfRi0KihAgB4+EVSqrWfVU2qA+XXgH\/IRydGv6pjceLwiH7hecH7heNcXkEX0Bn+L3i84LzgqS3sHc98Cvp8t+fCsLLiQDAhRcxR\/4GHA1eQGLAtGYkDwIfqBwf+qYv9ShToy4CyVj34FUuUVhb4q1QOx1eiN1q1owA3W95jeCcX0F2LwHxfmHh+KQvi54vCyL2kgPT\/uk7TpC93hfe903ttVZwLewkaK6EpoyLwTYvJIvNwrbCdJOI61UR8H5\/zUXhfF2Fl07pumL3i+jMW08e7o76mS0GLAsF5aLAvsLtkrovIIv6D4\/4WtkcB0GDeGDwWfQLRP3ofXrWn+CK030EoybCtt60y1zSgBoNcAjEHy\/4W9HxpvsSTOHURCNRE0SIQ6eYi45q4DdT7UZY3hPAiChYIidu1cZYVNFLZYeFwXBQubSpEgWRtEWo0uaWCsFiFgU9TcwdN3MKW2oGMtxVftMDNZeYy3wCOCAfTz4jWdTo4sTYCJApKBkFE14eQDCOWxMDiAVXAkHlv1uDrCesro2aE4dDkaA0QCJxl1Q8Bh\/1F\/5hUDEfv0ec4kha+Ft52oA8w4FDf4Dq\/gIXaDlfwX3G8XnWOUGbAgYz+NijT6BdtC0LRcLwZ\/\/BNF5kL4vIheCWFvqRPtSzDgNWAoSQnhfCswFbqOdSUGLArcwmRgv9BbCbSiOCKGbCUlEmgbbYhSMOJFx0DHgXheDPf7BKJNhIBfCq\/HoyRDvC0qFwDhRtjutI5ZC39LXtioKnS1Hg4g1\/o3EM6GIShRba\/BAW2mu+XBiwIHN\/hHW+DFAcBjv5ASgmHgp9QcEKXdIkbaNa83VwujQiAQ4iuq4DlAVZ3cApPltUVIDiAYIpYLSYX1l4W+s9bAr8WhGCvCtvWYDTgOX\/BZ7kZaQ2gqsByv5pEjidgWm1zYWf+M7GeqNbBNVs8RpkBVJFzxCC1EFyZre61GkaHGBiHcxMuGIuC+TEwVtvGBwlUJGLeEoPf\/h4JwqbSao\/ypBGKhrWWIlaQ3A\/NbIIYL0FkF+FuDApIY42EiPUDWEYSBfAaZFT+7dgIoneF\/dwmIAvrHU5ML06A2F8QRiVAkhb+r\/wJwXlGgULu3MU8dwqKhxIdQhW4UdDvrBhqpUAzC3gYYwDDA0DwPDAWBZ0YMWBtgmiDMKmzGNg04Cf0FuL1+BKKvmc5AlSig=="}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703745877296}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703745877296}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703745877296,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745877296,"pkt":"AAAAAAAAAA0A6CjdCABFAABmXqIAAH8RTaGW23YTwHHB49Paw1MAUs7pAAEARgAafnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAixk="}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745893698,"pkt":"AAAAAAAAAAkAifetCABFAABm7FVAADgRxu3AccHjltt2E8NT09oAUln0AAIARgAafnM4NS4xNTQuMi4xNDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09o="}
@@ -25,7 +25,7 @@
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":33441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1643703821596170}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":33441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1643703821596170}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 75/75
 ~~ skipped flows.............: 0
@@ -34,9 +34,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504492 bytes
-~~ total memory freed........: 5504492 bytes
-~~ total allocations/frees...: 85957/85957
+~~ total memory allocated....: 5504561 bytes
+~~ total memory freed........: 5504561 bytes
+~~ total allocations/frees...: 85958/85958
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
 ~~ json message max len.......: 2487 chars
diff --git a/test/results/default/rtps.pcap.out b/test/results/default/rtps.pcap.out
index 3fbfba00a..7ed3bf9f7 100644
--- a/test/results/default/rtps.pcap.out
+++ b/test/results/default/rtps.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498024847652004}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498024847652004}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1498024847652004,"pkt":"AAAAAAAAAAAAAAAACABFAAAsAABAAEARPL9\/AAABfwAAAW3MHPIAGP4rUlRQUwIBAQFORERTUElORw=="}
 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498024847652004,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498024847652004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -16,7 +16,7 @@
 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025267652809,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025267652809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 01091{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025327652932,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21076,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025327652932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1498024847652004,"flow_src_last_pkt_time":1498025337682781,"flow_dst_last_pkt_time":1498024847652004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498025337682781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":28108,"dst_port":7410,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTPS","proto_id":"359","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1498025337682781}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/rtps.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":21164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1498025337682781}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 29/29
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498814 bytes
-~~ total memory freed........: 5498814 bytes
+~~ total memory allocated....: 5498838 bytes
+~~ total memory freed........: 5498838 bytes
 ~~ total allocations/frees...: 85889/85889
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/rtsp.pcap.out b/test/results/default/rtsp.pcap.out
index 3721dd02e..cc5ee4381 100644
--- a/test/results/default/rtsp.pcap.out
+++ b/test/results/default/rtsp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1627567277506127}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1627567277506127}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_usec":1627567277506127,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="}
 01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
@@ -62,7 +62,7 @@
 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":60,"flow_first_seen":1627567406342871,"flow_src_last_pkt_time":1627567465366594,"flow_dst_last_pkt_time":1627567465366846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":7540,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":52,"flow_first_seen":1627567466882987,"flow_src_last_pkt_time":1627567526623393,"flow_dst_last_pkt_time":1627567526623799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3772,"flow_dst_tot_l4_payload_len":7560,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":48,"flow_first_seen":1627567528106056,"flow_src_last_pkt_time":1627567528308580,"flow_dst_last_pkt_time":1627567528265801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3176,"flow_dst_tot_l4_payload_len":7568,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1627567528308580}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1627567528308580}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 568/568
 ~~ skipped flows.............: 0
@@ -71,8 +71,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5542793 bytes
-~~ total memory freed........: 5542793 bytes
+~~ total memory allocated....: 5542913 bytes
+~~ total memory freed........: 5542913 bytes
 ~~ total allocations/frees...: 86530/86530
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/rtsp_setup_http.pcapng.out b/test/results/default/rtsp_setup_http.pcapng.out
index 8fd2ae84f..f2e6efaa2 100644
--- a/test/results/default/rtsp_setup_http.pcapng.out
+++ b/test/results/default/rtsp_setup_http.pcapng.out
@@ -1,10 +1,10 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625568705778896}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625568705778896}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1625568705778896,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625568705778896}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625568705778896}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500102 bytes
-~~ total memory freed........: 5500102 bytes
+~~ total memory allocated....: 5500126 bytes
+~~ total memory freed........: 5500126 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 579 chars
+~~ json message min len.......: 577 chars
 ~~ json message max len.......: 1103 chars
-~~ json message avg len.......: 811 chars
+~~ json message avg len.......: 810 chars
diff --git a/test/results/default/rx.pcap.out b/test/results/default/rx.pcap.out
index 7401d5daf..e321b8bdc 100644
--- a/test/results/default/rx.pcap.out
+++ b/test/results/default/rx.pcap.out
@@ -1,5 +1,5 @@
-00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460647264018403}
+00557{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00620{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460647264018403}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647264018403,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647264018403,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647264026287,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"}
@@ -37,7 +37,7 @@
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647320158014,"flow_dst_last_pkt_time":1460647300329629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647300326863,"flow_dst_last_pkt_time":1460647300326798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326954,"flow_src_last_pkt_time":1460647283340531,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1460647320158051}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1460647320158051}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 132/132
 ~~ skipped flows.............: 0
@@ -46,8 +46,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510489 bytes
-~~ total memory freed........: 5510489 bytes
+~~ total memory allocated....: 5510577 bytes
+~~ total memory freed........: 5510577 bytes
 ~~ total allocations/frees...: 86036/86036
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/s7comm-plus.pcap.out b/test/results/default/s7comm-plus.pcap.out
index 229220d14..1857293fa 100644
--- a/test/results/default/s7comm-plus.pcap.out
+++ b/test/results/default/s7comm-plus.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1412165336989258}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1412165336989258}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1412165336989258,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989258,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1412165336989265,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989265,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"}
@@ -9,7 +9,7 @@
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336993088,"flow_dst_last_pkt_time":1412165336991654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1412165336993088,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165338064240,"flow_dst_last_pkt_time":1412165337104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":545,"midstream":0,"thread_ts_usec":1412165338064240,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":38387.4,"max":995818,"stddev":175089.4,"var":30656290816.0,"ent":1.2,"data": [7,650,924,9,417,4,1746,2469,6,13767,4267,17657,4,12269,6,17776,4831,6,1514,9,7246,5693,10,28619,8,33319,4688,5,36256,995818,9]},"pktlen": {"min":40,"avg":100.3,"max":337,"stddev":73.0,"var":5323.4,"ent":4.7,"data": [52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133]},"bins": {"c_to_s": [12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0],"entropies": [4.554988384,4.554988384,4.522394180,4.680641174,4.680641174,5.319911003,5.319911003,5.158287048,5.535624981,5.535624981,4.075662136,5.208230019,4.635028362,4.635028362,4.666445732,4.666445732,4.204725266,4.592475414,4.592475414,4.629901409,4.629901409,4.268610001,4.549922466,4.549922466,4.866230011,4.866230011,1.580462456,4.549922466,4.549922466,4.075662613,4.866230011,4.866230011]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":25,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165344069312,"flow_dst_last_pkt_time":1412165344104127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":3254,"flow_dst_tot_l4_payload_len":2655,"midstream":0,"thread_ts_usec":1412165344104127,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":79,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1412165344104127}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":79,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1412165344104127}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 79/79
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502340 bytes
-~~ total memory freed........: 5502340 bytes
+~~ total memory allocated....: 5502364 bytes
+~~ total memory freed........: 5502364 bytes
 ~~ total allocations/frees...: 85941/85941
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/s7comm.pcap.out b/test/results/default/s7comm.pcap.out
index 5561046eb..2105b530b 100644
--- a/test/results/default/s7comm.pcap.out
+++ b/test/results/default/s7comm.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1408528803880679}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1408528803880679}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1408528803880679,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803880679,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803884414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803884414,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="}
@@ -9,7 +9,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1408528803887617,"flow_dst_last_pkt_time":1408528803887528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1408528803887617,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU1AAIAGAADAqAEKwKgBKBBZAGaQRN3RAAL7QVAY+r+DpAAAAwAABwLwAA=="}
 02135{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803957564,"flow_dst_last_pkt_time":1408528803957480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":794,"midstream":1,"thread_ts_usec":1408528803957564,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":66,"avg":4957.6,"max":9013,"stddev":3321.6,"var":11033309.0,"ent":4.5,"data": [3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713]},"pktlen": {"min":47,"avg":77.2,"max":261,"stddev":40.3,"var":1625.5,"ent":4.9,"data": [62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47]},"bins": {"c_to_s": [17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":19,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528804003972,"flow_dst_last_pkt_time":1408528804016478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":1202,"flow_dst_tot_l4_payload_len":1088,"midstream":1,"thread_ts_usec":1408528804016478,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7Comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1408528804016478}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1408528804016478}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 55/55
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501616 bytes
-~~ total memory freed........: 5501616 bytes
+~~ total memory allocated....: 5501640 bytes
+~~ total memory freed........: 5501640 bytes
 ~~ total allocations/frees...: 85916/85916
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/safari.pcap.out b/test/results/default/safari.pcap.out
index 27966edfc..00677b10b 100644
--- a/test/results/default/safari.pcap.out
+++ b/test/results/default/safari.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620898024056646}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620898024056646}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024056646,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898024056646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898024084984,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="}
@@ -66,7 +66,7 @@
 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025483096,"flow_dst_last_pkt_time":1620898025512858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":1347,"flow_src_tot_l4_payload_len":1121,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025483303,"flow_dst_last_pkt_time":1620898025371358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1125,"flow_dst_tot_l4_payload_len":4576,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027166473,"flow_dst_last_pkt_time":1620898027166397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":706,"flow_dst_tot_l4_payload_len":4696,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":168,"packets-processed":168,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1620898027166473}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":168,"packets-processed":168,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1620898027166473}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 168/168
 ~~ skipped flows.............: 0
@@ -75,8 +75,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5561073 bytes
-~~ total memory freed........: 5561073 bytes
+~~ total memory allocated....: 5561193 bytes
+~~ total memory freed........: 5561193 bytes
 ~~ total allocations/frees...: 86128/86128
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/salesforce.pcap.out b/test/results/default/salesforce.pcap.out
index 94c0584b0..58482598b 100644
--- a/test/results/default/salesforce.pcap.out
+++ b/test/results/default/salesforce.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1637949675032008}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1637949675032008}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675032008,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637949675032008,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637949675060899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="}
@@ -10,7 +10,7 @@
 01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1637949675088486,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2"}}}
 01608{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3465,"midstream":0,"thread_ts_usec":1637949675088575,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","tls": {"version":"TLSv1.2","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t12d2011h2_2a284e3b0c56_8c799273bd37","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675181063,"flow_dst_last_pkt_time":1637949675180938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3585,"midstream":0,"thread_ts_usec":1637949675181063,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1637949675181063}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1637949675181063}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508890 bytes
-~~ total memory freed........: 5508890 bytes
+~~ total memory allocated....: 5508914 bytes
+~~ total memory freed........: 5508914 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/sccp_hw_conf_register.pcapng.out b/test/results/default/sccp_hw_conf_register.pcapng.out
index 8d00b4c11..6bc3b9d8b 100644
--- a/test/results/default/sccp_hw_conf_register.pcapng.out
+++ b/test/results/default/sccp_hw_conf_register.pcapng.out
@@ -1,5 +1,5 @@
-00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557178511664958}
+00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557178511664958}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="}
@@ -8,7 +8,7 @@
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511665950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1557178511665950,"pkt":"uDhhiHXEAFBW6tqSCABFAAAo4mtAAEAGZpIKtG4wCrRuOgfQtX0KPck6YFN\/ilAQdUDYHgAA"}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511908949,"flow_dst_last_pkt_time":1557178511907942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":496,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1557178511908949,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1557178511908949}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1557178511908949}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498466 bytes
-~~ total memory freed........: 5498466 bytes
+~~ total memory allocated....: 5498490 bytes
+~~ total memory freed........: 5498490 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/sctp.cap.out b/test/results/default/sctp.cap.out
index f74bced29..ef1078d55 100644
--- a/test/results/default/sctp.cap.out
+++ b/test/results/default/sctp.cap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1088696689784578}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1088696689784578}
 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5}
 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1088696689784578,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"}
 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -10,7 +10,7 @@
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1088696689872631,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="}
 00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689872282,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784927,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1088696689872631}
+00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1088696689872631}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500261 bytes
-~~ total memory freed........: 5500261 bytes
+~~ total memory allocated....: 5500301 bytes
+~~ total memory freed........: 5500301 bytes
 ~~ total allocations/frees...: 85875/85875
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/selfsigned.pcap.out b/test/results/default/selfsigned.pcap.out
index d37b349ba..0dc0f6010 100644
--- a/test/results/default/selfsigned.pcap.out
+++ b/test/results/default/selfsigned.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588921646472768}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588921646472768}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646472768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472768,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472882,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472882,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="}
@@ -9,7 +9,7 @@
 01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646479120,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","ja4":"t12d6707h2_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
 01726{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646482756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1588921646482756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","ja4":"t12d6707h2_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","advertised_alpns":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}}}
 01307{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646517296,"flow_dst_last_pkt_time":1588921646517337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":849,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":1588921646517337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1588921646517337}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1588921646517337}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502801 bytes
-~~ total memory freed........: 5502801 bytes
+~~ total memory allocated....: 5502825 bytes
+~~ total memory freed........: 5502825 bytes
 ~~ total allocations/frees...: 85887/85887
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/sflow.pcap.out b/test/results/default/sflow.pcap.out
index f144931a2..38d88018d 100644
--- a/test/results/default/sflow.pcap.out
+++ b/test/results/default/sflow.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1378125488790492}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1378125488790492}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125488790492,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125488790492,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfoAAEARuUSsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAZ9nPdcQAAAAAQAAAAIAAABsAAAhJQAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYwszAAAm4MAApAWAAH2cwAAAAAAAAAAAAAAAAAAAAAAUz3BAACgtwAAIYcAAAjXAAAAAAAAAAAAAAAA"}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1378125507793302,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125507793302,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfsAAEARuUOsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaBnPiFIAAAAAQAAAAIAAABsAAAAaAAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmHZAAAPY8ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHWdKAABT9wAJE0IACVxYAAAAAAAAAAAAAAAA"}
@@ -9,7 +9,7 @@
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125537795814,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIf4AAEARuUCsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaNnPpZ4AAAAAQAAAAIAAABsAAAAaQAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmQegAAPa0ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHXouAABUFQAJE1IACVxrAAAAAAAAAAAAAAAA"}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":748,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125537795814,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125597799203,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125597799203,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1378125597799203}
+00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1378125597799203}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498234 bytes
-~~ total memory freed........: 5498234 bytes
+~~ total memory allocated....: 5498258 bytes
+~~ total memory freed........: 5498258 bytes
 ~~ total allocations/frees...: 85869/85869
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 973 chars
-~~ json message avg len.......: 766 chars
+~~ json message avg len.......: 765 chars
diff --git a/test/results/default/shadowsocks.pcap.out b/test/results/default/shadowsocks.pcap.out
index 31d0aabaf..2b0882add 100644
--- a/test/results/default/shadowsocks.pcap.out
+++ b/test/results/default/shadowsocks.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690018458225809}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690018458225809}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690018458225809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225809,"pkt":"AAAAAAAAAAAAAAAACABFAAA8OlVAAEAGAmV\/AAABfwAAAZQQBDjOLDYWAAAAAKAC\/9f+MAAAAgT\/1wQCCApvLCb4AAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225829,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQQ4lBAtEiM8ziw2F6AS\/8v+MAAAAgT\/1wQCCApvLCb4bywm+AEDAwc="}
@@ -16,7 +16,7 @@
 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018459714485,"flow_dst_last_pkt_time":1690018459714444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":16384,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":67329,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1690018459714642}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1690018459714642}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 44/44
 ~~ skipped flows.............: 0
@@ -25,8 +25,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505517 bytes
-~~ total memory freed........: 5505517 bytes
+~~ total memory allocated....: 5505557 bytes
+~~ total memory freed........: 5505557 bytes
 ~~ total allocations/frees...: 85917/85917
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars
diff --git a/test/results/default/shell.pcap.out b/test/results/default/shell.pcap.out
new file mode 100644
index 000000000..5578dd3ab
--- /dev/null
+++ b/test/results/default/shell.pcap.out
@@ -0,0 +1,42 @@
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1712518786333703}
+00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518786333703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333703,"pkt":"AAAAAAAAAAAAAAAACABFAAA8UINAAEAG7DZ\/AAABfwAAAboWgjVOSff2AAAAAKAC\/9f+MAAAAgT\/1wQCCAqKFvhnAAAAAAEDAwc="}
+00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333714,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI1uhZ8EbgHTkn396AS\/8v+MAAAAgT\/1wQCCAqKFvhnihb4ZwEDAwc="}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1712518786333724,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518786333724,"pkt":"AAAAAAAAAAAAAAAACABFAAA0UIRAAEAG7D1\/AAABfwAAAboWgjVOSff3fBG4CIAQAgD+KAAAAQEICooW+GeKFvhn"}
+01796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1712518786333757,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1003,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1003,"pkt_l4_len":969,"thread_ts_usec":1712518786333757,"pkt":"AAAAAAAAAAAAAAAACABFAAPdUIVAAEAG6JN\/AAABfwAAAboWgjVOSff3fBG4CIAYAgAB0gAAAQEICooW+GeKFvhnIyEvYmluL3NoCgojIEFjdGlvbiBzY3JpcHQgdG8gZW5hYmxlL2Rpc2FibGUgd3BhLXJvYW0gaW50ZXJmYWNlcyBpbiByZWFjdGlvbiB0bwojIGlmcGx1Z2QgZXZlbnRzLgojCiMgQ29weXJpZ2h0OiBDb3B5cmlnaHQgKGMpIDIwMDgtMjAxMCwgS2VsIE1vZGRlcm1hbiA8a2VsQG90YWt1NDIuZGU+CiMgTGljZW5zZTogICBHUEwtMgojCgpQQVRIPS9zYmluOi91c3Ivc2JpbjovYmluOi91c3IvYmluCgppZiBbICEgLXggL3NiaW4vd3BhX2FjdGlvbiBdOyB0aGVuCglleGl0IDAKZmkKCiMgaWZwbHVnZCg4KSAtIDxpZmFjZT4gPGFjdGlvbj4KIwojIElmIGFuIGlmcGx1Z2QgbWFuYWdlZCBpbnRlcmZhY2UgaXMgYnJvdWdodCB1cCwgZGlzY29ubmVjdCBhbnkKIyB3cGEtcm9hbSBtYW5hZ2VkIGludGVyZmFjZXMgc28gdGhhdCBvbmx5IG9uZSAicm9hbWluZyIgaW50ZXJmYWNlCiMgcmVtYWlucyBhY3RpdmUgb24gdGhlIHN5c3RlbS4KCklGUExVR0RfSUZBQ0U9IiR7MX0iCgpjYXNlICIkezJ9IiBpbgoJdXApCgkJQ09NTUFORD1kaXNjb25uZWN0CgkJOzsKCWRvd24pCgkJQ09NTUFORD1yZWNvbm5lY3QKCQk7OwoJKikKCQllY2hvICIkMDogdW5rbm93biBhcmd1bWVudHM6ICR7QH0iID4mMgoJCWV4aXQgMQoJCTs7CmVzYWMKCmZvciBDVFJMIGluIC9ydW4vd3BhX3N1cHBsaWNhbnQvKjsgZG8KCVsgLVMgIiR7Q1RSTH0iIF0gfHwgY29udGludWUKCglJRkFDRT0iJHtDVFJMIy9ydW4vd3BhX3N1cHBsaWNhbnQvfSIKCgkjIHNraXAgaWYgaWZwbHVnZCBpcyBtYW5hZ2luZyB0aGlzIGludGVyZmFjZQoJaWYgWyAiJHtJRlBMVUdEX0lGQUNFfSIgPSAiJHtJRkFDRX0iIF07IHRoZW4KCQljb250aW51ZQoJZmkKCglpZiB3cGFfYWN0aW9uICIke0lGQUNFfSIgY2hlY2s7IHRoZW4KCQl3cGFfY2xpIC1pICIke0lGQUNFfSIgIiR7Q09NTUFORH0iCglmaQpkb25lCg=="}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1712518786333757,"flow_dst_last_pkt_time":1712518786333762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518786333762,"pkt":"AAAAAAAAAAAAAAAACABFAAA0NfpAAEAGBsh\/AAABfwAAAYI1uhZ8EbgITkn7oIAQAfn+KAAAAQEICooW+GeKFvhn"}
+00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518814195876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":979,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":979,"pkt_l4_len":945,"thread_ts_usec":1712518814195876,"pkt":"AAAAAAAAAAAAAAAACABFAAPFsY9AAEARh5Z\/AAABfwAAAdNggjUDsQHFIyEvYmluL3NoCgojIEFjdGlvbiBzY3JpcHQgdG8gZW5hYmxlL2Rpc2FibGUgd3BhLXJvYW0gaW50ZXJmYWNlcyBpbiByZWFjdGlvbiB0bwojIGlmcGx1Z2QgZXZlbnRzLgojCiMgQ29weXJpZ2h0OiBDb3B5cmlnaHQgKGMpIDIwMDgtMjAxMCwgS2VsIE1vZGRlcm1hbiA8a2VsQG90YWt1NDIuZGU+CiMgTGljZW5zZTogICBHUEwtMgojCgpQQVRIPS9zYmluOi91c3Ivc2JpbjovYmluOi91c3IvYmluCgppZiBbICEgLXggL3NiaW4vd3BhX2FjdGlvbiBdOyB0aGVuCglleGl0IDAKZmkKCiMgaWZwbHVnZCg4KSAtIDxpZmFjZT4gPGFjdGlvbj4KIwojIElmIGFuIGlmcGx1Z2QgbWFuYWdlZCBpbnRlcmZhY2UgaXMgYnJvdWdodCB1cCwgZGlzY29ubmVjdCBhbnkKIyB3cGEtcm9hbSBtYW5hZ2VkIGludGVyZmFjZXMgc28gdGhhdCBvbmx5IG9uZSAicm9hbWluZyIgaW50ZXJmYWNlCiMgcmVtYWlucyBhY3RpdmUgb24gdGhlIHN5c3RlbS4KCklGUExVR0RfSUZBQ0U9IiR7MX0iCgpjYXNlICIkezJ9IiBpbgoJdXApCgkJQ09NTUFORD1kaXNjb25uZWN0CgkJOzsKCWRvd24pCgkJQ09NTUFORD1yZWNvbm5lY3QKCQk7OwoJKikKCQllY2hvICIkMDogdW5rbm93biBhcmd1bWVudHM6ICR7QH0iID4mMgoJCWV4aXQgMQoJCTs7CmVzYWMKCmZvciBDVFJMIGluIC9ydW4vd3BhX3N1cHBsaWNhbnQvKjsgZG8KCVsgLVMgIiR7Q1RSTH0iIF0gfHwgY29udGludWUKCglJRkFDRT0iJHtDVFJMIy9ydW4vd3BhX3N1cHBsaWNhbnQvfSIKCgkjIHNraXAgaWYgaWZwbHVnZCBpcyBtYW5hZ2luZyB0aGlzIGludGVyZmFjZQoJaWYgWyAiJHtJRlBMVUdEX0lGQUNFfSIgPSAiJHtJRkFDRX0iIF07IHRoZW4KCQljb250aW51ZQoJZmkKCglpZiB3cGFfYWN0aW9uICIke0lGQUNFfSIgY2hlY2s7IHRoZW4KCQl3cGFfY2xpIC1pICIke0lGQUNFfSIgIiR7Q09NTUFORH0iCglmaQpkb25lCg=="}
+00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518835354289,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+07433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":5230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":5230,"pkt_l4_len":5196,"thread_ts_usec":1712518835354289,"pkt":"AAAAAAAAAAAAAAAACABFABRgsj9AAEARdkt\/AAABfwAAAeSqgjUUTBJgIyEgL2Jpbi9zaAojCiMgQ29weXJpZ2h0IChDKSAyMDAzLCAyMDA1LTIwMDcsIDIwMTEsIDIwMTgtMjAyMCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KIwojIFRoaXMgcHJvZ3JhbSBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5CiMgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5CiMgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbjsgZWl0aGVyIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBvcgojIChhdCB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0aGUKIyBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KIwojIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBzZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KIwoKIyBGaW5kIGEgd2F5IHRvIGVjaG8gc3RyaW5ncyB3aXRob3V0IGludGVycHJldGluZyBiYWNrc2xhc2guCmlmIHRlc3QgIlhgKGVjaG8gJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgZWNobz0nZWNobycKZWxzZQogIGlmIHRlc3QgIlhgKHByaW50ZiAnJXNcbicgJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgICBlY2hvPSdwcmludGYgJXNcbicKICBlbHNlCiAgICBlY2hvX2Z1bmMgKCkgewogICAgICBjYXQgPDxFT1QKJCoKRU9UCiAgICB9CiAgICBlY2hvPSdlY2hvX2Z1bmMnCiAgZmkKZmkKCiMgVGhpcyBzY3JpcHQgaXMgcHJpbWFyaWx5IGEgc2hlbGwgZnVuY3Rpb24gbGlicmFyeS4gSW4gb3JkZXIgZm9yCiMgIi4gZ2V0dGV4dC5zaCIgdG8gZmluZCBpdCwgd2UgaW5zdGFsbCBpdCBpbiAkUFJFRklYL2JpbiAodGhhdCBpcyB1c3VhbGx5CiMgY29udGFpbmVkIGluICRQQVRIKSwgcmF0aGVyIHRoYW4gaW4gc29tZSBvdGhlciBsb2NhdGlvbiBzdWNoIGFzCiMgJFBSRUZJWC9zaGFyZS9zaC1zY3JpcHRzIG9yICRQUkVGSVgvc2hhcmUvZ2V0dGV4dC4gSW4gb3JkZXIgdG8gbm90IHZpb2xhdGUKIyB0aGUgRmlsZXN5c3RlbSBIaWVyYXJjaHkgU3RhbmRhcmQgd2hlbiBkb2luZyBzbywgdGhpcyBzY3JpcHQgaXMgZXhlY3V0YWJsZS4KIyBUaGVyZWZvcmUgaXQgbmVlZHMgdG8gc3VwcG9ydCB0aGUgc3RhbmRhcmQgLS1oZWxwIGFuZCAtLXZlcnNpb24uCmlmIHRlc3QgLXogIiR7WlNIX1ZFUlNJT04rc2V0fSI7IHRoZW4KICAjIHpzaCBpcyBub3QgUE9TSVggY29tcGxpYW50OiBCeSBkZWZhdWx0LCB3aGlsZSAiLiBnZXR0ZXh0LnNoIiBpcyBleGVjdXRlZCwKICAjIGl0IHNldHMgJDAgdG8gImdldHRleHQuc2giLCBkZWZlYXRpbmcgdGhlIHB1cnBvc2Ugb2YgdGhpcyB0ZXN0LiBCdXQKICAjIGZvcnR1bmF0ZWx5IHdlIGtub3cgdGhhdCB3aGVuIHJ1bm5pbmcgdW5kZXIgenNoLCB0aGlzIHNjcmlwdCBpcyBhbHdheXMKICAjIGJlaW5nIHNvdXJjZWQsIG5vdCBleGVjdXRlZCwgYmVjYXVzZSBoYXJkbHkgYW55b25lIGlzIGNyYXp5IGVub3VnaCB0bwogICMgaW5zdGFsbCB6c2ggYXMgL2Jpbi9zaC4KICBjYXNlICIkMCIgaW4KICAgIGdldHRleHQuc2ggfCAqL2dldHRleHQuc2ggfCAqXFxnZXR0ZXh0LnNoKQogICAgICBwcm9nbmFtZT0kMAogICAgICBwYWNrYWdlPWdldHRleHQtcnVudGltZQogICAgICB2ZXJzaW9uPTAuMjEKICAgICAgIyBmdW5jX3VzYWdlCiAgICAgICMgb3V0cHV0cyB0byBzdGRvdXQgdGhlIC0taGVscCB1c2FnZSBtZXNzYWdlLgogICAgICBmdW5jX3VzYWdlICgpCiAgICAgIHsKICAgICAgICBlY2hvICJHTlUgZ2V0dGV4dCBzaGVsbCBzY3JpcHQgZnVuY3Rpb24gbGlicmFyeSB2ZXJzaW9uICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIlVzYWdlOiAuIGdldHRleHQuc2giCiAgICAgIH0KICAgICAgIyBmdW5jX3ZlcnNpb24KICAgICAgIyBvdXRwdXRzIHRvIHN0ZG91dCB0aGUgLS12ZXJzaW9uIG1lc3NhZ2UuCiAgICAgIGZ1bmNfdmVyc2lvbiAoKQogICAgICB7CiAgICAgICAgZWNobyAiJHByb2duYW1lIChHTlUgJHBhY2thZ2UpICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIkNvcHlyaWdodCAoQykgMjAwMy0yMDIwIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgpMaWNlbnNlIEdQTHYyKzogR05VIEdQTCB2ZXJzaW9uIDIgb3IgbGF0ZXIgPGh0dHBzOi8vZ251Lm9yZy9saWNlbnNlcy9ncGwuaHRtbD4KVGhpcyBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgYXJlIGZyZWUgdG8gY2hhbmdlIGFuZCByZWRpc3RyaWJ1dGUgaXQuClRoZXJlIGlzIE5PIFdBUlJBTlRZLCB0byB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcuIgogICAgICAgIGVjaG8gIldyaXR0ZW4gYnkiICJCcnVubyBIYWlibGUiCiAgICAgIH0KICAgICAgaWYgdGVzdCAkIyA9IDE7IHRoZW4KICAgICAgICBjYXNlICIkMSIgaW4KICAgICAgICAgIC0taGVscCB8IC0taGVsIHwgLS1oZSB8IC0taCApCiAgICAgICAgICAgIGZ1bmNfdXNhZ2U7IGV4aXQgMCA7OwogICAgICAgICAgLS12ZXJzaW9uIHwgLS12ZXJzaW8gfCAtLXZlcnNpIHwgLS12ZXJzIHwgLS12ZXIgfCAtLXZlIHwgLS12ICkKICAgICAgICAgICAgZnVuY192ZXJzaW9uOyBleGl0IDAgOzsKICAgICAgICBlc2FjCiAgICAgIGZpCiAgICAgIGZ1bmNfdXNhZ2UgMT4mMgogICAgICBleGl0IDEKICAgICAgOzsKICBlc2FjCmZpCgojIGV2YWxfZ2V0dGV4dCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBhbmQgc3Vic3RpdHV0ZXMgc2hlbGwgdmFyaWFibGVzIGluIHRoZQojIHJlc3VsdC4KZXZhbF9nZXR0ZXh0ICgpIHsKICBnZXR0ZXh0ICIkMSIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSJgOyBlbnZzdWJzdCAiJDEiKQp9CgojIGV2YWxfbmdldHRleHQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBhbmQgc3Vic3RpdHV0ZXMKIyBzaGVsbCB2YXJpYWJsZXMgaW4gdGhlIHJlc3VsdC4KZXZhbF9uZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgIiQxIiAiJDIiICIkMyIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSAkMiJgOyBlbnZzdWJzdCAiJDEgJDIiKQp9CgojIGV2YWxfcGdldHRleHQgTVNHQ1RYVCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBpbiB0aGUgY29udGV4dCBNU0dDVFhUIGFuZCBzdWJzdGl0dXRlcwojIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX3BnZXR0ZXh0ICgpIHsKICBnZXR0ZXh0IC0tY29udGV4dD0iJDEiICIkMiIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiJgOyBlbnZzdWJzdCAiJDIiKQp9CgojIGV2YWxfbnBnZXR0ZXh0IE1TR0NUWFQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBpbiB0aGUgY29udGV4dAojIE1TR0NUWFQgYW5kIHN1YnN0aXR1dGVzIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX25wZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgLS1jb250ZXh0PSIkMSIgIiQyIiAiJDMiICIkNCIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiAkMyJgOyBlbnZzdWJzdCAiJDIgJDMiKQp9CgojIE5vdGU6IFRoaXMgdXNlIG9mIGVudnN1YnN0IGlzIG11Y2ggc2FmZXIgdGhhbiB1c2luZyB0aGUgc2hlbGwgYnVpbHQtaW4gJ2V2YWwnCiMgd291bGQgYmUuCiMgMSkgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBDaGluZXNlIHRyYW5zbGF0aW9ucyB0aGF0IGhhcHBlbiB0byB1c2UgYQojICAgIGNoYXJhY3RlciBzdWNoIGFzIFx4ZTBceDYwIGlzIGF2b2lkZWQuCiMgMikgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBtYWxldm9sZW50IHRyYW5zbGF0b3JzIHdobyBwdXQgaW4gY29tbWFuZCBsaXN0cwojICAgIGxpa2UgIiQoLi4uKSIgb3IgImAuLi5gIiBpcyBhdm9pZGVkLgojIDMpIFRoZSB0cmFuc2xhdGlvbnMgY2FuIG9ubHkgcmVmZXIgdG8gc2hlbGwgdmFyaWFibGVzIHRoYXQgYXJlIGFscmVhZHkKIyAgICBtZW50aW9uZWQgaW4gTVNHSUQgb3IgTVNHSUQtUExVUkFMLgojCiMgTm90ZTogImV4cG9ydCBQQVRIIiBhYm92ZSBpcyBhIGR1bW15OyB0aGlzIGlzIGZvciB0aGUgY2FzZSB3aGVuCiMgYGVudnN1YnN0IC0tdmFyaWFibGVzIC4uLmAgcmV0dXJucyBub3RoaW5nLgojCiMgTm90ZTogSW4gZXZhbF9uZ2V0dGV4dCBhYm92ZSwgIiQxICQyIiBtZWFucyBhIHN0cmluZyB3aG9zZSB2YXJpYWJsZXMgc2V0IGlzCiMgdGhlIHVuaW9uIG9mIHRoZSB2YXJpYWJsZXMgc2V0IG9mICIkMSIgYW5kICIkMiIuCiMKIyBOb3RlOiBUaGUgbWluaW1hbCB1c2Ugb2YgYmFja3F1b3RlIGFib3ZlIGVuc3VyZXMgdGhhdCB0cmFpbGluZyBuZXdsaW5lcyBhcmUKIyBub3QgZHJvcHBlZCwgbm90IGZyb20gdGhlIGdldHRleHQgaW52b2NhdGlvbiBhbmQgbm90IGZyb20gdGhlIHZhbHVlIG9mIGFueQojIHNoZWxsIHZhcmlhYmxlLgojCiMgTm90ZTogRmllbGQgc3BsaXR0aW5nIG9uIHRoZSBgZW52c3Vic3QgLS12YXJpYWJsZXMgLi4uYCByZXN1bHQgaXMgZGVzaXJlZCwKIyBzaW5jZSBlbnZzdWJzdCBvdXRwdXRzIHRoZSB2YXJpYWJsZXMsIHNlcGFyYXRlZCBieSBuZXdsaW5lcy4gUGF0aG5hbWUKIyB3aWxkY2FyZCBleHBhbnNpb24gb3IgdGlsZGUgZXhwYW5zaW9uIGhhcyBubyBlZmZlY3QgaGVyZSwgc2luY2UgdGhlIHdvcmRzCiMgb3V0cHV0IGJ5ICJlbnZzdWJzdCAtLXZhcmlhYmxlcyAuLi4iIGNvbnNpc3Qgc29sZWx5IG9mIGFscGhhbnVtZXJpYwojIGNoYXJhY3RlcnMgYW5kIHVuZGVyc2NvcmUuCg=="}
+00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518852431973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518852431973,"pkt":"AAAAAAAAAAAAAAAACABFAAA85V5AAEAGV1t\/AAABfwAAAda6gjU3oi0zAAAAAKAC\/9f+MAAAAgT\/1wQCCAqKF\/qZAAAAAAEDAwc="}
+00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518852431989,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI11rrf\/TBpN6ItNKAS\/8v+MAAAAgT\/1wQCCAqKF\/qZihf6mQEDAwc="}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1712518852431999,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518852431999,"pkt":"AAAAAAAAAAAAAAAACABFAAA05V9AAEAGV2J\/AAABfwAAAda6gjU3oi003\/0waoAQAgD+KAAAAQEICooX+pmKF\/qZ"}
+07468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1712518852432050,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":5254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":5254,"pkt_l4_len":5220,"thread_ts_usec":1712518852432050,"pkt":"AAAAAAAAAAAAAAAACABFABR45WBAAEAGQx1\/AAABfwAAAda6gjU3oi003\/0waoAYAgASbQAAAQEICooX+pqKF\/qZIyEgL2Jpbi9zaAojCiMgQ29weXJpZ2h0IChDKSAyMDAzLCAyMDA1LTIwMDcsIDIwMTEsIDIwMTgtMjAyMCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KIwojIFRoaXMgcHJvZ3JhbSBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5CiMgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5CiMgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbjsgZWl0aGVyIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBvcgojIChhdCB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0aGUKIyBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KIwojIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBzZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KIwoKIyBGaW5kIGEgd2F5IHRvIGVjaG8gc3RyaW5ncyB3aXRob3V0IGludGVycHJldGluZyBiYWNrc2xhc2guCmlmIHRlc3QgIlhgKGVjaG8gJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgZWNobz0nZWNobycKZWxzZQogIGlmIHRlc3QgIlhgKHByaW50ZiAnJXNcbicgJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgICBlY2hvPSdwcmludGYgJXNcbicKICBlbHNlCiAgICBlY2hvX2Z1bmMgKCkgewogICAgICBjYXQgPDxFT1QKJCoKRU9UCiAgICB9CiAgICBlY2hvPSdlY2hvX2Z1bmMnCiAgZmkKZmkKCiMgVGhpcyBzY3JpcHQgaXMgcHJpbWFyaWx5IGEgc2hlbGwgZnVuY3Rpb24gbGlicmFyeS4gSW4gb3JkZXIgZm9yCiMgIi4gZ2V0dGV4dC5zaCIgdG8gZmluZCBpdCwgd2UgaW5zdGFsbCBpdCBpbiAkUFJFRklYL2JpbiAodGhhdCBpcyB1c3VhbGx5CiMgY29udGFpbmVkIGluICRQQVRIKSwgcmF0aGVyIHRoYW4gaW4gc29tZSBvdGhlciBsb2NhdGlvbiBzdWNoIGFzCiMgJFBSRUZJWC9zaGFyZS9zaC1zY3JpcHRzIG9yICRQUkVGSVgvc2hhcmUvZ2V0dGV4dC4gSW4gb3JkZXIgdG8gbm90IHZpb2xhdGUKIyB0aGUgRmlsZXN5c3RlbSBIaWVyYXJjaHkgU3RhbmRhcmQgd2hlbiBkb2luZyBzbywgdGhpcyBzY3JpcHQgaXMgZXhlY3V0YWJsZS4KIyBUaGVyZWZvcmUgaXQgbmVlZHMgdG8gc3VwcG9ydCB0aGUgc3RhbmRhcmQgLS1oZWxwIGFuZCAtLXZlcnNpb24uCmlmIHRlc3QgLXogIiR7WlNIX1ZFUlNJT04rc2V0fSI7IHRoZW4KICAjIHpzaCBpcyBub3QgUE9TSVggY29tcGxpYW50OiBCeSBkZWZhdWx0LCB3aGlsZSAiLiBnZXR0ZXh0LnNoIiBpcyBleGVjdXRlZCwKICAjIGl0IHNldHMgJDAgdG8gImdldHRleHQuc2giLCBkZWZlYXRpbmcgdGhlIHB1cnBvc2Ugb2YgdGhpcyB0ZXN0LiBCdXQKICAjIGZvcnR1bmF0ZWx5IHdlIGtub3cgdGhhdCB3aGVuIHJ1bm5pbmcgdW5kZXIgenNoLCB0aGlzIHNjcmlwdCBpcyBhbHdheXMKICAjIGJlaW5nIHNvdXJjZWQsIG5vdCBleGVjdXRlZCwgYmVjYXVzZSBoYXJkbHkgYW55b25lIGlzIGNyYXp5IGVub3VnaCB0bwogICMgaW5zdGFsbCB6c2ggYXMgL2Jpbi9zaC4KICBjYXNlICIkMCIgaW4KICAgIGdldHRleHQuc2ggfCAqL2dldHRleHQuc2ggfCAqXFxnZXR0ZXh0LnNoKQogICAgICBwcm9nbmFtZT0kMAogICAgICBwYWNrYWdlPWdldHRleHQtcnVudGltZQogICAgICB2ZXJzaW9uPTAuMjEKICAgICAgIyBmdW5jX3VzYWdlCiAgICAgICMgb3V0cHV0cyB0byBzdGRvdXQgdGhlIC0taGVscCB1c2FnZSBtZXNzYWdlLgogICAgICBmdW5jX3VzYWdlICgpCiAgICAgIHsKICAgICAgICBlY2hvICJHTlUgZ2V0dGV4dCBzaGVsbCBzY3JpcHQgZnVuY3Rpb24gbGlicmFyeSB2ZXJzaW9uICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIlVzYWdlOiAuIGdldHRleHQuc2giCiAgICAgIH0KICAgICAgIyBmdW5jX3ZlcnNpb24KICAgICAgIyBvdXRwdXRzIHRvIHN0ZG91dCB0aGUgLS12ZXJzaW9uIG1lc3NhZ2UuCiAgICAgIGZ1bmNfdmVyc2lvbiAoKQogICAgICB7CiAgICAgICAgZWNobyAiJHByb2duYW1lIChHTlUgJHBhY2thZ2UpICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIkNvcHlyaWdodCAoQykgMjAwMy0yMDIwIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgpMaWNlbnNlIEdQTHYyKzogR05VIEdQTCB2ZXJzaW9uIDIgb3IgbGF0ZXIgPGh0dHBzOi8vZ251Lm9yZy9saWNlbnNlcy9ncGwuaHRtbD4KVGhpcyBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgYXJlIGZyZWUgdG8gY2hhbmdlIGFuZCByZWRpc3RyaWJ1dGUgaXQuClRoZXJlIGlzIE5PIFdBUlJBTlRZLCB0byB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcuIgogICAgICAgIGVjaG8gIldyaXR0ZW4gYnkiICJCcnVubyBIYWlibGUiCiAgICAgIH0KICAgICAgaWYgdGVzdCAkIyA9IDE7IHRoZW4KICAgICAgICBjYXNlICIkMSIgaW4KICAgICAgICAgIC0taGVscCB8IC0taGVsIHwgLS1oZSB8IC0taCApCiAgICAgICAgICAgIGZ1bmNfdXNhZ2U7IGV4aXQgMCA7OwogICAgICAgICAgLS12ZXJzaW9uIHwgLS12ZXJzaW8gfCAtLXZlcnNpIHwgLS12ZXJzIHwgLS12ZXIgfCAtLXZlIHwgLS12ICkKICAgICAgICAgICAgZnVuY192ZXJzaW9uOyBleGl0IDAgOzsKICAgICAgICBlc2FjCiAgICAgIGZpCiAgICAgIGZ1bmNfdXNhZ2UgMT4mMgogICAgICBleGl0IDEKICAgICAgOzsKICBlc2FjCmZpCgojIGV2YWxfZ2V0dGV4dCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBhbmQgc3Vic3RpdHV0ZXMgc2hlbGwgdmFyaWFibGVzIGluIHRoZQojIHJlc3VsdC4KZXZhbF9nZXR0ZXh0ICgpIHsKICBnZXR0ZXh0ICIkMSIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSJgOyBlbnZzdWJzdCAiJDEiKQp9CgojIGV2YWxfbmdldHRleHQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBhbmQgc3Vic3RpdHV0ZXMKIyBzaGVsbCB2YXJpYWJsZXMgaW4gdGhlIHJlc3VsdC4KZXZhbF9uZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgIiQxIiAiJDIiICIkMyIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSAkMiJgOyBlbnZzdWJzdCAiJDEgJDIiKQp9CgojIGV2YWxfcGdldHRleHQgTVNHQ1RYVCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBpbiB0aGUgY29udGV4dCBNU0dDVFhUIGFuZCBzdWJzdGl0dXRlcwojIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX3BnZXR0ZXh0ICgpIHsKICBnZXR0ZXh0IC0tY29udGV4dD0iJDEiICIkMiIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiJgOyBlbnZzdWJzdCAiJDIiKQp9CgojIGV2YWxfbnBnZXR0ZXh0IE1TR0NUWFQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBpbiB0aGUgY29udGV4dAojIE1TR0NUWFQgYW5kIHN1YnN0aXR1dGVzIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX25wZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgLS1jb250ZXh0PSIkMSIgIiQyIiAiJDMiICIkNCIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiAkMyJgOyBlbnZzdWJzdCAiJDIgJDMiKQp9CgojIE5vdGU6IFRoaXMgdXNlIG9mIGVudnN1YnN0IGlzIG11Y2ggc2FmZXIgdGhhbiB1c2luZyB0aGUgc2hlbGwgYnVpbHQtaW4gJ2V2YWwnCiMgd291bGQgYmUuCiMgMSkgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBDaGluZXNlIHRyYW5zbGF0aW9ucyB0aGF0IGhhcHBlbiB0byB1c2UgYQojICAgIGNoYXJhY3RlciBzdWNoIGFzIFx4ZTBceDYwIGlzIGF2b2lkZWQuCiMgMikgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBtYWxldm9sZW50IHRyYW5zbGF0b3JzIHdobyBwdXQgaW4gY29tbWFuZCBsaXN0cwojICAgIGxpa2UgIiQoLi4uKSIgb3IgImAuLi5gIiBpcyBhdm9pZGVkLgojIDMpIFRoZSB0cmFuc2xhdGlvbnMgY2FuIG9ubHkgcmVmZXIgdG8gc2hlbGwgdmFyaWFibGVzIHRoYXQgYXJlIGFscmVhZHkKIyAgICBtZW50aW9uZWQgaW4gTVNHSUQgb3IgTVNHSUQtUExVUkFMLgojCiMgTm90ZTogImV4cG9ydCBQQVRIIiBhYm92ZSBpcyBhIGR1bW15OyB0aGlzIGlzIGZvciB0aGUgY2FzZSB3aGVuCiMgYGVudnN1YnN0IC0tdmFyaWFibGVzIC4uLmAgcmV0dXJucyBub3RoaW5nLgojCiMgTm90ZTogSW4gZXZhbF9uZ2V0dGV4dCBhYm92ZSwgIiQxICQyIiBtZWFucyBhIHN0cmluZyB3aG9zZSB2YXJpYWJsZXMgc2V0IGlzCiMgdGhlIHVuaW9uIG9mIHRoZSB2YXJpYWJsZXMgc2V0IG9mICIkMSIgYW5kICIkMiIuCiMKIyBOb3RlOiBUaGUgbWluaW1hbCB1c2Ugb2YgYmFja3F1b3RlIGFib3ZlIGVuc3VyZXMgdGhhdCB0cmFpbGluZyBuZXdsaW5lcyBhcmUKIyBub3QgZHJvcHBlZCwgbm90IGZyb20gdGhlIGdldHRleHQgaW52b2NhdGlvbiBhbmQgbm90IGZyb20gdGhlIHZhbHVlIG9mIGFueQojIHNoZWxsIHZhcmlhYmxlLgojCiMgTm90ZTogRmllbGQgc3BsaXR0aW5nIG9uIHRoZSBgZW52c3Vic3QgLS12YXJpYWJsZXMgLi4uYCByZXN1bHQgaXMgZGVzaXJlZCwKIyBzaW5jZSBlbnZzdWJzdCBvdXRwdXRzIHRoZSB2YXJpYWJsZXMsIHNlcGFyYXRlZCBieSBuZXdsaW5lcy4gUGF0aG5hbWUKIyB3aWxkY2FyZCBleHBhbnNpb24gb3IgdGlsZGUgZXhwYW5zaW9uIGhhcyBubyBlZmZlY3QgaGVyZSwgc2luY2UgdGhlIHdvcmRzCiMgb3V0cHV0IGJ5ICJlbnZzdWJzdCAtLXZhcmlhYmxlcyAuLi4iIGNvbnNpc3Qgc29sZWx5IG9mIGFscGhhbnVtZXJpYwojIGNoYXJhY3RlcnMgYW5kIHVuZGVyc2NvcmUuCg=="}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1712518852432050,"flow_dst_last_pkt_time":1712518852432056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518852432056,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pvJAAEAGlc9\/AAABfwAAAYI11rrf\/TBqN6JBeIAQAen+KAAAAQEICooX+pqKF\/qa"}
+00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518790473885,"flow_dst_last_pkt_time":1712518790473904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518790473885,"flow_dst_last_pkt_time":1712518790473904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01100{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01103{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1712518853691948}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 18/18
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 12250 bytes
+~~ total detected protocols..: 0
+~~ total active/idle flows...: 4/4
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 5514440 bytes
+~~ total memory freed........: 5514440 bytes
+~~ total allocations/frees...: 85918/85918
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 544 chars
+~~ json message max len.......: 7473 chars
+~~ json message avg len.......: 4007 chars
diff --git a/test/results/default/signal.pcap.out b/test/results/default/signal.pcap.out
index 9a0516677..fd692badd 100644
--- a/test/results/default/signal.pcap.out
+++ b/test/results/default/signal.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569051245838268}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569051245838268}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051245838268,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}}
@@ -172,7 +172,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":95,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267569935,"flow_dst_last_pkt_time":1569051267601717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":195730,"flow_dst_tot_l4_payload_len":3003,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Signal","proto_id":"5.39","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":27,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1569051267601717}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":27,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1569051267601717}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 637/637
 ~~ skipped flows.............: 0
@@ -181,8 +181,8 @@
 ~~ total active/idle flows...: 19/19
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5786612 bytes
-~~ total memory freed........: 5786612 bytes
+~~ total memory allocated....: 5786924 bytes
+~~ total memory freed........: 5786924 bytes
 ~~ total allocations/frees...: 86827/86827
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/simple-dnscrypt.pcap.out b/test/results/default/simple-dnscrypt.pcap.out
index 2e7698ee7..f2ffe31ef 100644
--- a/test/results/default/simple-dnscrypt.pcap.out
+++ b/test/results/default/simple-dnscrypt.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1491813284555591}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1491813284555591}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284555591,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284555591,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284666208,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"}
@@ -42,7 +42,7 @@
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286718876,"flow_dst_last_pkt_time":1491813286718848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286753444,"flow_dst_last_pkt_time":1491813286753424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286845298,"flow_dst_last_pkt_time":1491813286913648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":8306,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1491813286913648}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1491813286913648}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 111/111
 ~~ skipped flows.............: 0
@@ -51,8 +51,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5597152 bytes
-~~ total memory freed........: 5597152 bytes
+~~ total memory allocated....: 5597224 bytes
+~~ total memory freed........: 5597224 bytes
 ~~ total allocations/frees...: 86052/86052
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/sip.pcap.out b/test/results/default/sip.pcap.out
index 5a3861b94..b04a81cdd 100644
--- a/test/results/default/sip.pcap.out
+++ b/test/results/default/sip.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469572844249}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469572844249}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -23,7 +23,7 @@
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470085961798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":5813,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1120470187658020}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1120470187658020}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 02291{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -34,7 +34,7 @@
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1120470796804243}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1120470796804243}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -56,7 +56,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1120471094413365}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1120471094413365}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 112/112
 ~~ skipped flows.............: 0
@@ -65,10 +65,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507737 bytes
-~~ total memory freed........: 5507737 bytes
+~~ total memory allocated....: 5507809 bytes
+~~ total memory freed........: 5507809 bytes
 ~~ total allocations/frees...: 86005/86005
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 565 chars
+~~ json message min len.......: 563 chars
 ~~ json message max len.......: 2296 chars
-~~ json message avg len.......: 1429 chars
+~~ json message avg len.......: 1428 chars
diff --git a/test/results/default/sip_hello.pcapng.out b/test/results/default/sip_hello.pcapng.out
index 4c481d440..9a339d67c 100644
--- a/test/results/default/sip_hello.pcapng.out
+++ b/test/results/default/sip_hello.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515834707950}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515834707950}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834707950,"pkt":"AAAAAAAAAAIAsZqMCABFAAAh925AAP0RDAoK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834709790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834709790,"pkt":"AAAAAAAAAAUAlkboCABFAAAhAABAAEARwHmsHSZbCu+c6xPEE8QADRonaGVsbG8AAAAAAAAAAAA="}
@@ -17,7 +17,7 @@
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516227953912,"flow_dst_last_pkt_time":1645516227955969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":1104,"midstream":0,"thread_ts_usec":1645516227955969,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516277109636,"flow_dst_last_pkt_time":1645516277111440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":1109,"midstream":0,"thread_ts_usec":1645516277111440,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516326265358,"flow_dst_last_pkt_time":1645516326267438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1962,"flow_dst_tot_l4_payload_len":2172,"midstream":0,"thread_ts_usec":1645516326267438,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1645516326267438}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1645516326267438}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498843 bytes
-~~ total memory freed........: 5498843 bytes
+~~ total memory allocated....: 5498867 bytes
+~~ total memory freed........: 5498867 bytes
 ~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/sites.pcapng.out b/test/results/default/sites.pcapng.out
index 911cdd76e..e19cdc5a1 100644
--- a/test/results/default/sites.pcapng.out
+++ b/test/results/default/sites.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595957694169758}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595957694169758}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694169758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694169758,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694175849,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="}
@@ -7,7 +7,7 @@
 01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694181636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1595957694188758,"pkt":"mt9Y+uvcCL6sCxduCABFAAEMv+hAAFUGV\/JFq\/oUwKgMqQG7tFDMBUIj8UlFNoAYAHHhaAAAAQEICrByKRd3CGAFFgMDAIACAAB8AwPUEITn7mCrvulT\/NdcXKN5KijcI4g9k3CK2XQ772s3WyCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unBMBAAA0ACsAAvsaADMAJAAdACAO0nP6nc6Qo9rpWYhM5FN2IQ7onG5IGH\/bMnw97GrsYgApAAIAABQDAwABARcDAwBIGZYMK775StJv8IeA6uX06XwsLuMhuuiwj099ayB3wMQVpJF0HhA8WjwU9NAQeMRhHSdrrGCE3zuMW3mj8V6sAMmDjxeKSHVB"}
 01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1595957694188758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_2d3f7b9fe3d5","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623221441867993}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623221441867993}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441867993,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441867993,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441879742,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="}
@@ -17,7 +17,7 @@
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441907431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441907431,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA09P1AADgGz0Zcel9jwKgB+gG7o5aALohLO00CYIAQAfoH2wAAAQEICh6qWEaqdeGJ"}
 01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1623221442073719,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623222051753416}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623222051753416}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051753416,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051753416,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051852336,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"}
@@ -28,7 +28,7 @@
 01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t00d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 01550{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","ja4":"t00d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}}}
 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221458497766,"flow_dst_last_pkt_time":1623221458494846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2486,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1623222052202072,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1623223595952198}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1623223595952198}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223595952198,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595952198,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595999034,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="}
@@ -39,7 +39,7 @@
 01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596004515,"flow_dst_last_pkt_time":1623223596052201,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623223596052201,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","tls": {"version":"TLSv1.3","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1815h2_e8a523a41297_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 02132{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596109406,"flow_dst_last_pkt_time":1623223596108936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":16479,"midstream":0,"thread_ts_usec":1623223596109406,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10127.3,"max":52937,"stddev":19772.5,"var":390950848.0,"ent":2.8,"data": [46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235]},"pktlen": {"min":52,"avg":599.8,"max":1500,"stddev":646.4,"var":417856.7,"ent":4.1,"data": [60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0],"entropies": [4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222112086485,"flow_dst_last_pkt_time":1623222112185361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":6554,"midstream":0,"thread_ts_usec":1623223596203292,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1623226283573712}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1623226283573712}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226283573712,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623226283573712,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283601626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623226283601626,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"}
@@ -49,7 +49,7 @@
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623226283612303,"flow_dst_last_pkt_time":1623226283640806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623226283640806,"pkt":"AoEfHBPlpJGxgjQ5CABFAAAox9pAADMGns0tUvEzwKgB+gBQm9LNImc+F4AsfVAQAB66DQAAAAAAAAAA"}
 02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226284678348,"flow_dst_last_pkt_time":1623226284677149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":18862,"midstream":0,"thread_ts_usec":1623226284678348,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":71228.2,"max":1031142,"stddev":245139.1,"var":60093177856.0,"ent":1.6,"data": [27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0]},"pktlen": {"min":46,"avg":645.1,"max":1500,"stddev":701.2,"var":491744.0,"ent":4.0,"data": [60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46]},"bins": {"c_to_s": [15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0],"entropies": [4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223766553269,"flow_dst_last_pkt_time":1623223766548680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1177,"flow_dst_tot_l4_payload_len":16557,"midstream":0,"thread_ts_usec":1623226286427901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1631088115362469}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1631088115362469}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115362469,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115362469,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115376274,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="}
@@ -60,7 +60,7 @@
 01321{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1344,"midstream":0,"thread_ts_usec":1631088115392643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 01538{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115392667,"flow_dst_last_pkt_time":1631088115392674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4032,"midstream":0,"thread_ts_usec":1631088115392674,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","tls": {"version":"TLSv1.2","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}}}
 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":54,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226466507324,"flow_dst_last_pkt_time":1623226466414542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":71491,"midstream":0,"thread_ts_usec":1631088115406479,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1637349011376367}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1637349011376367}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011376367,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011376367,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393884,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="}
@@ -70,7 +70,7 @@
 01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00976{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088168165179,"flow_dst_last_pkt_time":1631088168165177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1637349011425927,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642584017659993}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642584017659993}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017659993,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017659993,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017680129,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="}
@@ -80,12 +80,12 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017706128,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0SOBAADcGrjMXDGhTwKgMqQG7mVB1nT8b8ztGS4AQAfocSAAAAQEICrDe8zFYVYYZ"}
 01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1713ht_5b57614c22b0_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011425914,"flow_dst_last_pkt_time":1637349011425927,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":6975,"midstream":0,"thread_ts_usec":1642584019409362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1643355518166568}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1643355518166568}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1643355518166568,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="}
 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","quic": {"user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"a27a03a8478393fe7f8958648bb71ff4","ja3s":"","ja4":"q13d0310h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
 00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584019409362,"flow_dst_last_pkt_time":1642584019407774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":924,"flow_dst_tot_l4_payload_len":5666,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1646482623895784}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1646482623895784}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623895784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482623895784,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482623937401,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"}
@@ -277,7 +277,7 @@
 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821762,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch65AAOYGfOEoYaACwKgBgAG7m5Tksd5e67EgM1AQCAPV9wAAFgMDEU4CAABZAwNiI1ZE1H27b6T6JRvCm\/MD0luKFyMTDe3jrQbpiHy4ICC5MgAADb+Tw4RbiKuNvdQaqUF3iqCf4+0IdypYCofcN8AwAAARAAUAAAAjAAAAFwAA\/wEAAQALAA2dAA2aAAiqMIIIpjCCB46gAwIBAgIQBlZfm2qDLxvIgJ9OV3KS5zANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxEaWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMTIyMjAwMDAwMFoXDTIyMTIyMjIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9wlkgtAgWRPrtQjN+hjPY9n1E5BhRmtLNo5GgPTzKcmU9tJGqc3zsJF3xgbCIc1AB8dt7DonJfZNasePo6d0IRrMqsbrNLn0GUGS9qjY3dLxV51XQ61Sd9T5EQIE\/XwKZh3BtIehwUH0rE3omOA9+auyHPSNQb+BS4A5N6ZgG9TmdvEIgWfY9f1Id2M+DUxfatVW0Jp89Wvw8GBDfyzllLm0\/EDzmv3rk1vx4MWpb91yl2TwrYu1EMiyNNtVWRMGhTp1gkz5aMgVZO6TpdbLjcEUMxNrBEfUptVSqyzS++eERCA14Kg2rdfoONwwYHx3GIbJwcFbAJhsLXa\/I7dxAgMBAAGjggVlMIIFYTAfBgNVHSMEGDAWgBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAdBgNVHQ4EFgQU3Odtv0FtIj23r9K5dpo4sXI2NS8wggIQBgNVHREEggIHMIICA4IWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYINKi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2ZmaWNlMzY1LmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CDCoub2ZmaWNlLmNvbYISb3V0bG9vay5vZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIbYXR0YWNobWVudC5vdXRsb29rLmxpdmUubmV0gh1hdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlLm5ldIIgYXR0YWNobWVudC5vdXRsb29rLm9mZmljZXBwZS5uZXSCFmF0dGFjaG1lbnRzLm9mZmljZS5uZXSCFiouY2xvLmZvb3RwcmludGRucy5jb22CFioubnJiLmZvb3RwcmludGRucy5jb22CHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CGHN1YnN0cmF0ZS1zZGYub2ZmaWNlLmNvbYIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5uZXSCCioubGl2ZS5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CC2hvdG1haWwuY29tgg0qLmhvdG1haWwuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA\/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmw="}
 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch69AAOYGfOAoYaACwKgBgAG7m5TkseQS67EgM1AQCAPVywAAMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX3fdqGRAAAEAwBHMEUCIG19vZQ3ztPNq5S85GBThQ4+TBDHFxFC0nXZ4LXpUu3rAiEA8+M15TzZmOUopQftFbHUpCuDhU09pI7ZIoZ4rqlvzwYAdwBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX3fdqIKAAAEAwBIMEYCIQCCt\/CWyrB3z5L9JJQqtKhuKwSHXVPO\/nIzLQIRvE8QSAIhALAUu2+684sYBmTAWbK9qLsoHMJRLVDtf7PKkkuPEhCsAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF933aiIAAABAMARjBEAiAmY6DHSC0PRZfjQURv9gfH7XNEvLtjnimdIZ9DL1pP\/wIgEm240\/6jgHbB2vouW4klCYLhx1mBUl2EGyo40QGnLN8wDQYJKoZIhvcNAQELBQADggEBAKs0Do0f0D7XJa8EwMbjj8gm+KWD\/Y615EL0mYouOSdmvSw1h3kWcf3Z3gP9p7LPMTiWc9WgaATbbQQyCdIiD4lE+y\/Hgw+bok2WmRbY6mYbpvHNrk5MrGqzAuJQP6PKt3aBz7PPYPmXPTacuSVPid0KRE9WekJR9Qbk7uWzQ9sUrU4qL0vpapgXTftedAVBzNTW+x6T9ZQXCGPbPWrvcN8p2WRUpvQPorVZ+8K6hKQ74Unfe858rN6lgFCEo0o1k\/W4HSPYM\/GX2BRkg5zPfLO7nMgTuWoOm6j0aPk8QFiDRXKTGIlkTm3CU1U8PU5zGVtJrxLepFiwH8haosDkiUMABOowggTmMIIDzqADAgECAhAPFxpIxvIjgJIYzS7W3cDoMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTIwMDkyNTAwMDAwMFoXDTMwMDkyNDIzNTk1OVowSzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzElMCMGA1UEAxMcRGlnaUNlcnQgQ2xvdWQgU2VydmljZXMgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGt9ocUeVQnV8cvBWg8mzzNZ+xFECyE8qRHxNlTQkUJu+T+M8HXvEYv0Yvmt7VneHxqcL79uOW2VM9MXqy4InRzVSkIc8hk99CVCQ55g1C\/X\/XUzJtCYY6ABLlBqs5OEpmbrNbFvlsCc7UWpKtxYtSY6kA5hab2uy\/o54fCi\/acMs3s+D6\/ied0I4JL2uq\/c6YlPP2\/qeVo\/\/gwomDHOy6j88V\/Ozv9DzGhfHQP0L8UxL1o8aXna6ffmwB+RiVO5ugT8\/YGx9RvCycgQl1hvD9g0nyWcsl8sIv\/+UgFUwT6Iq+3zVFdbd2QdAPwM0\/0x8A+VkZHr3Mgi9x6PqPyXf8CAwEAAaOCAa4wggGqMB0GA1UdDgQWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAfBgM="}
 02014{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4435,"midstream":0,"thread_ts_usec":1646483012821897,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","tls": {"version":"TLSv1.2","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","ja4":"t13d1715h2_5b57614c22b0_3d5424432f57","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":38,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":280,"global_ts_usec":1646495488872237}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":38,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":280,"global_ts_usec":1646495488872237}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488872237,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488872237,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488880478,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="}
@@ -379,7 +379,7 @@
 01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"plus.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"b719940c5ab9a3373cb4475d8143ff88","ja3s":"","ja4":"q13d0314h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837102627,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="}
 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646495837102627,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":47,"total-updates":1,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":382,"global_ts_usec":1646568788171099}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":47,"total-updates":1,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":382,"global_ts_usec":1646568788171099}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788171099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788171099,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788337647,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="}
@@ -399,7 +399,7 @@
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650812560,"flow_dst_last_pkt_time":1646495650832457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4252,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","proto_id":"91.254","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":49,"total-updates":1,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":402,"global_ts_usec":1705785496290955}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":49,"total-updates":1,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":402,"global_ts_usec":1705785496290955}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705785496290955,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496290955,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496290955,"pkt":"SKmKCiNt8C90rUP1CABFAAA8WxFAAEAGa0rAqFjnuQWhy4SAAbsqMmHbAAAAAKACfXh0jwAAAgQFtAQCCAqBTLs4AAAAAAEDAwc="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1705785496290955,"flow_dst_last_pkt_time":1705785496317442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705785496317442,"pkt":"8C90rUP1SKmKCiNtCABFAAA8AABAADgGzlu5BaHLwKhY5wG7hIDVhr3LKjJh3KAS\/oimXQAAAgQFoAQCCAoinSn+gUy7OAEDAwc="}
@@ -417,7 +417,7 @@
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1705785496365954,"pkt":"8C90rUP1SKmKCiNtCABFAAAoTbhAAOYGzf2fmb\/wwKhY5wG7wx6oa+tFx38bIVAQAf75kAAAAADOeU3u"}
 01767{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"accounts.ea.com","tls": {"version":"TLSv1.2","server_names":"accounts.ea.com","ja3":"57fbe0aefee44901190849b0e877a5e1","ja3s":"7b6819ed58e8d8415604b7dfcef92d55","ja4":"t13d571100_131602cb7446_6c96259584c4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=CALIFORNIA, L=Redwood City, O=Electronic Arts, Inc., CN=accounts.ea.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"6E:9C:F6:59:DD:52:AA:1B:73:A6:B5:29:71:59:89:7D:B5:46:67:3D"}}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788681368,"flow_dst_last_pkt_time":1646568788847834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":3594,"midstream":0,"thread_ts_usec":1705785496365954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","proto_id":"91.187","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":243720,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":51,"total-updates":1,"current-active-flows":2,"total-active-flows":49,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":420,"global_ts_usec":1708371748027374}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":243720,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":45,"total-detection-updates":51,"total-updates":1,"current-active-flows":2,"total-active-flows":49,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":420,"global_ts_usec":1708371748027374}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708371748027374,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748027374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708371748027374,"pkt":"ILAB4IZiNObXAhsnCABFAAA8gTRAAEAGkffAqAH1oCzExtWiAbvECMZsAAAAAKAC+vAnvwAAAgQFtAQCCArUZE7pAAAAAAEDAwc="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1708371748027374,"flow_dst_last_pkt_time":1708371748055776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1708371748055776,"pkt":"NObXAhsnILAB4IZiCABFAAA0AABAAC8GJDSgLMTGwKgB9QG71aITcGZwxAjGbYASchD5sQAAAgQFrAEBBAIBAwMJ"}
@@ -444,7 +444,7 @@
 01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750158421,"flow_dst_last_pkt_time":1708371750161724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":678,"flow_dst_tot_l4_payload_len":3624,"midstream":0,"thread_ts_usec":1708371750161724,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"contentcenter-dre.dbankcdn.com","tls": {"version":"TLSv1.3","ja3":"b5001237acdf006056b409cc433726b0","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1715h2_5b57614c22b0_5c2c66f702b0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1705785496290955,"flow_src_last_pkt_time":1705785496323878,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"185.5.161.203","src_port":33920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1705785496365954,"flow_src_last_pkt_time":1705785496365954,"flow_dst_last_pkt_time":1705785496365954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3087,"midstream":0,"thread_ts_usec":1708371750169001,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"159.153.191.240","src_port":49950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ElectronicArts","proto_id":"91.389","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":276215,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":54,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":447,"global_ts_usec":1708719352773616}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":276215,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":48,"total-detection-updates":54,"total-updates":1,"current-active-flows":3,"total-active-flows":52,"total-idle-flows":49,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":447,"global_ts_usec":1708719352773616}
 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708719352773616,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708719352773616,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352773616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352773616,"pkt":"ILAB4IZiNObXAhsnht1gDW8BACgGQCABCwcKPcESmgC6eIax4XcgAQZ8BOjwBAAAAAAAAAAJvdIBu4y3QWIAAAAAoAL\/KM6bAAACBAWMBAIICh++fS8AAAAAAQMDBw=="}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1708719352773616,"flow_dst_last_pkt_time":1708719352791118,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1708719352791118,"pkt":"NObXAhsnILAB4IZiht1gDcpXACgGNiABBnwE6PAEAAAAAAAAAAkgAQsHCj3BEpoAuniGseF3Abu90sxyPm+Mt0FjoBJvkDRGAAACBATEBAIICmIWPwsfvn0vAQMDCg=="}
@@ -472,7 +472,7 @@
 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1708371748597659,"flow_src_last_pkt_time":1708371749213915,"flow_dst_last_pkt_time":1708371749213883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1027,"flow_dst_max_l4_payload_len":3900,"flow_src_tot_l4_payload_len":3616,"flow_dst_tot_l4_payload_len":12100,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.158.42.215","src_port":49558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1708371748027374,"flow_src_last_pkt_time":1708371748206605,"flow_dst_last_pkt_time":1708371748165737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":4380,"flow_src_tot_l4_payload_len":1281,"flow_dst_tot_l4_payload_len":9124,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"160.44.196.198","src_port":54690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1708371750154536,"flow_src_last_pkt_time":1708371750169001,"flow_dst_last_pkt_time":1708371750165742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":678,"flow_dst_max_l4_payload_len":3624,"flow_src_tot_l4_payload_len":1269,"flow_dst_tot_l4_payload_len":5105,"midstream":0,"thread_ts_usec":1708719353862698,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:c044:a6d4:80d:5d55","dst_ip":"2600:9000:25ea:1200:1:12d8:5a00:93a1","src_port":39970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.HuaweiCloud","proto_id":"91.399","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":289890,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":51,"total-detection-updates":57,"total-updates":1,"current-active-flows":3,"total-active-flows":55,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":475,"global_ts_usec":1708962497309716}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":289890,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":51,"total-detection-updates":57,"total-updates":1,"current-active-flows":3,"total-active-flows":55,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":475,"global_ts_usec":1708962497309716}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1708962497309716,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497309716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497309716,"pkt":"ILAB4IZiNObXAhsnCABFAAA8tohAAEAGpTvAqAH1BT0XHrReAbvuMckPAAAAAKAC+vDfJgAAAgQFtAQCCAoHPO3YAAAAAAEDAww="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1708962497309716,"flow_dst_last_pkt_time":1708962497355167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1708962497355167,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAADYGZcQFPRcewKgB9QG7tF7fzYik7jHJEKASqbCmNAAAAgQFoAQCCApaSfP3Bzzt2AEDAwk="}
@@ -485,7 +485,7 @@
 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1708719353812053,"flow_src_last_pkt_time":1708719353853281,"flow_dst_last_pkt_time":1708719353853244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":5660,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1708719353825157,"flow_src_last_pkt_time":1708719353862698,"flow_dst_last_pkt_time":1708719353862648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":659,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":659,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9a00:ba78:86b1:e177","dst_ip":"2001:67c:4e8:f004::9","src_port":48624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Telegram","proto_id":"91.185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1708962497309716,"flow_src_last_pkt_time":1708962497495798,"flow_dst_last_pkt_time":1708962497540736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":839,"flow_dst_max_l4_payload_len":2170,"flow_src_tot_l4_payload_len":1416,"flow_dst_tot_l4_payload_len":2875,"midstream":0,"thread_ts_usec":1708962497540736,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"5.61.23.30","src_port":46174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":628,"packets-processed":628,"total-skipped-flows":0,"total-l4-payload-len":294181,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":58,"total-updates":1,"current-active-flows":0,"total-active-flows":56,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":488,"global_ts_usec":1708962497540736}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":628,"packets-processed":628,"total-skipped-flows":0,"total-l4-payload-len":294181,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":52,"total-detection-updates":58,"total-updates":1,"current-active-flows":0,"total-active-flows":56,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":488,"global_ts_usec":1708962497540736}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 628/628
 ~~ skipped flows.............: 0
@@ -494,8 +494,8 @@
 ~~ total active/idle flows...: 56/56
 ~~ total timeout flows.......: 4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6222185 bytes
-~~ total memory freed........: 6222185 bytes
+~~ total memory allocated....: 6223089 bytes
+~~ total memory freed........: 6223089 bytes
 ~~ total allocations/frees...: 87751/87751
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/skinny.pcap.out b/test/results/default/skinny.pcap.out
index 9a4151a51..f46bc4535 100644
--- a/test/results/default/skinny.pcap.out
+++ b/test/results/default/skinny.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317801130501299}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317801130501299}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1317801130501299,"pkt":"ABTy5fxCAB56JnR1CABFYABAE3YAAEAGYUrAqMM6wKjBDMD3B9A1u8s7p8yxgFAYIAAcEAAAEAAAABQAAAAmAAAAAQAAAAAAAAAAAAAA"}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -58,7 +58,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134662589,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134649425,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2752,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":33,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134662995,"flow_dst_last_pkt_time":1317801134668514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":6192,"flow_dst_tot_l4_payload_len":5676,"midstream":0,"thread_ts_usec":1317801134668514,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":200,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1317801134668514}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":200,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":26764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1317801134668514}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 200/196
 ~~ skipped flows.............: 0
@@ -67,8 +67,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5516689 bytes
-~~ total memory freed........: 5516689 bytes
+~~ total memory allocated....: 5516809 bytes
+~~ total memory freed........: 5516809 bytes
 ~~ total allocations/frees...: 86122/86122
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/skype-conference-call.pcap.out b/test/results/default/skype-conference-call.pcap.out
index e02a979a0..839ff6a4a 100644
--- a/test/results/default/skype-conference-call.pcap.out
+++ b/test/results/default/skype-conference-call.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1501061916646303}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1501061916646303}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916646303,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="}
 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -9,7 +9,7 @@
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916708296,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTgAAG4RtBVoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="}
 02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916821040,"flow_dst_last_pkt_time":1501061916812989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":6417,"flow_dst_tot_l4_payload_len":1824,"midstream":0,"thread_ts_usec":1501061916821040,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":11013.6,"max":100094,"stddev":22446.4,"var":503839616.0,"ent":3.0,"data": [7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718]},"pktlen": {"min":63,"avg":285.5,"max":943,"stddev":317.0,"var":100457.8,"ent":4.3,"data": [132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121]},"bins": {"c_to_s": [0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0],"entropies": [5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":133,"flow_dst_packets_processed":67,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061918126158,"flow_dst_last_pkt_time":1501061918151791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":915,"flow_src_tot_l4_payload_len":19259,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1501061918151791,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1501061918151791}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1501061918151791}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 200/200
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503773 bytes
-~~ total memory freed........: 5503773 bytes
+~~ total memory allocated....: 5503797 bytes
+~~ total memory freed........: 5503797 bytes
 ~~ total allocations/frees...: 86060/86060
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 583 chars
+~~ json message min len.......: 581 chars
 ~~ json message max len.......: 2329 chars
-~~ json message avg len.......: 1378 chars
+~~ json message avg len.......: 1377 chars
diff --git a/test/results/default/smb_deletefile.pcap.out b/test/results/default/smb_deletefile.pcap.out
index 622383199..bb7164857 100644
--- a/test/results/default/smb_deletefile.pcap.out
+++ b/test/results/default/smb_deletefile.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584368315417275}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584368315417275}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_usec":1584368315417275,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="}
 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
@@ -9,7 +9,7 @@
 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584368317575781,"flow_dst_last_pkt_time":1584368317576871,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1584368317576871,"pkt":"KDc3AG3I2MuK4S0uCABFAAH8OLFAAIAGO8nAqAG7wKgBdgG93hDyQzQX6KAIKlAYEAdr9gAAAAAB0P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJ8PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAHF8fnEN3tQBwjwds5371QFsgQlGF1nVAZpBFPwbWdUBABAAAAAAAAAAEAAAAAAAABEAAAAAAAAAEwQAAAoAAADNAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAAC4AAAAoA8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASABwAAAAAAAAAAAAAABsgQlGF1nVAaWmw1ic+9UBpabDWJz71QGlpsNYnPvVAQAAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UGAAAABQBMAHUAYwBhAP5TTUJAAAEAAAAAAAYAAwAFAAAAAAAAAKEPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317627960,"flow_dst_last_pkt_time":1584368317628867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":412,"flow_dst_max_l4_payload_len":500,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":3826,"midstream":1,"thread_ts_usec":1584368317628867,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":20,"avg":142654.1,"max":2158424,"stddev":529256.2,"var":280112168960.0,"ent":1.2,"data": [1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895]},"pktlen": {"min":40,"avg":252.6,"max":540,"stddev":190.9,"var":36432.9,"ent":4.5,"data": [420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452]},"bins": {"c_to_s": [10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":39,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317802053,"flow_dst_last_pkt_time":1584368317801987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":476,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11034,"flow_dst_tot_l4_payload_len":14218,"midstream":1,"thread_ts_usec":1584368317802053,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584368317802053}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584368317802053}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 101/101
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500902 bytes
-~~ total memory freed........: 5500902 bytes
+~~ total memory allocated....: 5500926 bytes
+~~ total memory freed........: 5500926 bytes
 ~~ total allocations/frees...: 85961/85961
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out
index c0c61b414..8ab9d1ec9 100644
--- a/test/results/default/smb_frags.pcap.out
+++ b/test/results/default/smb_frags.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623514369772545}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623514369772545}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"}
@@ -8,7 +8,7 @@
 02403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="}
 01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":""}}
 01323{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623514370351676}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623514370351676}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500286 bytes
-~~ total memory freed........: 5500286 bytes
+~~ total memory allocated....: 5500310 bytes
+~~ total memory freed........: 5500310 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 563 chars
diff --git a/test/results/default/smbv1.pcap.out b/test/results/default/smbv1.pcap.out
index 8377cc969..c40a5c8f5 100644
--- a/test/results/default/smbv1.pcap.out
+++ b/test/results/default/smbv1.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492191036092974}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492191036092974}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492191036092974,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1492191036092974,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036120420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1492191036120420,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"}
@@ -8,7 +8,7 @@
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1492191036120691,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1492191036154924,"pkt":"AAwpAu9qAFBW6AqxCABFAADlcSMAAIAGdOoKgADzrBCcggG9xu+bfBqQ0ttpeFAY+vD0\/QAAAAAAuf9TTUJzAAAAAJgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAAA\/8AuQAAAJAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANwA2ADAAMQAgAFMAZQByAHYAaQBjAGUAIABQAGEAYwBrACAAMQAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANgAuADEAAABXAE8AUgBLAEcAUgBPAFUAUAAA"}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492191036157874,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1492191036157874,"pkt":"AFBW6AqxAAwpAu9qCABFAACGF9QAAIAGzpisEJyCCoAA88bvAb3S22l4m3wbTVAY+b51+wAAAAAAWv9TTUJ1AAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAABP8AWgAIAAEALwAAXABcADEAMAAuADEAMgA4AC4AMAAuADIANAAzAFwASQBQAEMAJAAAAD8\/Pz8\/AA=="}
 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036191677,"flow_dst_last_pkt_time":1492191036191436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1492191036191677,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492191036191677}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492191036191677}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500257 bytes
-~~ total memory freed........: 5500257 bytes
+~~ total memory allocated....: 5500281 bytes
+~~ total memory freed........: 5500281 bytes
 ~~ total allocations/frees...: 85870/85870
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 1326 chars
-~~ json message avg len.......: 934 chars
+~~ json message avg len.......: 933 chars
diff --git a/test/results/default/smpp_in_general.pcap.out b/test/results/default/smpp_in_general.pcap.out
index 93ede8f47..54357703e 100644
--- a/test/results/default/smpp_in_general.pcap.out
+++ b/test/results/default/smpp_in_general.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1217149853878966}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1217149853878966}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853878966,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1217149853878966,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1217149853879393,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"}
@@ -8,7 +8,7 @@
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853879690,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853886293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1217149853886293,"pkt":"ABbU5r3hAAKlxo7UCABFAAA9My4AADwGoR0K4so1CuLKdiMoBuqoDP5B5r37o1AY8AA72wAAAAAAFYAAAAIAAAAAAAAAAVNNU0MA"}
 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149884833956,"flow_dst_last_pkt_time":1217149884833947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1217149884833956,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1217149884833956}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1217149884833956}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500514 bytes
-~~ total memory freed........: 5500514 bytes
+~~ total memory allocated....: 5500538 bytes
+~~ total memory freed........: 5500538 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out
index 5ffe64ac4..cc06fc4df 100644
--- a/test/results/default/smtp-starttls.pcap.out
+++ b/test/results/default/smtp-starttls.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1388017124762850}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1388017124762850}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388017124762850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124762850,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124774018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124774018,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="}
@@ -12,7 +12,7 @@
 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124876575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":1653,"midstream":0,"thread_ts_usec":1388017124876575,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1524746968365832}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1524746968365832}
 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"}
@@ -25,7 +25,7 @@
 02535{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":69,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1524746968663137}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":69,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1524746968663137}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 69/69
 ~~ skipped flows.............: 0
@@ -34,8 +34,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5524508 bytes
-~~ total memory freed........: 5524508 bytes
+~~ total memory allocated....: 5524548 bytes
+~~ total memory freed........: 5524548 bytes
 ~~ total allocations/frees...: 85975/85975
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/smtp.pcap.out b/test/results/default/smtp.pcap.out
index 561ff0b51..1ba636fe0 100644
--- a/test/results/default/smtp.pcap.out
+++ b/test/results/default/smtp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":934028408568957}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":934028408568957}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":934028408568957,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408568957,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408569273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408569273,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"}
@@ -9,7 +9,7 @@
 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408647164,"flow_dst_last_pkt_time":934028408647434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":934028408647434,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil","smtp": {"user":"","password":"","auth_failed":0}}}
 02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408659170,"flow_dst_last_pkt_time":934028408659389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":576,"midstream":0,"thread_ts_usec":934028408659389,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":316,"avg":5827.3,"max":55118,"stddev":11962.2,"var":143094448.0,"ent":3.2,"data": [316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054]},"pktlen": {"min":46,"avg":73.6,"max":124,"stddev":15.2,"var":230.1,"ent":5.0,"data": [46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77]},"bins": {"c_to_s": [5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}}
 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":44,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408801393,"flow_dst_last_pkt_time":934028408801610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":16527,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":934028408801610,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":934028408801610}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":934028408801610}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 95/95
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502776 bytes
-~~ total memory freed........: 5502776 bytes
+~~ total memory allocated....: 5502800 bytes
+~~ total memory freed........: 5502800 bytes
 ~~ total allocations/frees...: 85956/85956
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 531 chars
diff --git a/test/results/default/smtps.pcapng.out b/test/results/default/smtps.pcapng.out
index e4f634216..c33a83ffe 100644
--- a/test/results/default/smtps.pcapng.out
+++ b/test/results/default/smtps.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938504972279}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938504972279}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938504972279,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938504972279,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938505205257,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"}
@@ -8,7 +8,7 @@
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1614938505439757,"pkt":"AAAAAAAAAAEA\/khbCABFAADb8dpAAC4Ggu8VQV+EPiskYwHRkzJiRoejdHJWrVAYAOXjtAAAMjIwLWdhdG9yNDIyMy5ob3N0Z2F0b3IuY29tIEVTTVRQIEV4aW0gNC45MyAjMiBGcmksIDA1IE1hciAyMDIxIDA0OjAxOjQ1IC0wNjAwDQoyMjAtV2UgZG8gbm90IGF1dGhvcml6ZSB0aGUgdXNlIG9mIHRoaXMgc3lzdGVtIHRvIHRyYW5zcG9ydCB1bnNvbGljaXRlZCwNCjIyMCBhbmQvb3IgYnVsayBlLW1haWwuDQo="}
 01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1614938505439757}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1614938505439757}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502193 bytes
-~~ total memory freed........: 5502193 bytes
+~~ total memory allocated....: 5502217 bytes
+~~ total memory freed........: 5502217 bytes
 ~~ total allocations/frees...: 85867/85867
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/snapchat.pcap.out b/test/results/default/snapchat.pcap.out
index 57058b485..fc4548c54 100644
--- a/test/results/default/snapchat.pcap.out
+++ b/test/results/default/snapchat.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431417993318652}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431417993318652}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993318652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431417993318652,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993319843,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"}
@@ -27,7 +27,7 @@
 01206{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417995589216,"flow_dst_last_pkt_time":1431417995588971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":238,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":375,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008853156,"flow_dst_last_pkt_time":1431418008802736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1069,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":1221,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008701836,"flow_dst_last_pkt_time":1431418008651172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1431418008853156}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1431418008853156}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 56/56
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5516273 bytes
-~~ total memory freed........: 5516273 bytes
+~~ total memory allocated....: 5516329 bytes
+~~ total memory freed........: 5516329 bytes
 ~~ total allocations/frees...: 85949/85949
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/snapchat_call.pcapng.out b/test/results/default/snapchat_call.pcapng.out
index 6e1671c9e..d0eb50272 100644
--- a/test/results/default/snapchat_call.pcapng.out
+++ b/test/results/default/snapchat_call.pcapng.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595865799020160}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595865799020160}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799020160,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q046"}}}
@@ -10,7 +10,7 @@
 01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {"quic_version":"Q046"}}}
 02337{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865802042641,"flow_dst_last_pkt_time":1595865802853531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3902,"flow_dst_tot_l4_payload_len":5824,"midstream":0,"thread_ts_usec":1595865802853531,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":221156.5,"max":1447282,"stddev":397282.2,"var":157833134080.0,"ent":3.2,"data": [16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800]},"pktlen": {"min":48,"avg":331.9,"max":1378,"stddev":468.5,"var":219532.9,"ent":3.9,"data": [1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72]},"bins": {"c_to_s": [4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1],"entropies": [2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865807298358,"flow_dst_last_pkt_time":1595865807311868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4245,"flow_dst_tot_l4_payload_len":6427,"midstream":0,"thread_ts_usec":1595865807311868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1595865807311868}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1595865807311868}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499423 bytes
-~~ total memory freed........: 5499423 bytes
+~~ total memory allocated....: 5499447 bytes
+~~ total memory freed........: 5499447 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 2362 chars
-~~ json message avg len.......: 1468 chars
+~~ json message avg len.......: 1467 chars
diff --git a/test/results/default/snapchat_call_v1.pcapng.out b/test/results/default/snapchat_call_v1.pcapng.out
index 12cdb510f..301577ea3 100644
--- a/test/results/default/snapchat_call_v1.pcapng.out
+++ b/test/results/default/snapchat_call_v1.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642584090467068}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642584090467068}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090467068,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GNAAEARienAqAypIvbnjLmgAbsEuOe0xgAAAAEIhBCu4jQ62egAAESetqOQdYkJpUmUbLd7dCny\/mAX1uVpyJthsRXpRU8VWePV6W9beCrSrw4bfN95OOqcQUuDSKA2fVL0D5kDJ\/asNmiUDm2dTxwoLy5LKegbuvpOEgXdXJGz6Gk+MnVuMvTucZRlP+kU8Z0hZYkJrEueNZLXvMiZw+w\/3JMAscB+SXgxqObQ7yqheFwPcswCbW4HViy9+ZaTJc+BYhkJ055qYehc\/zFI0KCoMBJhsKt2St7\/X\/sFqgI4XAc07X8JocrJhc\/vYXREaOwS1grTxRlgBfafpoYoos9uZIUmAfZUhVF+lLWk3CqNkdJgUXPdulhipVVYaytwLHOIKcNR+3k5D+\/5ip9PadVan\/IjuHWRUPMyGV6b3kpvu4ZcMqB6rJq4vpE73h2pGF0y4EfGtr2FNVuu\/KuZJ3dp3JvEjR\/jeOHRA42IPdKCIbXpvaPGXS28mVqFTiEIIj88lm4BOyrmXPIPMtTECpPWXYf1XbpuuCUtRrtjD6xtUwvOdF9\/49wZuztXpaWoqNcQwFnDBkZcK4JaXOC2goCGnfAWoYp5AJBHldfKbfHbk4OnTcNEk1Fc\/jmV0Dwf0S3IJ8\/MjTctjPx\/KD5qo0FuvyoLHkOQ909\/s0dlEKb3vF9qIuNXDktsuA8b\/CMA\/PICfvKu+us2XV4zg9UBqIz\/wYrRHey95hrlR2Gz9syR8cUSxAjGBEfwfSBTo+DQ4ZP4AipF\/o\/3HAEIDbIYHCtLdSkqDEGjYxeZ2YRMTfV9dex7lm1iCVcGCqNklEhG2Mmj0J3t83ZH4j+nee6OiFL89sraDjJa3wwZ8+3ZqrljAmdHSfpk4LOQDpcbbltBW5wDrl76HafLd6injkxl9HTuPqNi4WWIeQ02C4UykD3hQffn63eGYR\/x9OLvJ+YUn8A32KaYS9sQwjTZBg0J9pe+BK1hOaXgA2xiCU1YHz8WM5n0aNeT9iBNNuHuzHlzpHLfqgYDp9JcuPKHRPRujBhigh48qLYtBSwjrSf2d0jQlkgTDYM\/o8BMBgAnLPxb3W0\/3RRiGRSDSgbzQdMEpQxmRiPSdiwP+EH8+IyeRPWFFfm4uiJoQUwnY5uFAZvnFcuw+f1iwJTbp3HCxFFmpBTc\/xIvkWFx3AeN63YiZu66yn2nCpER2XafvDOLi1ZIBu6TajSC28+WMrnkUqKFx1b3gCNvogeYcsVVy7HrZv3I4oy46NRbHrQPi\/GptSdY\/S22zjlh4dpGHbjNttrFqXg645yNyJLRKndem5QJ1LpM4OCevsgIJIjTdrinLDDbDze8ywEiM5GtX3Hhdo6Ac0xvMkmw9sPMaE3r1UeGIp5+NEQ0sWutpw9ro\/rlPmKqQLBnXWwkeDL1D1SG9R39++9bQ\/PgYXx5eDDg3XSqp1bmEfBjCvyTuN97k\/U7r2ALo84ZR2EmlZemvZ3C+jFclmBJEJgBqLhouZp5kCgMVAEd5F5py9kLD1XMjkSEOrXxTq8EZ17YEC3TbzqAvAERJ52Q\/z+r7cjUfqDXPbUa8sDfuVcAF5mcmS7HgRUgcPp\/HmAfl74+cll\/xMfoNZDYD1gRHGC8lt7l"}
 01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
@@ -10,7 +10,7 @@
 01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":477,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1642584099996389}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":477,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1642584099996389}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 477/477
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5521834 bytes
-~~ total memory freed........: 5521834 bytes
+~~ total memory allocated....: 5521858 bytes
+~~ total memory freed........: 5521858 bytes
 ~~ total allocations/frees...: 86358/86358
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 580 chars
+~~ json message min len.......: 578 chars
 ~~ json message max len.......: 2225 chars
-~~ json message avg len.......: 1397 chars
+~~ json message avg len.......: 1396 chars
diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out
index c0263ab6b..ca8026b2b 100644
--- a/test/results/default/snmp.pcap.out
+++ b/test/results/default/snmp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597326815572660}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597326815572660}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326815572660,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM75AAEARRUaw0zwrYQBzo6gHAKEAM+IpMCkCAQAEBnB1YmxpY6EcAgRLeBpuAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="}
 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":0,"primitive":1,"error_status":0}}}
@@ -47,7 +47,7 @@
 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1597327640387630}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1597327640387630}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597327640387630,"pkt":"AAAA82AcAAwpEAFdCABFAABcnENAAEAR56EjX57ZHk\/WJOwYAKEASB50MD4CAQMwEQIEPsyxCwIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBGdAU6sCAQACAQAwAA=="}
 00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}}
@@ -84,7 +84,7 @@
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1597327805759196,"flow_dst_last_pkt_time":1597327805757822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1597327805759196,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmVJAAEAR61aDszGl\/p4BqYyCAKEAkKIiMIGFAgEDMBECBEyy1iMCAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgoEClNIQTFBRVMxMjgEDFMbh\/Dk3SvVz95WoQQIgB4HBiglqmMEMJE113Q0NWMVB7TdQewvRiEzAB5zFAsRqz8So0sJQUsIHeUhtQOMlyZFVbEp0CGVvA=="}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1597328385284231}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1597328385284231}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1597328385284231,"pkt":"AAwpOSzhAAAASwKNCABFAADJAAAAAP8RVsFchw\/wiTFuutQuAKIAtdeqMIGqAgEBBAhwdWJsaWMyY6eBmgIBFwIBAAIBADCBjjAPBggrBgECAQEDAEMDAz\/FMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFAzAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="}
 00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":7,"error_status":0}}}
@@ -115,7 +115,7 @@
 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1597328765050571,"flow_dst_last_pkt_time":1597328757701238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1597328765050571,"pkt":"AAwpbM85AAAAgfGMCABFAAD4AAkAAP8R+958NcSwZ\/gWL9QuAKIA5B3\/MIHZAgEDMA0CASkCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJyQQMTk9BVVRITk9QUklWBAAEADCBmQQMgAAACQMAqrvMAAEABACngYYCATACAQACAQAwezAPBggrBgECAQEDAEMDA9QeMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFBDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwEgYMKwYBBAEJAgIBARQCBAJ1cA=="}
 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1643702947966305}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1643702947966305}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"}
 01091{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}}
@@ -136,7 +136,7 @@
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"}
 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":72,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":7,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":139,"global_ts_usec":1643703001963541}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":72,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":7,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":139,"global_ts_usec":1643703001963541}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 72/72
 ~~ skipped flows.............: 0
@@ -145,8 +145,8 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5534784 bytes
-~~ total memory freed........: 5534784 bytes
+~~ total memory allocated....: 5535064 bytes
+~~ total memory freed........: 5535064 bytes
 ~~ total allocations/frees...: 86108/86108
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 555 chars
diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out
index b542c0a81..243e82164 100644
--- a/test/results/default/soap.pcap.out
+++ b/test/results/default/soap.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"}
@@ -9,7 +9,7 @@
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"}
 01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="}
 02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="}
@@ -21,7 +21,7 @@
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -30,8 +30,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507135 bytes
-~~ total memory freed........: 5507135 bytes
+~~ total memory allocated....: 5507191 bytes
+~~ total memory freed........: 5507191 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 539 chars
diff --git a/test/results/default/socks.pcap.out b/test/results/default/socks.pcap.out
index 48b2ad503..af0a213f7 100644
--- a/test/results/default/socks.pcap.out
+++ b/test/results/default/socks.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1385474294492448}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1385474294492448}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1385474294492448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294492448,"pkt":"AABeAAEBAAtFtxbACABFAAAwisFAAH4GgV8KAAABCgAAAgZlU+Uyuw5yAAAAAHACQAC3ZAAAAgQFUAEBBAI="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294649364,"pkt":"AAtFtxbAACaI3xfHCABFAAAwbUxAAGcGtdQKAAACCgAAAVPlBmV6GpzgMrsOc3ASIADAvAAAAgQE7AEBBAI="}
@@ -7,7 +7,7 @@
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1385474294849170,"pkt":"AABeAAEBAAtFtxbACABFAAAritBAAH4GgVUKAAABCgAAAgZlU+Uyuw5zehqc4VAYROjCxAAABQEAAAAA"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1385474295006242,"pkt":"AAtFtxbAACaI3xfHCABFAAAqbU9AAGcGtdcKAAACCgAAAVPlBmV6GpzhMrsOdlAY\/\/AHuwAABQAAAAAA"}
 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1385474295006242,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1386004309468752}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1386004309468752}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="}
@@ -33,7 +33,7 @@
 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309478765,"flow_dst_last_pkt_time":1386004309478749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1386004317989330}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1386004317989330}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
 ~~ skipped flows.............: 0
@@ -42,8 +42,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514421 bytes
-~~ total memory freed........: 5514421 bytes
+~~ total memory allocated....: 5514493 bytes
+~~ total memory freed........: 5514493 bytes
 ~~ total allocations/frees...: 85957/85957
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/softether.pcap.out b/test/results/default/softether.pcap.out
index 04afc4929..d43609e63 100644
--- a/test/results/default/softether.pcap.out
+++ b/test/results/default/softether.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642694863816000}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642694863816000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642694863816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1642694863816000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdZ4ZAAD8RiC7AqAJkgp4Gcci1E4wACUw2QQ=="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694864079000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642694864079000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4FVwAAG8R6j2CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="}
@@ -11,7 +11,7 @@
 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694925531000,"flow_dst_last_pkt_time":1642694925794000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":412,"midstream":0,"thread_ts_usec":1642694925794000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694971183000,"flow_dst_last_pkt_time":1642694971445000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1642694971445000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642695022957000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1642993710968000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1642993710968000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993710968000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993710968000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GPRAAD8GkfDAqAJkgp5LLZKAAFAJq5FAAAAAAKAC+vCRBgAAAgQFtAQCCApgbIO7AAAAAAEDAwY="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993711225000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8XxtAAHAGGsmCnkstwKgCZABQkoDyj0KZCauRQaASIAAzDwAAAgQFrAEDAwgEAggKBdAXMmBsg7s="}
@@ -19,7 +19,7 @@
 02034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1642993711226000,"pkt":"eJS0JASgYDjgxTWgCABFAASMGPZAAD8GjZ7AqAJkgp5LLZKAAFAJq5FB8o9CmoAYA+yVVgAAAQEICmBshL4F0BcyUE9TVCAvZGRucy9kZG5zLmFzcHg\/dj05MjkxMjU3Njg0ODI1Mzg5MDMwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IGphDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDcyNA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHgwLngwLmRldi5vcGVuLnNlcnZlcnMuZGRucy5zb2Z0ZXRoZXItbmV0d29yay5uZXQNCktlZXAtQWxpdmU6IHRpbWVvdXQ9MTU7IG1heD0xOQ0KUHJhZ21hOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4zOyBXT1c2NDsgcnY6MjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8yOS4wDQoNClBBQ0swMDAwMDAwNjY4QUFBQUR3QUFBQVppZFdsc1pBQUFBQUFBQUFBQkFBQWx5Z0FBQUFsa1pHNXpYMjl6Y3dBQUFBQUFBQUFCQUFBQUFRQUFBQlprWkc1elgzQnliM1J2WTI5c1gzWmxjbk5wYjI0QUFBQUFBQUFBQVFBQUFBRUFBQUFKYVhOZk5qUmlhWFFBQUFBQUFBQUFBUUFBQUFBQUFBQU1hWE5mY0dGamEyVjBhWGdBQUFBQUFBQUFBUUFBQUFBQUFBQU5hWE5mYzI5bWRHVjBhR1Z5QUFBQUFBQUFBQUVBQUFBQkFBQUFCR3RsZVFBQUFBSUFBQUFCQUFBQUtEUTFRemcwUlRjelJqTTVNMEl3TVVZeFFVSTROamc1UVVWQ1F6YzRRa1ZHTmpoRE1EWTRNRGtBQUFBUGJHRnpkR1Z5Y205eVgybHdkalFBQUFBQUFBQUFBUUFBQUFBQUFBQVBiR0Z6ZEdWeWNtOXlYMmx3ZGpZQUFBQUFBQUFBQVFBQUFBRUFBQUFNYldGamFHbHVaVjlyWlhrQUFBQUNBQUFBQVFBQUFDaENOVUZDUWpjMk1qazRNalZET0RJMU5UY3pOakZHTUVVM01UUTFRamcwTlVWQ1FqWTJOVVUwQUFBQURXMWhZMmhwYm1WZmJtRnRaUUFBQUFJQUFBQUJBQUFBQTNad2JnQUFBQWR2YzJsdVptOEFBQUFBQUFBQUFRQUFEQndBQUFBTWNISnZaSFZqZEY5emRISUFBQUFDQUFBQUFRQUFBQTFUYjJaMFJYUm9aWElnVDFOVEFBQUFDblZ6WlY5aGVuVnlaUUFBQUFBQUFBQUJBQUFBQUFBQUFBbG1kVzVqZEdsdmJnQUFBQUlBQUFBQkFBQUFDSEpsWjJsemRHVnlIQVNIMDAwMDAwMDAyOFpLVk82OGhlWUNPS2tuTSljaFlzVGxsa0daNCg="}
 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Softether","proto_id":"7.290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","http": {"url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 8.1"}}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1646316453326000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1646316453326000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646316453326000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1646316453326000,"pkt":"eJS0JASgYDjgxTWgCABFAAAd9VFAAD8R+mLAqAJkgp4Gcci1E4wACUw2QQ=="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453591000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1646316453591000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4EGoAAG4R8C+CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="}
@@ -32,7 +32,7 @@
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316555615000,"flow_dst_last_pkt_time":1646316555881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1646316555881000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316604619000,"flow_dst_last_pkt_time":1646316581404000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1646316604619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.132.133","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}}
 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316608076000,"flow_dst_last_pkt_time":1646316604885000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1646316608076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1656980485529000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1656980485529000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1656980486196000,"pkt":"eJS0JASgYDjgxTWgCABFAAB\/butAAD8RgG\/AqAJkgp4Gaci1E4wAa0yQAAAAAwAAAAdvcGNvZGUAAAACAAAAAQAAAAlnZXRfdG9rZW4AAAAIdHJhbl9pZAAAAAQAAAABVcoU5Uu9F3oAAAAWbmF0X3RyYXZlcnNhbF92ZXJzaW9uAAAAAAAAAAEAAAAB"}
 01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"","client_port":"","hostname":"","fqdn":""}}}
@@ -47,13 +47,13 @@
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980539784000,"flow_dst_last_pkt_time":1656980540028000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":986,"midstream":0,"thread_ts_usec":1656980540028000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980590502000,"flow_dst_last_pkt_time":1656980590747000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1657218777631000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1657218777631000}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218777631000,"flow_dst_last_pkt_time":1657218777876000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":1067,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218830229000,"flow_dst_last_pkt_time":1657218830474000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1657218830474000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218883169000,"flow_dst_last_pkt_time":1657218883415000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1527,"flow_dst_tot_l4_payload_len":1501,"midstream":0,"thread_ts_usec":1657218883415000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218934824000,"flow_dst_last_pkt_time":1657218910555000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1529,"flow_dst_tot_l4_payload_len":1528,"midstream":0,"thread_ts_usec":1657218934824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1657249529677000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1657249529677000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657249529677000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657249529677000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdcmhAAD8RfU3AqAJkgp4GcMi1E4wACUw1QQ=="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529923000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1657249529923000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2VBgAAHMRp4SCngZwwKgCZBOMyLUAIuZdSVA9Mi4yMDcuNjAuMTYzLFBPUlQ9NTEzODE="}
@@ -65,12 +65,12 @@
 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249582560000,"flow_dst_last_pkt_time":1657249582732000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1657249582732000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249631671000,"flow_dst_last_pkt_time":1657249631942000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1657249631942000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249681609000,"flow_dst_last_pkt_time":1657249681857000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1657249681857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":1657366460559000}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":1657366460559000}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366460559000,"flow_dst_last_pkt_time":1657366460805000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1657366460805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366513451000,"flow_dst_last_pkt_time":1657366513703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":584,"midstream":0,"thread_ts_usec":1657366513703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366565530000,"flow_dst_last_pkt_time":1657366565776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1657366565776000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366617375000,"flow_dst_last_pkt_time":1657366591817000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1657366617375000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1657762868392000}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1657762868392000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657762868392000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657762868392000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdnKhAAD8RUwzAqAJkgp4Gcci1E4wACUw2QQ=="}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1657762868649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4BUMAAHMR9laCngZxwKgCZBOMyLUAJKUsSVA9OTAuMTg2LjE2MC4yMDcsUE9SVD01MTM4MQ=="}
@@ -83,28 +83,28 @@
 01058{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762958721000,"flow_dst_last_pkt_time":1657762948678000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657762958721000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.160.207","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}}
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762973579000,"flow_dst_last_pkt_time":1657762973832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1657762973832000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657763027181000,"flow_dst_last_pkt_time":1657763001647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1657763027181000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1657906301393000}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1657906301393000}
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906301393000,"flow_dst_last_pkt_time":1657906301648000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":488,"flow_dst_tot_l4_payload_len":524,"midstream":0,"thread_ts_usec":1657906301648000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906353365000,"flow_dst_last_pkt_time":1657906353619000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":970,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1657906353619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906405961000,"flow_dst_last_pkt_time":1657906406215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1657906406215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906456047000,"flow_dst_last_pkt_time":1657906431208000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1657906456047000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657907318692000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657907318692000}
 02282{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":257000,"avg":9319382016.0,"max":143300001000,"stddev":0.0,"var":0.0,"ent":1.1,"data": [257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000]},"pktlen": {"min":29,"avg":90.3,"max":508,"stddev":132.5,"var":17556.2,"ent":4.1,"data": [29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1],"entropies": [4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907371998000,"flow_dst_last_pkt_time":1657907372252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_usec":1657907372252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":19,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907422129000,"flow_dst_last_pkt_time":1657907422383000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":1132,"midstream":0,"thread_ts_usec":1657907422383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907472044000,"flow_dst_last_pkt_time":1657907465166000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1461,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1657907472044000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":97,"global_ts_usec":1657959489569000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":97,"global_ts_usec":1657959489569000}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":22,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959489569000,"flow_dst_last_pkt_time":1657959489824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1462,"flow_dst_tot_l4_payload_len":1516,"midstream":0,"thread_ts_usec":1657959489824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959673241000,"flow_dst_last_pkt_time":1657959673495000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1463,"flow_dst_tot_l4_payload_len":1544,"midstream":0,"thread_ts_usec":1657959673495000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":25,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959725835000,"flow_dst_last_pkt_time":1657959726090000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":1600,"midstream":0,"thread_ts_usec":1657959726090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959784163000,"flow_dst_last_pkt_time":1657959784418000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1947,"flow_dst_tot_l4_payload_len":1984,"midstream":0,"thread_ts_usec":1657959784418000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1657979228094000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1657979228094000}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":30,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979228094000,"flow_dst_last_pkt_time":1657979228348000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1950,"flow_dst_tot_l4_payload_len":2040,"midstream":0,"thread_ts_usec":1657979228348000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":33,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979280591000,"flow_dst_last_pkt_time":1657979280846000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2051,"flow_dst_tot_l4_payload_len":2377,"midstream":0,"thread_ts_usec":1657979280846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979331035000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979331290000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979356494000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2534,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979356494000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":177,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1657979356494000}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":177,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1657979356494000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 177/177
 ~~ skipped flows.............: 0
@@ -113,8 +113,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514214 bytes
-~~ total memory freed........: 5514214 bytes
+~~ total memory allocated....: 5514318 bytes
+~~ total memory freed........: 5514318 bytes
 ~~ total allocations/frees...: 86098/86098
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 517 chars
diff --git a/test/results/default/someip-tp.pcap.out b/test/results/default/someip-tp.pcap.out
index d77016b0d..96744ecb4 100644
--- a/test/results/default/someip-tp.pcap.out
+++ b/test/results/default/someip-tp.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1433332443506391}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1433332443506391}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443506391,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUcAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAAAEAADAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpams="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -8,7 +8,7 @@
 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1433332443538482,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443538482,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUoAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAEFFMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5urs="}
 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1433332443551109,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443551109,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUsAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAFcG8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKis="}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443605150,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1176,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443605150,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1433332443605150}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1433332443605150}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9/9
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498234 bytes
-~~ total memory freed........: 5498234 bytes
+~~ total memory allocated....: 5498258 bytes
+~~ total memory freed........: 5498258 bytes
 ~~ total allocations/frees...: 85869/85869
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2436 chars
-~~ json message avg len.......: 1499 chars
+~~ json message avg len.......: 1498 chars
diff --git a/test/results/default/someip-udp-method-call.pcapng.out b/test/results/default/someip-udp-method-call.pcapng.out
index eee7a8a8a..ec9a7e5a1 100644
--- a/test/results/default/someip-udp-method-call.pcapng.out
+++ b/test/results/default/someip-udp-method-call.pcapng.out
@@ -1,5 +1,5 @@
-00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502789275686772}
+00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502789275686772}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00969{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_usec":1502789275686772,"pkt":"AQBeAAABdAAAAAC5CABFAAFkAHhAAAER12bAqAAB4AAAAcAmwCYBULPJ\/\/+BAAAAAUAAAAfdAQECAMAAAAAAAADAAQAAIBI0APwBAAADAAAAAAECABAAAAABAQAAAwAAAAIBAwAQAAAAAQEAAAMAAAAAAQQAIAAAAAEBAAADAAAAAAEGABAAAAABAQAAAwAAAAEBAQAQAAAAAQEAAAMAAAAAAQAAIAAAAAEBAAADAAAAAAEBABAAAAABAgAAAwAAAAABAQAQAAAAAQEAAAMAAAAAAQEAEAAAAAEBAAADAAAAAAEHABAAAAABAQAAAwAAAAEBCAAQAAAAAQEAAAMAAAAAAAAAbAAJBADAqAABAAbAMQAJBADAqAABABHAMQAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABABHAPwAJBADAqAABABHAPwAJBADAqAABAAbAPwAJBADAqAABABHAPw=="}
 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -9,7 +9,7 @@
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1502789275713141,"pkt":"gAAAAAB1dAAAAAC5CABFAAA1do9AAAERgVrAqAABwKgAfcAxwCcAIWfYEjQACAAAABEAAAABAQGAAAAAAAWrq6urqw=="}
 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1502789275711113,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1502789275713141}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1502789275713141}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3/3
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500204 bytes
-~~ total memory freed........: 5500204 bytes
+~~ total memory allocated....: 5500244 bytes
+~~ total memory freed........: 5500244 bytes
 ~~ total allocations/frees...: 85873/85873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 565 chars
diff --git a/test/results/default/someip_sd_sample.pcap.out b/test/results/default/someip_sd_sample.pcap.out
index 9fb218838..2240231ff 100644
--- a/test/results/default/someip_sd_sample.pcap.out
+++ b/test/results/default/someip_sd_sample.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559741544964106}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559741544964106}
 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741544964106,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106}
 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDieP\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"}
 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065160,"packet_id":2,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160}
@@ -12,7 +12,7 @@
 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdP\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"}
 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865698,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698}
 00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJv\/\/gQAAAAAkAAAAAwEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1559741545865698}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1559741545865698}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/0
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5495801 bytes
-~~ total memory freed........: 5495801 bytes
+~~ total memory allocated....: 5495809 bytes
+~~ total memory freed........: 5495809 bytes
 ~~ total allocations/frees...: 85849/85849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 318 chars
-~~ json message max len.......: 644 chars
-~~ json message avg len.......: 479 chars
+~~ json message max len.......: 642 chars
+~~ json message avg len.......: 478 chars
diff --git a/test/results/default/source_engine.pcap.out b/test/results/default/source_engine.pcap.out
index 0302e70ec..fa199b350 100644
--- a/test/results/default/source_engine.pcap.out
+++ b/test/results/default/source_engine.pcap.out
@@ -1,24 +1,24 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268032673008}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268032673008}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268032673008,"pkt":"suZ52dfuXu41QY3PCABFAAA1wr0AACoRioXezJ9Xzn3201BzaYcAIUOC\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1680268854178455}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1680268854178455}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268854178455,"pkt":"lt5b\/81mXu41QY3PCABFAAA1amMAACcRFySuhp5Tzn322bloaYcAIQvR\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1680269897199187}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1680269897199187}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680269897199187,"pkt":"umfZn5dXAQBeQY3PCABFAAA12CcAACoRS8rtdbn3zn3226EjaYcAIcmA\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1680270565741530}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1680270565741530}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680270565741530,"pkt":"suZ52dfuXu41QY3PCABFAAA1dSgAACkRrWj8u60azn3206SraYcAIcOX\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1680271779776446}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1680271779776446}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680271779776446,"pkt":"tus5LcPaXu41QY3PCABFCAA1hEMAACQR7tunpraYzn321NBJaYcAIeOP\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -37,7 +37,7 @@
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271905048618,"flow_src_last_pkt_time":1680271905048618,"flow_dst_last_pkt_time":1680271905048618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.217","src_port":52464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271990901001,"flow_src_last_pkt_time":1680271990901001,"flow_dst_last_pkt_time":1680271990901001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.213","src_port":64888,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1680272423587299}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1680272423587299}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680272423587299,"pkt":"0i7fu7XLAQBeQY3PCABFAAA1GmkAACsRKNLtdZmyzn3212BHaYcAISqm\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -53,7 +53,7 @@
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272493156815,"flow_src_last_pkt_time":1680272493156815,"flow_dst_last_pkt_time":1680272493156815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"252.141.177.26","dst_ip":"206.125.246.216","src_port":21572,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1680275154446193}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1680275154446193}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275154446193,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YXkAAC4RB\/+Ml9FUzn321iCPaYcAIZOb\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -62,7 +62,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275513818590,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YOgAACoR6hHFcrr3zn321qDqaYcAIfDB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275513818590,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.214","src_port":41194,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1680276988600126}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1680276988600126}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680276988600126,"pkt":"suZ52dfuXu41QY3PCABFAAA1JwIAACkREMnenrXyzn323uN7aYcAIZoB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -71,18 +71,18 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680277233172685,"pkt":"umfZn5dXAQBeQY3PCABFAAA12s0AACoRaZXti5lwzn322w6KaYcAIXyL\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1680278871503388}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1680278871503388}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680278871503388,"pkt":"8i53bZ3HXu41QY3PCABFAAA1stIAACkR6Gh2lbqTzn321lMlaYcAIY3I\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1680279669681327}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1680279669681327}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680279669681327,"pkt":"suZ52dfuXu41QY3PCABFAAA11kkAACkRaEuXtvYRzn323UXiaYcAIT5l\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="}
 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1680279669681327}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1680279669681327}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -91,8 +91,8 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5533218 bytes
-~~ total memory freed........: 5533218 bytes
+~~ total memory allocated....: 5533498 bytes
+~~ total memory freed........: 5533498 bytes
 ~~ total allocations/frees...: 86053/86053
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 559 chars
diff --git a/test/results/default/spotify_tcp.pcap.out b/test/results/default/spotify_tcp.pcap.out
index 9923d49e7..6e1217221 100644
--- a/test/results/default/spotify_tcp.pcap.out
+++ b/test/results/default/spotify_tcp.pcap.out
@@ -1,4 +1,4 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":53789009,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53789009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53789009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":53789009,"pkt":"UlQAEjUCCAAns+YuCABFAAA8YO9AAEAGtrcKAAIPI77zSL30D+Yfkn2LAAAAAKAC+vBeZAAAAgQFtAQCCAqdUcNLAAAAAAEDAwc="}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":53789009,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":53811806,"pkt":"CAAns+YuUlQAEjUCCABFAAAsAhEAAEAGVaYjvvNICgACDw\/mvfQANrABH5J9jGAS\/\/9Z0AAAAgQFtA=="}
@@ -7,7 +7,7 @@
 00892{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":53789009,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53811806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":53812035,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":53812035,"flow_dst_last_pkt_time":53812035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":53812035,"pkt":"CAAns+YuUlQAEjUCCABFAAAoAhIAAEAGVakjvvNICgACDw\/mvfQANrACH5J+1VAQ\/\/9wRAAA"}
 00938{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":53789009,"flow_src_last_pkt_time":53908975,"flow_dst_last_pkt_time":53980552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":463,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":2002,"midstream":0,"thread_ts_usec":53980552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"35.190.243.72","src_port":48628,"dst_port":4070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":53980552}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/spotify_tcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":53980552}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -16,8 +16,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500311 bytes
-~~ total memory freed........: 5500311 bytes
+~~ total memory allocated....: 5500335 bytes
+~~ total memory freed........: 5500335 bytes
 ~~ total allocations/frees...: 85871/85871
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 512 chars
diff --git a/test/results/default/sql_injection.pcap.out b/test/results/default/sql_injection.pcap.out
index fa9913f75..61809fac8 100644
--- a/test/results/default/sql_injection.pcap.out
+++ b/test/results/default/sql_injection.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243907401514}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243907401514}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_usec":1655243907401514,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="}
 01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107","http": {"url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36","detected_os":"Linux x86_64"}}}
@@ -8,7 +8,7 @@
 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655243907402945,"pkt":"4CvpcxhCFE+Kc3lPCABFAAFLVvxAAEAGWojAqANrwKgDbQBQ0RjXiyznbYGbA4AYAfhCywAAAQEICrO7eEeQTftS8nesfXSXKCDm16lh4L3R\/3eEe5NHG9q5YFT5OLsvveilNqwc26R5XzBmjTFWaW34feZsgc6YkLiDl7Vs5LhjA8TdGSy3hF1UUEMDSwkaJeLd+8vJHFDHlsmmShu3tld43vlGLOrFc8i2VLCYAeRLnKCNMqZ1A\/3nD6TUjuG2nJ62UVLP9qCsrYRWwVTwKWRNwSaQsiJWJjZDuhQSEZghWpS8aq0J867UoXP7aGx5AHHNce7U0K6w3lYodaNh2i4UXFtfKnrIH885NP3terkEoVtneMAtJnVtem8wmTzl1Stbx2ofmfYx1+p39ZyEAjaGPZUZCw4OCadoeFnu3npZ9iVdjSJiK6D9lcA97ZP\/AQkVDNI+EAAA"}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655243907406272,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0BM1AAEAGrc7AqANtwKgDa9EYAFBtgZsD14st\/oAQAelVLQAAAQEICpBN+7Wzu3hH"}
 01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":1727,"midstream":1,"thread_ts_usec":1655243907406272,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655243907406272}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655243907406272}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498604 bytes
-~~ total memory freed........: 5498604 bytes
+~~ total memory allocated....: 5498628 bytes
+~~ total memory freed........: 5498628 bytes
 ~~ total allocations/frees...: 85873/85873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/srvloc-v1.pcapng.out b/test/results/default/srvloc-v1.pcapng.out
index 297537dd2..c346b20b6 100644
--- a/test/results/default/srvloc-v1.pcapng.out
+++ b/test/results/default/srvloc-v1.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1610477174501058}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1610477174501058}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_usec":1610477174501058,"pkt":"AAAAAAAAAAYApNApCABFAAGG4R4AAD8RhM0X3HSvwKjHRwGr4bYBclCtAQcBagAAZW4AAx15AAABWih4LWhwLXZlcj0wMSkoeC1ocC1wcm9kX2lkPVN0ZWxsYTROV18wMSkoeC1ocC1tYWM9M0M1MjgyMjZGRDI4KSh4LWhwLWd1aWQ9M0M1MjgyMjZGRDI4KSh4LWhwLW51bV9wb3J0PTAxKSh4LWhwLWlwPTE5Mi4xNjguMTAwLjAyOSkoeC1ocC1obj1ERVYyNkZEMjgpKHgtaHAtcDE9TUZHOkhld2xldHQtUGFja2FyZDtNREw6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7Q01EOkFDTCxDTUQsWkpTLFVSRixQQ0xtLFBKTDtDTFM6UFJJTlRFUjtERVM6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7RldWRVI6MjAxNjA5MjY7TEVETURJUzpVU0IjZmYjMDQjMDE7Q0lEOkhQTEpQQ0xNU1YxOyk="}
 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -8,7 +8,7 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1610477179484120}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1610477179484120}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500203 bytes
-~~ total memory freed........: 5500203 bytes
+~~ total memory allocated....: 5500243 bytes
+~~ total memory freed........: 5500243 bytes
 ~~ total allocations/frees...: 85873/85873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 1003 chars
-~~ json message avg len.......: 787 chars
+~~ json message avg len.......: 786 chars
diff --git a/test/results/default/srvloc.pcap.out b/test/results/default/srvloc.pcap.out
index 5801dac08..afc173bab 100644
--- a/test/results/default/srvloc.pcap.out
+++ b/test/results/default/srvloc.pcap.out
@@ -1,9 +1,9 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685617825174445}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685617825174445}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685617825174445,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbbAlKGXEVW80Oc9yAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685630200886590}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685630200886590}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685630200886590,"pkt":"3jHC4dyOPJTVQTiBCABFCABL5ywAACQR3TcbhqncWo0lOLBrAasAN20TAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -12,7 +12,7 @@
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1685630282860970,"pkt":"xmjqc4OdPJTVQTiBCABFCACH1DEAAOsRrCYsY3GWunDKNZ6vAasAcwAAAgIAAGtAAAAAAIgRAAJlbgAAAAMAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAAAEREAGHNjaGVtZTovL2RvbWFpbi50bGQvcGF0aAAAEREAD3NscDovL2hvc3QvcGF0aAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630282860970,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"186.112.202.53","src_port":40623,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1685630932313616}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1685630932313616}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":1685630932313616,"pkt":"bs1PogZtPJTVQTiBCABFCACL1DEAAOsRrCEsY3GWWpG0OoeJAasAdwAAAgIAAG9AAAAAAIgRAAJlbgAAAAIAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAIAAAANAAAAAAADQUFBAAAAEQAAAAAAB0JCQkJCQkIAIiIAE3NscDovL3Rlc3Qub3JnL3Rlc3QA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -22,13 +22,13 @@
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685631007788963,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpSXQZLGIWo0lOIHeAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1685632512691057}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1685632512691057}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685632512691057,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80OYLmAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1685634172336790}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1685634172336790}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685634172336790,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpS0tfJOcpXLKPcXnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -42,22 +42,22 @@
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":41268,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1685636053299196}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1685636053299196}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685636053299196,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTctfJOcSm\/LN981AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1685637797751103}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1685637797751103}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685637797751103,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMi4tKjwpZBUPpStAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1685638455443887}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1685638455443887}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685638455443887,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTXsg6KdRW27NpdkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1685644247091385}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1685644247091385}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644247091385,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OZvkAasAJU6QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -70,13 +70,13 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644782769825,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNZLgAasAJVeXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1685646379667471}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1685646379667471}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685646379667471,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbNVGHGX8WpOrM9GTAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1685647342398373}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1685647342398373}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647342398373,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN5gBAasAJVJ4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -85,7 +85,7 @@
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647407833070,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMoKtAasAJWfNAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647407833070,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":33453,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1685647960810732}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1685647960810732}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647960810732,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOO4jAasAJfxRAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -95,13 +95,13 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648124700322,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM6ErAasAJUlQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1685648698148233}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1685648698148233}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648698148233,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbM4+5gT4pZBUPtrHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1685650322996075}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1685650322996075}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650322996075,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPc4FAasAJRxqAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -114,18 +114,18 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650669220572,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPqhCAasAJUIuAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1685650926504967}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1685650926504967}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650926504967,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRbJPG5eBuWpG0OtxLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":123,"global_ts_usec":1685653377845672}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":123,"global_ts_usec":1685653377845672}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685653377845672,"pkt":"AAwp30Y4PJTVQTiBCABFAABSlBMAAG4Rf4VDnxCWpZBUPmnXAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_usec":1685656813046229}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_usec":1685656813046229}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685656813046229,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWnZ2bonunDKNc23AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -134,7 +134,7 @@
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685657160451708,"pkt":"bpHurUgdPJTVQTiBCABFCABLsZ4AACIRGQ0j\/EVxRW27NmYwAasAN7uVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685657160451708,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":26160,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1685719505759316}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1685719505759316}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719505759316,"pkt":"3jHC4dyOPJTVQTiBCABFAABL9UAAACcR3eciZn14Wo0lOLGBAasAN325AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -143,12 +143,12 @@
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719700086818,"pkt":"AAwp30Y4PJTVQTiBCABFCABLINwAACQRo44bhqncWpOrM+VDAasANzhBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1685722352249009}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1685722352249009}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685722352249009,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNYJqAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1685724063085340}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1685724063085340}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685724063085340,"pkt":"bs1PogZtPJTVQTiBCABFCABLVAkAACQRcFsk523ZWpG0Osb7AasAN1aDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -161,7 +161,7 @@
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685724460743313,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAOsREgK2tHiLVW80OeZaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724460743313,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"85.111.52.57","src_port":58970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724385340729,"flow_src_last_pkt_time":1685724385340729,"flow_dst_last_pkt_time":1685724385340729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":41334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1685725477275419}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1685725477275419}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685725477275419,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMtjBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -180,7 +180,7 @@
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725970240675,"flow_src_last_pkt_time":1685725970240675,"flow_dst_last_pkt_time":1685725970240675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"47.123.189.155","dst_ip":"90.147.171.51","src_port":56038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725705626703,"flow_src_last_pkt_time":1685725705626703,"flow_dst_last_pkt_time":1685725705626703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":60983,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725834402274,"flow_src_last_pkt_time":1685725834402274,"flow_dst_last_pkt_time":1685725834402274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.141.37.56","src_port":38679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":183,"global_ts_usec":1685726470530729}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":183,"global_ts_usec":1685726470530729}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726470530729,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPARDNBGtG\/xSm\/LN7vgAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -190,43 +190,43 @@
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726834568415,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgC2tHiLWpG0OrXjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1685731799713540}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1685731799713540}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685731799713540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbPbaEx26Wm\/UMtv7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_usec":1685734492958804}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_usec":1685734492958804}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685734492958804,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOC61Z7hRW27NsiVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1685736988753451}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1685736988753451}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685736988753451,"pkt":"3jHC4dyOPJTVQTiBCABFCABLe9YAACQRSJTn33nVWo0lOBuuAasANwHXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1685741033951129}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1685741033951129}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951129,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951143,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951143,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":47,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":214,"global_ts_usec":1685749458942275}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":47,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":214,"global_ts_usec":1685749458942275}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685749458942275,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRYABTMNjrunDKNcohAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1685750473996900}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1685750473996900}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685750473996900,"pkt":"AAwp30Y4PJTVQTiBCABFAABLscgAACcRIVOaYYR3pZBUPvsyAasANzP7AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1685754984415729}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1685754984415729}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685754984415729,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXvtTMNjrWpG0OtwmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1685757305453914}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1685757305453914}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757305453914,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GZhAADQR3IJIHggnWm\/UMqqqAasAKnQsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -235,7 +235,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757594807526,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4kRAADQRE8lHJggvWo0lOKbBAasAKngIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757594807526,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"71.38.8.47","dst_ip":"90.141.37.56","src_port":42689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1685758217856293}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1685758217856293}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758217856293,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f25AADQRdoJ5avcUpZBUPjB5AasAKu4zAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -249,7 +249,7 @@
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758497495915,"flow_src_last_pkt_time":1685758497495915,"flow_dst_last_pkt_time":1685758497495915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"185.225.247.8","dst_ip":"165.114.202.61","src_port":48375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758396547203,"flow_src_last_pkt_time":1685758396547203,"flow_dst_last_pkt_time":1685758396547203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"55.94.8.63","dst_ip":"90.145.180.58","src_port":43995,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":55,"packets-processed":54,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1685758883587256}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":55,"packets-processed":54,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1685758883587256}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758883587256,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3xBAADQRFtB5UggHVW80OesKAasAKjOSAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -259,7 +259,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759315778010,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+7TlAADQRCL55avcUunDKNdiyAasAKkYBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759315778010,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"186.112.202.53","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":262,"global_ts_usec":1685759582800435}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":262,"global_ts_usec":1685759582800435}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759582800435,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+PaVAADQRuFZ5avcUWpOrM9iyAasAKkYFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -268,7 +268,7 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759668286856,"pkt":"ipffLU2SPJTVQTiBCABFAAA+WVBAADQRnKXIYfcYSm\/LN1ZsAasAKshFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759668286856,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"200.97.247.24","dst_ip":"74.111.203.55","src_port":22124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":59,"packets-processed":58,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":271,"global_ts_usec":1685761109424998}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":59,"packets-processed":58,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":271,"global_ts_usec":1685761109424998}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685761109424998,"pkt":"bs1PogZtPJTVQTiBCABFBABS6itAACERQQR5I\/Q4WpG0Ond0AasAPtvSAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -283,74 +283,74 @@
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":286,"global_ts_usec":1685764555721287}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":286,"global_ts_usec":1685764555721287}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685764555721287,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbXpF5qROWo0lONfrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":292,"global_ts_usec":1685765514548491}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":292,"global_ts_usec":1685765514548491}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548491,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548505,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548505,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":298,"global_ts_usec":1685768356139839}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":298,"global_ts_usec":1685768356139839}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685768356139839,"pkt":"xmjqc4OdPJTVQTiBCABFCABLLsoAACQRlZ5YH27bunDKNcXkAasAN1eeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":303,"global_ts_usec":1685771545738452}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":303,"global_ts_usec":1685771545738452}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685771545738452,"pkt":"AAwp30Y4PJTVQTiBCABFCABL4vwAACIR56cjAGRzpXLKPfWsAasANywSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_usec":1685783660893661}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_usec":1685783660893661}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685783660893661,"pkt":"AAwp30Y4PJTVQTiBCABFAABLeWAAACcRWcMiZn14pZBUPkQPAasAN+smAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":313,"global_ts_usec":1685786055859235}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":313,"global_ts_usec":1685786055859235}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786055859235,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbd9G6OblVW80Ocf9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1685786672936242}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1685786672936242}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786672936242,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX96s7ZjRpZBUPsn8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":323,"global_ts_usec":1685787446315396}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":323,"global_ts_usec":1685787446315396}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685787446315396,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbFE6JJ09Sm\/LN8\/2AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":328,"global_ts_usec":1685789104454151}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":328,"global_ts_usec":1685789104454151}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685789104454151,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLkZcAACQRMtHjhlHUVW80OZFXAasAN4wrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":333,"global_ts_usec":1685798769239701}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":333,"global_ts_usec":1685798769239701}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685798769239701,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6mEAACIR4FInO4t5VW80OcfVAasAN1n5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_usec":1685802654160689}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_usec":1685802654160689}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685802654160689,"pkt":"AAwp30Y4PJTVQTiBCABFCABLGncAACQRqffjhlHUWm\/UMrB5AasAN20PAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":343,"global_ts_usec":1685803636118223}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":343,"global_ts_usec":1685803636118223}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685803636118223,"pkt":"AAwp30Y4PJTVQTiBCABFCABL\/N4AACQRx31nR5LepXLKPbqcAasAN2LaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_usec":1685804974645010}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_usec":1685804974645010}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685804974645010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTLuhHCWWpOrM6zYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":353,"global_ts_usec":1685805765811289}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":353,"global_ts_usec":1685805765811289}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685805765811289,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRCw+GtJCVWpG0Ore9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -359,7 +359,7 @@
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685806301914300,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSvsm2CTWm\/UMq27AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685806301914300,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.111.212.50","src_port":44475,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":78,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":362,"global_ts_usec":1685809385375373}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":78,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":362,"global_ts_usec":1685809385375373}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809385375373,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsREge2tHiLSm\/LN4GEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -368,7 +368,7 @@
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809633823277,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAPARqCMTY5OUWo0lOL+cAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":80,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":371,"global_ts_usec":1685810288436552}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":80,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":371,"global_ts_usec":1685810288436552}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSkve7GapXLKPavyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -376,7 +376,7 @@
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBkuZGGTpZBUPpILAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.144.84.62","src_port":37387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1685812438394439}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1685812438394439}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685812438394439,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNb5hAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -391,7 +391,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812825868185,"flow_src_last_pkt_time":1685812825868185,"flow_dst_last_pkt_time":1685812825868185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"85.111.52.57","src_port":35950,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812605076027,"flow_src_last_pkt_time":1685812605076027,"flow_dst_last_pkt_time":1685812605076027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":57533,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":394,"global_ts_usec":1685823608659744}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":394,"global_ts_usec":1685823608659744}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685823608659744,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXkwsMR8CWpOrM8f9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -400,7 +400,7 @@
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685824045529363,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpTATY5KcWpG0OtRrAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685824045529363,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":54379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":403,"global_ts_usec":1685833753925206}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":403,"global_ts_usec":1685833753925206}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833753925206,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXlSuMgcLRW27NtiaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -409,28 +409,28 @@
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833820099618,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfk62rixWm\/UMtMrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1685837260196335}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1685837260196335}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685837260196335,"pkt":"bs1PogZtPJTVQTiBCABFCABLWQ0AACIRcZkfAJpyWpG0Op2\/AasAN4QBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":418,"global_ts_usec":1685838786050204}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":418,"global_ts_usec":1685838786050204}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685838786050204,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbcNC5MLbunDKNc9xAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1685845591689038}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1685845591689038}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685845591689038,"pkt":"ipffLU2SPJTVQTiBCABFAABSAK0AAG0RE\/VDnxCWSm\/LN6rvAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":92,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":428,"global_ts_usec":1685846371302206}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":92,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":428,"global_ts_usec":1685846371302206}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685846371302206,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMtFcAasAJRkeAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":93,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":433,"global_ts_usec":1685847518566522}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":93,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":433,"global_ts_usec":1685847518566522}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685847518566522,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NrsHAasAJS9xAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -439,7 +439,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685848000557988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685848000557988,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":95,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_usec":1685849540053899}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":95,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_usec":1685849540053899}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685849540053899,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPsikAasAJSHMAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -453,7 +453,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849733217189,"flow_src_last_pkt_time":1685849733217189,"flow_dst_last_pkt_time":1685849733217189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":51228,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849664860009,"flow_src_last_pkt_time":1685849664860009,"flow_dst_last_pkt_time":1685849664860009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":456,"global_ts_usec":1685851175046998}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":456,"global_ts_usec":1685851175046998}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685851175046998,"pkt":"3jHC4dyOPJTVQTiBCABFCABL904AACIR01kj\/EVxWo0lOOkiAasANzigAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -468,28 +468,28 @@
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1685852052162325}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1685852052162325}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685852052162325,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OoEYAasAJWlaAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1685860258822121}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1685860258822121}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685860258822121,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNbtcAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_usec":1685863658998957}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_usec":1685863658998957}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685863658998957,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtTNAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":104,"packets-processed":103,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":487,"global_ts_usec":1685866496459415}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":104,"packets-processed":103,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":487,"global_ts_usec":1685866496459415}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685866496459415,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM9GHGX8Wo0lOM7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":105,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":492,"global_ts_usec":1685868922612761}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":105,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":492,"global_ts_usec":1685868922612761}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685868922612761,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wDFAADQRPtU5AzHVSm\/LN2TcAasAKsLmAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -498,7 +498,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869117973932,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ZfVAADQRmRxGwcb6RW27NnFTAasAKrZ6AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869117973932,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"70.193.198.250","dst_ip":"69.109.187.54","src_port":29011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":501,"global_ts_usec":1685869695331980}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":501,"global_ts_usec":1685869695331980}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869695331980,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+88RAADQRC1FXANnyVW80OdPMAasAKlQFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -507,7 +507,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870241871015,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+NXBAADQRyYU2+8bepZBUPqAmAasAKoeLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":510,"global_ts_usec":1685870479493725}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":510,"global_ts_usec":1685870479493725}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870479493725,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4zlAADQRG81XJznTWo0lOKX2AasAKoHMAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -530,7 +530,7 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870800640514,"flow_src_last_pkt_time":1685870800640514,"flow_dst_last_pkt_time":1685870800640514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"74.111.203.55","src_port":56717,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":533,"global_ts_usec":1685871093262888}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":533,"global_ts_usec":1685871093262888}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685871093262888,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXosuzP9LpZBUPtc6AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -540,7 +540,7 @@
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":543,"global_ts_usec":1685872555023942}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":543,"global_ts_usec":1685872555023942}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685872555023942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+aWdAADQRlZGnOTHbpXLKPfQPAasAKjOlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -551,27 +551,27 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685872858284372,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXklTDuAOpXLKPdm1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":554,"global_ts_usec":1685882198118291}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":554,"global_ts_usec":1685882198118291}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685882198118291,"pkt":"bpHurUgdPJTVQTiBCABFCABLT4kAACIReyefPLR2RW27NqqoAasAN3ciAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":559,"global_ts_usec":1685890136540249}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":559,"global_ts_usec":1685890136540249}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685890136540249,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREhCGtJCVWpOrM5XnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":120,"packets-processed":119,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1685893050953648}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":120,"packets-processed":119,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1685893050953648}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685893050953648,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsREgqGtJCVWo0lOM51AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":569,"global_ts_usec":1685894881323596}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":569,"global_ts_usec":1685894881323596}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685894881323596,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrvZI2ZpXLKPc\/mAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1685895935303589}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1685895935303589}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685895935303589,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtY5KSWm\/UMoW+AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -580,13 +580,13 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685896082620616,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RD\/62tHiLpZBUPuqLAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1685898155508793}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1685898155508793}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685898155508793,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiIuZGGTSm\/LN9oIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":125,"packets-processed":124,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":589,"global_ts_usec":1685900239002858}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":125,"packets-processed":124,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":589,"global_ts_usec":1685900239002858}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685900239002858,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTIve7GaRW27Nrq9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -599,7 +599,7 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900456106642,"flow_src_last_pkt_time":1685900456106642,"flow_dst_last_pkt_time":1685900456106642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"186.112.202.53","src_port":39226,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900274127763,"flow_src_last_pkt_time":1685900274127763,"flow_dst_last_pkt_time":1685900274127763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":51113,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":602,"global_ts_usec":1685915408138503}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":602,"global_ts_usec":1685915408138503}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915408138503,"pkt":"AAwp30Y4PJTVQTiBCABFCABLkhwAACIROIkjAGRzpZBUPiXRAasAN\/vuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -608,32 +608,32 @@
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915597923295,"pkt":"ipffLU2SPJTVQTiBCABFAABLM0cAACcRn97invx\/Sm\/LN2ATAasAN88kAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":611,"global_ts_usec":1685918860009356}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":611,"global_ts_usec":1685918860009356}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685918860009356,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbX1CGOFNSm\/LN9sWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":616,"global_ts_usec":1685919707980290}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":616,"global_ts_usec":1685919707980290}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685919707980290,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX0xTDuAOWpG0OsCbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":132,"packets-processed":131,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":621,"global_ts_usec":1685923909350319}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":132,"packets-processed":131,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":621,"global_ts_usec":1685923909350319}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685923909350319,"pkt":"3jHC4dyOPJTVQTiBCABFAABLfvwAACcRVCBiZ\/1zWo0lOKxDAasAN4LrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":626,"global_ts_usec":1685927801125774}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":626,"global_ts_usec":1685927801125774}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685927801125774,"pkt":"AAwp30Y4PJTVQTiBCABFAABLN1kAACcRm8DigHp2pXLKPXT6AasAN7oxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":631,"global_ts_usec":1685929607649688}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":631,"global_ts_usec":1685929607649688}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685929607649688,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+dqxAADQRKhJAP9viWpOrM98EAasAKup1AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":135,"packets-processed":134,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":636,"global_ts_usec":1685930408325419}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":135,"packets-processed":134,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":636,"global_ts_usec":1685930408325419}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930408325419,"pkt":"ipffLU2SPJTVQTiBCABFAAA+RodAADQRWiiguMv6Sm\/LN6NhAasAKiYKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -642,7 +642,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930521950503,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+FB1AADQRjJVAP9vipXLKPd8EAasAKuppAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930521950503,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"165.114.202.61","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":137,"packets-processed":136,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":645,"global_ts_usec":1685931213042208}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":137,"packets-processed":136,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":645,"global_ts_usec":1685931213042208}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685931213042208,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+edhAADQRJt1AR9rgVW80OU+OAasAKnnjAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -661,17 +661,17 @@
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931328327343,"flow_src_last_pkt_time":1685931328327343,"flow_dst_last_pkt_time":1685931328327343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.65.52.246","dst_ip":"165.144.84.62","src_port":10179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931339492549,"flow_src_last_pkt_time":1685931339492549,"flow_dst_last_pkt_time":1685931339492549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.141.37.56","src_port":10207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":664,"global_ts_usec":1685932001528402}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":664,"global_ts_usec":1685932001528402}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685932001528402,"pkt":"bpHurUgdPJTVQTiBCABFAAA++0RAADQRpWtBPsX4RW27NrJrAasAKhcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":669,"global_ts_usec":1685932876135808}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":669,"global_ts_usec":1685932876135808}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685932876135808,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqBoQY5OSpZBUPr5YAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":143,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1685933841851094}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":143,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1685933841851094}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685933841851094,"pkt":"bpHurUgdPJTVQTiBCABFAABU0ltAADQRvvtLmX7zRW27NtRqAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -680,7 +680,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685934156732428,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbI5G2LpnpZBUPtpIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685934156732428,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"165.144.84.62","src_port":55880,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":683,"global_ts_usec":1685949298361033}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":683,"global_ts_usec":1685949298361033}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685949298361033,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXw9SDr+xunDKNcn4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -694,48 +694,48 @@
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":148,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":697,"global_ts_usec":1685950065516616}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":148,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":697,"global_ts_usec":1685950065516616}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950065516616,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUAm7qYJWpOrM9zRAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":149,"packets-processed":148,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":703,"global_ts_usec":1685950716132805}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":149,"packets-processed":148,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":703,"global_ts_usec":1685950716132805}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950716132805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRX57OzBhaWo0lOMknAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":708,"global_ts_usec":1685952673673917}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":708,"global_ts_usec":1685952673673917}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685952673673917,"pkt":"AAwp30Y4PJTVQTiBCABFAABLLRsAACcRpgilgP10WpOrMxPRAasANxtlAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":713,"global_ts_usec":1685953474074395}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":713,"global_ts_usec":1685953474074395}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685953474074395,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdLZH+f\/Wm\/UMtsGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":152,"packets-processed":151,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":718,"global_ts_usec":1685956234214319}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":152,"packets-processed":151,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":718,"global_ts_usec":1685956234214319}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685956234214319,"pkt":"bpHurUgdPJTVQTiBCABFCABLd1MAACQRTR0cZobSRW27NrFGAasAN2xEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":723,"global_ts_usec":1685959206891430}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":723,"global_ts_usec":1685959206891430}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685959206891430,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX32t8T8kVW80OccoAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":728,"global_ts_usec":1685960845026064}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":728,"global_ts_usec":1685960845026064}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685960845026064,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yNRGCtqWm\/UMurxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":155,"packets-processed":154,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":733,"global_ts_usec":1685964244002056}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":155,"packets-processed":154,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":733,"global_ts_usec":1685964244002056}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685964244002056,"pkt":"ipffLU2SPJTVQTiBCABFAAA11DEAAPER0yJRGCtqSm\/LN98IAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":156,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":738,"global_ts_usec":1685969568367700}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":156,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":738,"global_ts_usec":1685969568367700}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969568367700,"pkt":"bpHurUgdPJTVQTiBCABFAAA11DEAAPER0yFRGCtqRW27NuQzAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -744,13 +744,13 @@
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969623534341,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA11DEAAPER0x1RGCtqVW80OcwTAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":747,"global_ts_usec":1685976878692319}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":747,"global_ts_usec":1685976878692319}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685976878692319,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMdGtG\/xpZBUPppUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":159,"packets-processed":158,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":753,"global_ts_usec":1685980039598832}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":159,"packets-processed":158,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":753,"global_ts_usec":1685980039598832}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980039598832,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrQZLGIWm\/UMrKIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -759,7 +759,7 @@
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685980256079266,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xlRGCtqpZBUPrejAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980256079266,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.144.84.62","src_port":47011,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":762,"global_ts_usec":1685980966068969}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":762,"global_ts_usec":1685980966068969}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980966068969,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRCw62tHiLRW27NoIkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -768,7 +768,7 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685981433727126,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRCwu2tHiLWo0lOJWZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685981433727126,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38297,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":771,"global_ts_usec":1685983024598099}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":771,"global_ts_usec":1685983024598099}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983024598099,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OsBBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -776,7 +776,7 @@
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983044584108,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcYJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":779,"global_ts_usec":1685983887017305}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":779,"global_ts_usec":1685983887017305}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983887017305,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80Od8FAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -786,7 +786,7 @@
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685984091734191,"pkt":"3jHC4dyOPJTVQTiBCABFAAA11DEAAPER0x5RGCtqWo0lOO2PAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685984091734191,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.141.37.56","src_port":60815,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":789,"global_ts_usec":1685986621173581}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":789,"global_ts_usec":1685986621173581}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986621173581,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZX2S2hzSm\/LN4iuAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -798,54 +798,54 @@
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986755864865,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMe4tKjwpXLKPZqWAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":801,"global_ts_usec":1685988729872897}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":801,"global_ts_usec":1685988729872897}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685988729872897,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yRRGCtqWpOrM+XUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986711741123,"flow_src_last_pkt_time":1685986711741123,"flow_dst_last_pkt_time":1685986711741123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"90.147.171.51","src_port":41989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":808,"global_ts_usec":1685993522728404}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":808,"global_ts_usec":1685993522728404}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685993522728404,"pkt":"AAwp30Y4PJTVQTiBCABFCABLWP8AACIRca5kOJtwWpOrMwa8AasANxsMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":172,"packets-processed":171,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":813,"global_ts_usec":1685998634406588}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":172,"packets-processed":171,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":813,"global_ts_usec":1685998634406588}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685998634406588,"pkt":"ipffLU2SPJTVQTiBCABFCABLN5cAACQRjNbjhlHUSm\/LNyjZAasAN\/SuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":173,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":818,"global_ts_usec":1685999686351420}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":173,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":818,"global_ts_usec":1685999686351420}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685999686351420,"pkt":"ipffLU2SPJTVQTiBCABFAABUtPJAADQR3GZLiYbySm\/LNxkwAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":823,"global_ts_usec":1686000601569343}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":823,"global_ts_usec":1686000601569343}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686000601569343,"pkt":"AAwp30Y4PJTVQTiBCABFCABLI3sAACQRoOVbIWrapZBUPgnmAasANxOVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":175,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":828,"global_ts_usec":1686003718804460}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":175,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":828,"global_ts_usec":1686003718804460}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686003718804460,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLfOYAACcRVjsid3p+VW80ORhfAasANxbVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":176,"packets-processed":175,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":833,"global_ts_usec":1686005514515876}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":176,"packets-processed":175,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":833,"global_ts_usec":1686005514515876}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686005514515876,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPc24AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":177,"packets-processed":176,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":838,"global_ts_usec":1686006182252244}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":177,"packets-processed":176,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":838,"global_ts_usec":1686006182252244}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006182252244,"pkt":"bs1PogZtPJTVQTiBCABFAAA11DEAAPER0xtRGCtqWpG0OrviAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":178,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":843,"global_ts_usec":1686006861718393}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":178,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":843,"global_ts_usec":1686006861718393}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006861718393,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xhRGCtqpXLKPaoFAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":848,"global_ts_usec":1686010416557191}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":848,"global_ts_usec":1686010416557191}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010416557191,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFkh2Fo4WpOrM9BeAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -854,12 +854,12 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010882769715,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWahL8clunDKNcNaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":857,"global_ts_usec":1686014238036586}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":857,"global_ts_usec":1686014238036586}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686014238036586,"pkt":"AAwp30Y4PJTVQTiBCABFAABLra8AACcRJW9dZnxwWm\/UMqJ8AasAN4y0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":862,"global_ts_usec":1686016759751712}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":862,"global_ts_usec":1686016759751712}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686016759751712,"pkt":"bs1PogZtPJTVQTiBCABFAAA+I89AADQRPpp3IpPeWpG0Ot4uAasAKqz2AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -881,7 +881,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017305054145,"flow_src_last_pkt_time":1686017305054145,"flow_dst_last_pkt_time":1686017305054145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"185.97.76.211","dst_ip":"69.109.187.54","src_port":42268,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016985898059,"flow_src_last_pkt_time":1686016985898059,"flow_dst_last_pkt_time":1686016985898059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"118.158.148.196","dst_ip":"165.114.202.61","src_port":44102,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017148856498,"flow_src_last_pkt_time":1686017148856498,"flow_dst_last_pkt_time":1686017148856498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"85.111.52.57","src_port":23876,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":884,"global_ts_usec":1686018209196915}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":884,"global_ts_usec":1686018209196915}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018209196915,"pkt":"ipffLU2SPJTVQTiBCABFAAA+j29AADQR0xhHqnP1Sm\/LN6xcAasAKt7nAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -898,58 +898,58 @@
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018707030417,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+oClAADQRwmSG2bjyWpOrM6D\/AasAKupKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":191,"packets-processed":190,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":901,"global_ts_usec":1686019249802467}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":191,"packets-processed":190,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":901,"global_ts_usec":1686019249802467}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686019249802467,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+q7VAADQRtsw4UoD6unDKNdHJAasAKrl0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018689761553,"flow_src_last_pkt_time":1686018689761553,"flow_dst_last_pkt_time":1686018689761553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"90.111.212.50","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":192,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":907,"global_ts_usec":1686021648125792}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":192,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":907,"global_ts_usec":1686021648125792}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686021648125792,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbU\/a08Q6VW80Ocu+AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":193,"packets-processed":192,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":912,"global_ts_usec":1686031186113585}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":193,"packets-processed":192,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":912,"global_ts_usec":1686031186113585}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686031186113585,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTjsg6KdWpOrM4UvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":194,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":917,"global_ts_usec":1686032769267683}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":194,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":917,"global_ts_usec":1686032769267683}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686032769267683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXuqxMLj3pXLKPd1AAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":922,"global_ts_usec":1686040872007912}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":922,"global_ts_usec":1686040872007912}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686040872007912,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbedFJOfmWm\/UMtDxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":927,"global_ts_usec":1686043388705512}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":927,"global_ts_usec":1686043388705512}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686043388705512,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXlks718eSm\/LN9spAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":197,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":932,"global_ts_usec":1686044168857770}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":197,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":932,"global_ts_usec":1686044168857770}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686044168857770,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX+RQEAD7pZBUPsDtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":937,"global_ts_usec":1686046546512327}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":937,"global_ts_usec":1686046546512327}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686046546512327,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbY2lJSdeRW27NsAHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":942,"global_ts_usec":1686047674470156}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":942,"global_ts_usec":1686047674470156}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686047674470156,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXv+yDkDpWo0lONkiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":200,"packets-processed":199,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":947,"global_ts_usec":1686052550759741}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":200,"packets-processed":199,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":947,"global_ts_usec":1686052550759741}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686052550759741,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPblNAasAJTEiAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":952,"global_ts_usec":1686054840592952}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":952,"global_ts_usec":1686054840592952}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686054840592952,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Nq9dAasAJTsbAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -958,12 +958,12 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686055302350311,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80ObceAasAJTNWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":203,"packets-processed":202,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":961,"global_ts_usec":1686056089625694}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":203,"packets-processed":202,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":961,"global_ts_usec":1686056089625694}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686056089625694,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMpsLAasAJU9vAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":204,"packets-processed":203,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":966,"global_ts_usec":1686057077798333}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":204,"packets-processed":203,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":966,"global_ts_usec":1686057077798333}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057077798333,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN+a9AasAJQO8AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -972,7 +972,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057628692531,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM8jOAasAJSGtAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":975,"global_ts_usec":1686057720083465}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":975,"global_ts_usec":1686057720083465}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057720083465,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOIngAasAJWCVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -982,13 +982,13 @@
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":985,"global_ts_usec":1686059089399919}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":985,"global_ts_usec":1686059089399919}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686059089399919,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPtABAasAJRpvAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":991,"global_ts_usec":1686063230217187}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":991,"global_ts_usec":1686063230217187}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686063230217187,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiYQZFORWpOrM+tIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1002,17 +1002,17 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063367901199,"flow_src_last_pkt_time":1686063367901199,"flow_dst_last_pkt_time":1686063367901199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"186.112.202.53","src_port":36840,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":212,"packets-processed":211,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":212,"packets-processed":211,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686065747925784,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0REAC2tHiLWpG0Os\/uAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":213,"packets-processed":212,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":213,"packets-processed":212,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686066398914580,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOJbRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067317662813,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPY+9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1021,17 +1021,17 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067699688902,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtg6GYpZBUPo+PAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":216,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":216,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686071042176869,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiwtZIyZSm\/LN9UKAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686075500413977,"pkt":"3jHC4dyOPJTVQTiBCABFCABLp64AACQRHLRnR5LeWo0lOGbzAasAN7aJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":218,"packets-processed":217,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":218,"packets-processed":217,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686081952749133,"pkt":"AAwp30Y4PJTVQTiBCABFCABLEn4AACQRsepnR5LeWpOrM\/uDAasANyH\/AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1040,7 +1040,7 @@
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082067713083,"pkt":"AAwp30Y4PJTVQTiBCABFCABLYc8AACIRaN1kOJtwWm\/UMs+KAasAN1I8AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":220,"packets-processed":219,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":220,"packets-processed":219,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686082597517294,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbe66GwXtWpOrM8hzAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1050,43 +1050,43 @@
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082771466382,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6nUAACIR4DqnB5p9VW80OSAcAasANwGvAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686085137783742,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRpSUuZGGTVW80OeZ7AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":223,"packets-processed":222,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":223,"packets-processed":222,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686086498336760,"pkt":"3jHC4dyOPJTVQTiBCABFAABSWVwAAG0Ru0FDnxCWWo0lOIqlAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":224,"packets-processed":223,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":224,"packets-processed":223,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686087364946144,"pkt":"bpHurUgdPJTVQTiBCABFAABS0PQAAG4RQqxDnxCWRW27NowQAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686088327419270,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbDEi3CYAunDKNdXAAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686095963626743,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXnWtMZ8ySm\/LN9YyAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":227,"packets-processed":226,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":227,"packets-processed":226,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686100690494262,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRYB3OEdirRW27NtF5AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":228,"packets-processed":227,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":228,"packets-processed":227,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102050692991,"pkt":"ipffLU2SPJTVQTiBCABFAAA+KfdAADQRdt1AOMuySm\/LN6VlAasAKiQrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":229,"packets-processed":228,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":229,"packets-processed":228,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102672425183,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+Lo9AADQRckmmRju1Wm\/UMrQNAasAKhWHAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1110,12 +1110,12 @@
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103038730179,"flow_src_last_pkt_time":1686103038730179,"flow_dst_last_pkt_time":1686103038730179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":63574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102873592315,"flow_src_last_pkt_time":1686102873592315,"flow_dst_last_pkt_time":1686102873592315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"33.26.187.87","dst_ip":"90.141.37.56","src_port":52761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686103373634504,"pkt":"bpHurUgdPJTVQTiBCABFAAA+HIVAADQRhFKmx9u2RW27NnDRAasAKljCAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":235,"packets-processed":234,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":235,"packets-processed":234,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104038936046,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+0DtAADQR0JFfQMS6unDKNUmZAasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1125,22 +1125,22 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104544084969,"pkt":"bs1PogZtPJTVQTiBCABFAAA+LfFAADQRctlYP9q4WpG0OsdTAasAKgIzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":237,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":237,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104819369835,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+9FFAADQRrIJHQCS3VW80OeAlAasAKulqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686109686670972,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbeWl07zvpXLKPcauAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":239,"packets-processed":238,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":239,"packets-processed":238,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686115314323562,"pkt":"3jHC4dyOPJTVQTiBCABFCABLy\/0AACIR\/qsfAJpyWo0lOHnuAasAN6fVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":240,"packets-processed":239,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":240,"packets-processed":239,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686120842599135,"pkt":"AAwp30Y4PJTVQTiBCABFAABLInYAACcRsKcid3p+pZBUPkpvAasAN+TAAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1149,38 +1149,38 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686121348877532,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbQ1Z1jiBVW80OcXLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":242,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":242,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686122375311586,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJLB0SZgWm\/UMt3PAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":243,"packets-processed":242,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":243,"packets-processed":242,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686127609854442,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJQiEN9rpZBUPsFKAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":244,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":244,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405705,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405720,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405720,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686148169982093,"pkt":"ipffLU2SPJTVQTiBCABFAABL+PEAACcR2jmaYAV5Sm\/LN3ifAasAN7aeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":247,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":247,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686150111716704,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRpS\/Qe7CaWo0lONIPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":248,"packets-processed":247,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":248,"packets-processed":247,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686151018568427,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpSvsg1KRRW27Np7UAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":249,"packets-processed":248,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":249,"packets-processed":248,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152692161183,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpTITnLybSm\/LN7qFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1189,48 +1189,48 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152794742928,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpSDthLCIpZBUPoZyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":251,"packets-processed":250,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":251,"packets-processed":250,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686157605088607,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCUtfJOcpXLKPdeVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":252,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":252,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686158302309017,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAO8RDclGtG\/xWpG0OpPxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":253,"packets-processed":252,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":253,"packets-processed":252,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686159210157364,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCwve7GaWm\/UMsVfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686164441587309,"pkt":"ipffLU2SPJTVQTiBCABFCABLFfMAACIRtMTjx1p6Sm\/LN1hEAasAN8mNAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":255,"packets-processed":254,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":255,"packets-processed":254,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686172962599222,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgWhLQWsWpOrM9x7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686178920053120,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbXhCGOFNVW80OdgXAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":257,"packets-processed":256,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":257,"packets-processed":256,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686182909163488,"pkt":"xmjqc4OdPJTVQTiBCABFCABLnDYAACIRLnxYOJt+unDKNTkvAasAN+idAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":258,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":258,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686186373659453,"pkt":"bpHurUgdPJTVQTiBCABFCABLbu4AACIRW70j\/EVxRW27NjrPAasAN+b2AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":259,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":259,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686188598232342,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdZdFhnwpZBUPtE1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1244,33 +1244,33 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188644341439,"flow_src_last_pkt_time":1686188644341439,"flow_dst_last_pkt_time":1686188644341439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"94.46.221.227","dst_ip":"90.141.37.56","src_port":49978,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686189923950356,"pkt":"xmjqc4OdPJTVQTiBCABFCABS0+QAAGsRQrNDnxCWunDKNd+LAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":263,"packets-processed":262,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":263,"packets-processed":262,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686195826361567,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWRG0oIpunDKNcTLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":264,"packets-processed":263,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":264,"packets-processed":263,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686197444990656,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbbfZF5\/HSm\/LN9WmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":265,"packets-processed":264,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":265,"packets-processed":264,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686200474358772,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtfQ8\/jUpXLKPdayAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944069,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_src_last_pkt_time":1686201624944084,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944084,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944084,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204308831707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+UJNAADQREf\/H3YvpWpG0OrNSAasAKtf7AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1279,7 +1279,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204816985223,"pkt":"bpHurUgdPJTVQTiBCABFAAA++fVAADQRaIr27WP9RW27NjGRAasAKlmrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204816985223,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"69.109.187.54","src_port":12689,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205296905334,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+r0hAADQRsyX3LXDOWm\/UMk49AasAKjztAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1292,7 +1292,7 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205768491443,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3TBAADQRhVdGJmvxVW80OQ75AasAKnxLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205768491443,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"70.38.107.241","dst_ip":"85.111.52.57","src_port":3833,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205683745012,"flow_src_last_pkt_time":1686205683745012,"flow_dst_last_pkt_time":1686205683745012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"56.174.92.201","dst_ip":"165.114.202.61","src_port":12782,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":273,"packets-processed":272,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":273,"packets-processed":272,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206099528813,"pkt":"ipffLU2SPJTVQTiBCABFAAA+0FpAADQRkh5GamPWSm\/LNymJAasAKmGsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1302,22 +1302,22 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206507820187,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f0tAADQR4yz27WP9pZBUPm5IAasAKhzsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206929031157,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+TBRAADQRFl3IHWzZWo0lONeRAasAKrObAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":276,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":276,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686207705291823,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSu9QAAG0RWMhDnxCWVW80ObxuAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":277,"packets-processed":276,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":277,"packets-processed":276,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686209332165512,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNKwAACIRlfkjAGRzpZBUPl3mAasAN8PZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218743990736,"pkt":"AAwp30Y4PJTVQTiBCABFCABLunsAACIRECpb\/2t0pXLKPXMFAasAN666AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1326,32 +1326,32 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218930278883,"pkt":"AAwp30Y4PJTVQTiBCABFAABLV70AACcRe1hiiQNypXLKPRTWAasANxpSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":280,"packets-processed":279,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":280,"packets-processed":279,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686227357942748,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNlUAACQRjhzgf2LWWpOrM0rjAasAN9KoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":281,"packets-processed":280,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":281,"packets-processed":280,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686234455283740,"pkt":"bs1PogZtPJTVQTiBCABFAABLt7IAACcRG3GdePx7WpG0OpHzAasAN51CAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686236482989100,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OpKPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":283,"packets-processed":282,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":283,"packets-processed":282,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686238266508865,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpSrsm2CTSm\/LN7n2AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":284,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":284,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241261208452,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrCQtY5KSWm\/UMoCOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241917944669,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZLItJByunDKNc42AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1365,7 +1365,7 @@
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242407915366,"flow_src_last_pkt_time":1686242407915366,"flow_dst_last_pkt_time":1686242407915366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":60621,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242007697569,"flow_src_last_pkt_time":1686242007697569,"flow_dst_last_pkt_time":1686242007697569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":36409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":288,"packets-processed":287,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":288,"packets-processed":287,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686243579374691,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBotY5KSpZBUPuunAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1374,17 +1374,17 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244097863995,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZDItJByWo0lONuvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244966838652,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpSXsm2CTVW80OaHAAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":291,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":291,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686256443473506,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbP6i2\/i0WpOrM8fUAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":292,"packets-processed":291,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":292,"packets-processed":291,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257607667798,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OdifAasAJRHVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1393,13 +1393,13 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257765544403,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPcZcAasAJSQTAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686258512561586,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNdyeAasAJQ3ZAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":295,"packets-processed":294,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":295,"packets-processed":294,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686261546684605,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPr7\/AasAJStxAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1414,7 +1414,7 @@
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_src_last_pkt_time":1686261885374256,"flow_dst_last_pkt_time":1686261885374242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686261885374256,"pkt":"3jHC4dyOPJTVQTiBCABFBABS1h8AADQRotfUmt9nWo0lONofAasAPpnuAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261656437832,"flow_src_last_pkt_time":1686261656437832,"flow_dst_last_pkt_time":1686261656437832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":37856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":299,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":299,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686262180549880,"pkt":"AAwp30Y4PJTVQTiBCABFAABUwx1AADQRzjFLiYbypXLKPeerAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1423,7 +1423,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262531882256,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONHuAasAJRiHAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262531882256,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":53742,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":301,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":301,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262998390221,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM4RkAasAJWYXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1449,22 +1449,22 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263094542703,"flow_src_last_pkt_time":1686263094542703,"flow_dst_last_pkt_time":1686263094542703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"197.23.155.213","dst_ip":"90.145.180.58","src_port":51534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263272401090,"flow_src_last_pkt_time":1686263272401090,"flow_dst_last_pkt_time":1686263272401090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":49681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263142896966,"flow_src_last_pkt_time":1686263142896966,"flow_dst_last_pkt_time":1686263142896966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":50776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":306,"packets-processed":305,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":306,"packets-processed":305,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686264627972582,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfZC4OK3pZBUPsz8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263490143641,"flow_src_last_pkt_time":1686263490143641,"flow_dst_last_pkt_time":1686263490143641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":36077,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":307,"packets-processed":306,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":307,"packets-processed":306,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686265884829767,"pkt":"bpHurUgdPJTVQTiBCABFCABLZJsAACQRX81bIWraRW27Nun+AasANzOEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":308,"packets-processed":307,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":308,"packets-processed":307,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686266868932026,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX53OzBhaVW80OcS0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":309,"packets-processed":308,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":309,"packets-processed":308,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686268741318193,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX\/9MLWfkWm\/UMtbfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1473,17 +1473,17 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686269328666858,"pkt":"xmjqc4OdPJTVQTiBCABFAABLWZ4AACcReX7adoNxunDKNSGuAasANw2BAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":311,"packets-processed":310,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":311,"packets-processed":310,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686271029434310,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbHG95fpLpXLKPcO\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686272210557633,"pkt":"bpHurUgdPJTVQTiBCABFAABLiBsAACcRSwWlgP10RW27NlMIAasAN9wqAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686276490401508,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbH9e5p5PSm\/LN9nGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1492,32 +1492,32 @@
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686277031596938,"pkt":"bs1PogZtPJTVQTiBCABFCABLQa4AACIRiPcj\/EVxWpG0OpLiAasAN47dAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686279640620137,"pkt":"AAwp30Y4PJTVQTiBCABFCABL5wQAACIR47OY\/6p8WpOrM7YOAasAN2vEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686282116013463,"pkt":"AAwp30Y4PJTVQTiBCABFCABSCtkAAGsRC7dDnxCWpXLKPdYiAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":317,"packets-processed":316,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":317,"packets-processed":316,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686283230398748,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUxdGp8RunDKNd7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686284127841221,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM3ZH+f\/Wo0lOMLjAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":319,"packets-processed":318,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":319,"packets-processed":318,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686290568082392,"pkt":"AAwp30Y4PJTVQTiBCABFAABScHIAAG0RpCZDnxCWpZBUPjFMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":320,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":320,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686292143831347,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL62sAACIR3z5b\/2t0VW80OTDAAasAN\/EEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1526,17 +1526,17 @@
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686292431165594,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXt6v7\/\/ZRW27NtI8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686295204381615,"pkt":"bs1PogZtPJTVQTiBCABFCABSvkIAAGsRWFBDnxCWWpG0OtGMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":323,"packets-processed":322,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":323,"packets-processed":322,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686301765843785,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+ZMJAADQR\/Z8HbrPNpZBUPuPNAasAKqdQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":324,"packets-processed":323,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":324,"packets-processed":323,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303104961112,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+LXZAADQRNPvJ7YfSpXLKPZRXAasAKvbVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1545,13 +1545,13 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303160580622,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+Py1AADQRI2U5ooDqVW80OflAAasAKpINAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303829470774,"pkt":"ipffLU2SPJTVQTiBCABFAAA+mKZAADQRydB4LlDUSm\/LN+psAasAKqDGAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":327,"packets-processed":326,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":327,"packets-processed":326,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304502775958,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ef9AADQR6JY5ooDqRW27Nrw8AasAKs8VAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1560,7 +1560,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304868179785,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+RtxAADQRG7c5ooDqWo0lOEzRAasAKj5+AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304868179785,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"90.141.37.56","src_port":19665,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305286126745,"pkt":"bs1PogZtPJTVQTiBCABFAAA+FfdAADQRTH3J7YfSWpG0OhmRAasAKnGfAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1572,23 +1572,23 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305544554511,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+PF5AADQRJgP3XbfFunDKNSAVAasAKmsIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":332,"packets-processed":331,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":332,"packets-processed":331,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686312624909971,"pkt":"3jHC4dyOPJTVQTiBCABFAABLr5UAACcRI44lYQR9Wo0lOD7IAasAN\/BtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305534685025,"flow_src_last_pkt_time":1686305534685025,"flow_dst_last_pkt_time":1686305534685025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"90.147.171.51","src_port":10997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":333,"packets-processed":332,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":333,"packets-processed":332,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686321706660675,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRCZD2S2hzVW80OYfJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324009293668,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOMmkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":335,"packets-processed":334,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":335,"packets-processed":334,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324751894084,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0RqigTY5KcWpG0OqNzAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1596,28 +1596,28 @@
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686324780665773,"pkt":"AAwp30Y4PJTVQTiBCABFAABL\/uwAACcR1DRiZ\/1zWm\/UMnJSAasAN7zhAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686325702442238,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMoi1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686326962813579,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM4BxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":339,"packets-processed":338,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":339,"packets-processed":338,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686329069716669,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYvItJBypZBUPo9HAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":340,"packets-processed":339,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":340,"packets-processed":339,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686330200907102,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNcY1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":341,"packets-processed":340,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":341,"packets-processed":340,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331103032820,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAO0REA2GtJCVRW27NsxFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1626,12 +1626,12 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331598448412,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZTItJBySm\/LN99gAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":343,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":343,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686332169029831,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPdXfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":344,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":344,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686334800212088,"pkt":"AAwp30Y4PJTVQTiBCABFAABSPDMAAOoRJurHERCvWpOrM+YiAasAPi4OAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1650,7 +1650,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334859871850,"flow_src_last_pkt_time":1686334859871850,"flow_dst_last_pkt_time":1686334859871850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.111.212.50","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334813478068,"flow_src_last_pkt_time":1686334813478068,"flow_dst_last_pkt_time":1686334813478068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"165.114.202.61","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":349,"packets-processed":348,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":349,"packets-processed":348,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686335939300740,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZXG1wJopXLKPdimAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1663,37 +1663,37 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686336218624230,"pkt":"AAwp30Y4PJTVQTiBCABFCABLMOwAACQRk3IbhqncpXLKPdPLAasAN0mtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":351,"packets-processed":350,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":351,"packets-processed":350,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686337417264371,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX4BQEDgoSm\/LN8LIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686348943265542,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX\/PO8JjhWpG0Os7bAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686352403512683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXnuszr8npZBUPtmEAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686355642711445,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX5yvzh9URW27Ns1JAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":355,"packets-processed":354,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":355,"packets-processed":354,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686356686492578,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXo5QM39KVW80OdPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":356,"packets-processed":355,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":356,"packets-processed":355,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686361225400035,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUHGF1kcunDKNcgfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":357,"packets-processed":356,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":357,"packets-processed":356,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686376742132232,"pkt":"ipffLU2SPJTVQTiBCABFAABL5L0AACcR7mFiiQNySm\/LN2TdAasAN8pUAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1702,12 +1702,12 @@
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686377192208651,"pkt":"xmjqc4OdPJTVQTiBCABFCABLA5EAACQRwODboGXRunDKNShSAasAN\/U5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":359,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":359,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686378731428268,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbdWh54D1Wo0lOMaVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":360,"packets-processed":359,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":360,"packets-processed":359,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+0ZZAADQRzpamvyUzpXLKPWv1AasAKlz0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1715,7 +1715,7 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+SnBAADQRVctGP9UwWpOrM\/uJAasAKs1tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"70.63.213.48","dst_ip":"90.147.171.51","src_port":64393,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686385671822712,"pkt":"bpHurUgdPJTVQTiBCABFAAA+U4xAADQRTLRZxtsoRW27NjMfAasAKpXdAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1732,7 +1732,7 @@
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386117996493,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+tYhAADQR6qymvyUzunDKNWv1AasAKlz8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":366,"packets-processed":365,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":366,"packets-processed":365,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386455119430,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wzhAADQR3P9eRssxSm\/LNyNpAasAKqWLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1751,39 +1751,39 @@
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686401776042881,"pkt":"3jHC4dyOPJTVQTiBCABFCABLnL8AACIRLehkOJtwWo0lODHPAasAN+\/yAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":371,"packets-processed":370,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":371,"packets-processed":370,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686404500406996,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxOMAACIRBdXjx1p6Wm\/UMqwOAasAN3XEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":372,"packets-processed":371,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":372,"packets-processed":371,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686408138334214,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM7r3AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":373,"packets-processed":372,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":373,"packets-processed":372,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686409062599010,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsRrC8TY5KcSm\/LN4C4AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686410047846257,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrC3RfKOdRW27NtkvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":375,"packets-processed":374,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":375,"packets-processed":374,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686412803511471,"pkt":"bs1PogZtPJTVQTiBCABFCABLZYcAACQRXt\/jhlHUWpG0OtZLAasAN0c1AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":376,"packets-processed":375,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":376,"packets-processed":375,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686413757609123,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsRrCstg6GYunDKNcK0AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1792,7 +1792,7 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414114295045,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgeGtJCVWpG0OsMfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414114295045,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":49951,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414638495400,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAO8RDcy4tKjwVW80OaZBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1801,7 +1801,7 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686415196829472,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrB3SfJyVpZBUPqOnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686415196829472,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"165.144.84.62","src_port":41895,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":380,"packets-processed":379,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":380,"packets-processed":379,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418497785828,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREf22tHiLpXLKPbEBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1810,7 +1810,7 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418806265572,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsRrCfQe7CaWo0lOORZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418806265572,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":58457,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686419691124244,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLEswAACQRsZcbhqncVW80OZYtAasAN4dQAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1819,17 +1819,17 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686420033978573,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTTvZI2ZSm\/LN7ntAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":384,"packets-processed":383,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":384,"packets-processed":383,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686427429600756,"pkt":"AAwp30Y4PJTVQTiBCABFAABLrRoAACYRJv+deYJ1pZBUPh0uAasANxH+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":385,"packets-processed":384,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":385,"packets-processed":384,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686431866256173,"pkt":"AAwp30Y4PJTVQTiBCABFCABLx8kAACQR\/KIk523ZWm\/UMsCnAasAN1zfAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686435052414223,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX1HRLKcHWm\/UMs9oAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1838,7 +1838,7 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686435200937981,"pkt":"AAwp30Y4PJTVQTiBCABFCABLhnIAACQRPfdjx03TpZBUPrMFAasAN2p+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435200937981,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.144.84.62","src_port":45829,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":388,"packets-processed":387,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":388,"packets-processed":387,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686438148010499,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSAABAAOsRy+HXMP3JVW80Oa69AasAPg9AAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1887,7 +1887,7 @@
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438220823551,"flow_src_last_pkt_time":1686438220823551,"flow_dst_last_pkt_time":1686438220823551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.147.171.51","src_port":42457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438209212158,"flow_src_last_pkt_time":1686438209212158,"flow_dst_last_pkt_time":1686438209212158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.141.37.56","src_port":50630,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438308618262,"flow_src_last_pkt_time":1686438308618262,"flow_dst_last_pkt_time":1686438308618262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.114.202.61","src_port":53506,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":397,"packets-processed":396,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":397,"packets-processed":396,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686442660761538,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXpQs8udNunDKNcRVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1902,17 +1902,17 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686443032934623,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbWgl6mQgWpG0Ot3tAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":399,"packets-processed":398,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":399,"packets-processed":398,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686443411193185,"pkt":"3jHC4dyOPJTVQTiBCABFCABLjXwAACQRNugbhqncWo0lOKwWAasAN3FoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":400,"packets-processed":399,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":400,"packets-processed":399,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686448122797857,"pkt":"ipffLU2SPJTVQTiBCABFCABSQJAAAGsR1glDnxCWSm\/LN7SpAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686453545484404,"pkt":"ipffLU2SPJTVQTiBCABFCABLA5wAACQRwMwbhqncSm\/LN\/r7AasANyKHAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1921,7 +1921,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454040614924,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+VZxAADMRS4lYRyo6pZBUPjxoAasAKox5AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454040614924,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"88.71.42.58","dst_ip":"165.144.84.62","src_port":15464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":403,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":403,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454835524989,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+jJRAADMRFJq\/Pts5unDKNXIrAasAKla\/AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1930,7 +1930,7 @@
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455045546385,"pkt":"bpHurUgdPJTVQTiBCABFAAA+lIxAADMRDKe+Ryo2RW27NrkEAasAKg\/rAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455045546385,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"190.71.42.54","dst_ip":"69.109.187.54","src_port":47364,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":405,"packets-processed":404,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":405,"packets-processed":404,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455864946730,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+EMNAADMRkF2mPsU8pXLKPYsWAasAKj3GAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1939,7 +1939,7 @@
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456361937981,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GgRAADMRhy2\/Pts5Wm\/UMkj9AasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456361937981,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"90.111.212.50","src_port":18685,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":407,"packets-processed":406,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":407,"packets-processed":406,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456730972924,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+jhRAADMRExhYRtQ4VW80Of31AasAKsryAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1953,27 +1953,27 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456819293547,"flow_src_last_pkt_time":1686456819293547,"flow_dst_last_pkt_time":1686456819293547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"184.199.42.59","dst_ip":"90.141.37.56","src_port":42047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686457611262806,"pkt":"ipffLU2SPJTVQTiBCABFAAA+elpAADMRJtihPto0Sm\/LN5DlAasAKjgJAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":411,"packets-processed":410,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":411,"packets-processed":410,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686459303680190,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZLCK99qpXLKPddmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":412,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":412,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686460297406877,"pkt":"moT+\/Ph8PJTVQTiBCABFAABL8BcAACYR5Ajinvx\/VW80OYHnAasAN61LAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":413,"packets-processed":412,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":413,"packets-processed":412,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686461245285022,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNY01AasAJV1CAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686462756222356,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPbDuAasAJTmBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -1986,7 +1986,7 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686463232786177,"pkt":"AAwp30Y4PJTVQTiBCABFAABLPb8AACYRlmBdZnxwWpOrMyrYAasANwRaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463232786177,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.147.171.51","src_port":10968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463066276572,"flow_src_last_pkt_time":1686463066276572,"flow_dst_last_pkt_time":1686463066276572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":45056,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":417,"packets-processed":416,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":417,"packets-processed":416,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686463744473624,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSfAasAJRXWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2000,7 +2000,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686464114985492,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NsnbAasAJSCdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686464114985492,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":51675,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463955005585,"flow_src_last_pkt_time":1686463955005585,"flow_dst_last_pkt_time":1686463955005585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":59262,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465127922786,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRYA6u7UCwWo0lOMBCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2013,23 +2013,23 @@
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465448467764,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80Od+dAasAJQrXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":423,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":423,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686466394503634,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcTB2\/zdWpOrM8nCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465406790123,"flow_src_last_pkt_time":1686465406790123,"flow_dst_last_pkt_time":1686465406790123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":57345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":424,"packets-processed":423,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":424,"packets-processed":423,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686467393700733,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN6DcAasAJUmdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":425,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":425,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686469130125468,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMp9RAasAJUspAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686473127013443,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX\/muEiDgSm\/LN9AYAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2038,22 +2038,22 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686473724125289,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrCDthLCIRW27NubXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":428,"packets-processed":427,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":428,"packets-processed":427,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686474011529942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbMMlJB\/SpZBUPtIfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":429,"packets-processed":428,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":429,"packets-processed":428,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686475183417032,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLWusAACIRb79b\/2t0VW80OYigAasAN5kkAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686475826792753,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXtkvMwDeRW27Ns\/GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":431,"packets-processed":430,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":431,"packets-processed":430,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686495926985957,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqinunGGXSm\/LN4u5AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2062,17 +2062,17 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686496447196573,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAO0REAmGtJCVVW80OYPRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":433,"packets-processed":432,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":433,"packets-processed":432,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686497167515992,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZf2S2hzWpOrM5CUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":434,"packets-processed":433,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":434,"packets-processed":433,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686499664191010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAO8RDcZGtG\/xpXLKPdQvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":435,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":435,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686501344601870,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqjATY5KcWm\/UMuhXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2085,72 +2085,72 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501359797956,"flow_src_last_pkt_time":1686501359797956,"flow_dst_last_pkt_time":1686501359797956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":46227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503041221893,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOJLDAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":439,"packets-processed":438,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":439,"packets-processed":438,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503642111524,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAO8RDc9GtG\/xRW27NsvYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":440,"packets-processed":439,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":440,"packets-processed":439,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686504303052084,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYz2S2hzpZBUPp26AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":441,"packets-processed":440,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":441,"packets-processed":440,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686509878709062,"pkt":"AAwp30Y4PJTVQTiBCABFBABSCXBAACIRPHOKEvx4pXLKPS0pAasAPkHRAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686512676583485,"pkt":"3jHC4dyOPJTVQTiBCABFCABLlmEAACQRLg7boGXRWo0lONbuAasAN0abAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":443,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":443,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686513474297518,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbVpC5KY3RW27NskPAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":444,"packets-processed":443,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":444,"packets-processed":443,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686525113247519,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXums7ZjRWpOrM89lAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686526077263977,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX9pSE1jcunDKNcNGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686529340012662,"pkt":"3jHC4dyOPJTVQTiBCABFCABLCXUAACIRwTynB5p9Wo0lOAnqAasANxfiAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":447,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":447,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686547842864988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXqPOzBhaWm\/UMtMpAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":448,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":448,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686548676434879,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbM+5IUHQSm\/LN85CAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":449,"packets-processed":448,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":449,"packets-processed":448,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686549393930759,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQj4AACQRhmwj\/EVxunDKNW7WAasAN7LuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686554987062980,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXvwv7PjnWo0lOM75AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686556816084247,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4GtoQqtWm\/UMquUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2164,7 +2164,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557322938004,"flow_src_last_pkt_time":1686557322938004,"flow_dst_last_pkt_time":1686557322938004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"191.184.52.78","dst_ip":"90.111.212.50","src_port":64609,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556919146434,"flow_src_last_pkt_time":1686556919146434,"flow_dst_last_pkt_time":1686556919146434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"185.213.154.138","dst_ip":"165.114.202.61","src_port":52528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Mullvad","proto_by_ip_id":348,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686557572392407,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+j2xAADMREeWnQdRQpZBUPg4NAasAKrsAAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2173,7 +2173,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558124354447,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+H7dAADMRgZO5PsRKpXLKPcU1AasAKgPRAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558124354447,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"185.62.196.74","dst_ip":"165.114.202.61","src_port":50485,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":456,"packets-processed":455,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":456,"packets-processed":455,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558422116551,"pkt":"bs1PogZtPJTVQTiBCABFAAA+YlBAADMRPwOnQdRQWpG0OiKYAasAKqZ3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2186,7 +2186,7 @@
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558852064997,"flow_src_last_pkt_time":1686558852064997,"flow_dst_last_pkt_time":1686558852064997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"64.64.43.81","dst_ip":"90.141.37.56","src_port":58560,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558440675193,"flow_src_last_pkt_time":1686558440675193,"flow_dst_last_pkt_time":1686558440675193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"74.111.203.55","src_port":46615,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":459,"packets-processed":458,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":459,"packets-processed":458,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559367388486,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+tTJAADMR7B1BRitLVW80OWEkAasAKmfoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2195,7 +2195,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559497105642,"pkt":"bpHurUgdPJTVQTiBCABFAAA+H+JAADMRgXenQdRQRW27Nj+eAasAKol3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559497105642,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"69.109.187.54","src_port":16286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":461,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":461,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686559998830359,"pkt":"ipffLU2SPJTVQTiBCABFAABLXmYAACYRdcAid3p+Sm\/LNwpHAasANyTyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2205,7 +2205,7 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686560166108940,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXo\/TMphPpZBUPtg8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560166108940,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"211.50.152.79","dst_ip":"165.144.84.62","src_port":55356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":463,"packets-processed":462,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":463,"packets-processed":462,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686560793652859,"pkt":"xmjqc4OdPJTVQTiBCABFCAA11DEAAPERM36toQqtunDKNbHjAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2224,14 +2224,14 @@
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":467,"packets-processed":466,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":467,"packets-processed":466,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686562035943293,"pkt":"bs1PogZtPJTVQTiBCABFAABLyDkAACcRCuPigHp2WpG0OuRgAasAN0rOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":468,"packets-processed":467,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":468,"packets-processed":467,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686565369552713,"pkt":"AAwp30Y4PJTVQTiBCABFAABL95AAACcR25EiZn14pXLKPch8AasAN2a4AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2240,13 +2240,13 @@
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686565439403208,"pkt":"AAwp30Y4PJTVQTiBCABFBAA11DEAAOURP3utoQqtpZBUPqVAAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00995{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686572533804714,"pkt":"bs1PogZtPJTVQTiBCABFCAA11DEAAPERM3mtoQqtWpG0Os9oAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":471,"packets-processed":470,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":471,"packets-processed":470,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686582591141391,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRCxGGtJCVVW80OcpwAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2259,17 +2259,17 @@
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686583068043463,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpTYtg6GYWm\/UMuIEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582817928624,"flow_src_last_pkt_time":1686582817928624,"flow_dst_last_pkt_time":1686582817928624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":35531,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686583896993524,"pkt":"3jHC4dyOPJTVQTiBCABFBAA11DEAAOURP4CtoQqtWo0lOOu5AasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":475,"packets-processed":474,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":475,"packets-processed":474,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686585375283341,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpScQY5OSWo0lOOzQAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":476,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":476,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586012577392,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRCwa2tHiLpZBUPsWjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2278,22 +2278,22 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586604126248,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPeRUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686588963792964,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRpS3SfJyVRW27Ns7DAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":479,"packets-processed":478,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":479,"packets-processed":478,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686590370864320,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPIRCxSGtJCVunDKNeIfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":480,"packets-processed":479,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":480,"packets-processed":479,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591026824273,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAO0RD9G4tKjwSm\/LN96IAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":481,"packets-processed":480,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":481,"packets-processed":480,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591654230904,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpSYQg7+QWpG0OuDbAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2302,27 +2302,27 @@
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592164666841,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM3atoQqtpXLKPYGrAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":483,"packets-processed":482,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":483,"packets-processed":482,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592363602889,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4KtoQqtWpOrM74wAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":484,"packets-processed":483,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":484,"packets-processed":483,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686596322335333,"pkt":"AAwp30Y4PJTVQTiBCABFCABLns0AACQRJZHnJlLdpZBUPqE1AasAN3xDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":485,"packets-processed":484,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":485,"packets-processed":484,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686602955779893,"pkt":"bpHurUgdPJTVQTiBCABFCABLVG4AACIRdj0j\/EVxRW27NjddAasAN+poAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686608660321945,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXtitE9\/aVW80OdT\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":487,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":487,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686612659801075,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXtrQ8\/jUWpG0OsuIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2331,12 +2331,12 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686613204876638,"pkt":"AAwp30Y4PJTVQTiBCABFCABL8UEAACIR2W0nO4t5pXLKPUanAasAN9siAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686615481954219,"pkt":"bpHurUgdPJTVQTiBCABFCAA11DEAAPERM3+toQqtRW27NoFHAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":490,"packets-processed":489,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":490,"packets-processed":489,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686616634395567,"pkt":"moT+\/Ph8PJTVQTiBCABFBAA11DEAAOURP3+toQqtVW80OaXxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2345,12 +2345,12 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686617105964842,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgVG0kSqWm\/UMsPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":492,"packets-processed":491,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":492,"packets-processed":491,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686621073847677,"pkt":"bs1PogZtPJTVQTiBCABFCABLfhMAACIRTJ3jx1p6WpG0OsoRAasAN1e5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":493,"packets-processed":492,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":493,"packets-processed":492,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686621999752750,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdmh54D1Sm\/LN930AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2359,22 +2359,22 @@
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686622450094352,"pkt":"ipffLU2SPJTVQTiBCABFBAA11DEAAOURP4StoQqtSm\/LN9dbAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686623052095688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLa\/IAACQRWHZjx03TpXLKPTeOAasAN+X0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":496,"packets-processed":495,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":496,"packets-processed":495,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686623787230359,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcPeKQfeWpOrM9qiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686625900350760,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbc1ZHF\/5pZBUPt2GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":498,"packets-processed":497,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":498,"packets-processed":497,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686628530442979,"pkt":"ipffLU2SPJTVQTiBCABFAAA+QgFAADQR6spVL+CrSm\/LNz+4AasAKhXQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2387,12 +2387,12 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629067407805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+joxAADQRnjdKjiiuWo0lOCkgAasAKixgAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628814387687,"flow_src_last_pkt_time":1686628814387687,"flow_dst_last_pkt_time":1686628814387687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"165.144.84.62","src_port":46040,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":501,"packets-processed":500,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":501,"packets-processed":500,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629318462692,"pkt":"bpHurUgdPJTVQTiBCABFAAA+O+VAADQR8QlVrliaRW27NlAYAasAKgWTAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629919351142,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+qEdAADQRhJOq7qiPVW80OfQMAasAKmGKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2408,29 +2408,29 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630458164673,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+D4ZAADQRHSyq8yi6pXLKPYrIAasAKsqlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":506,"packets-processed":505,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":506,"packets-processed":505,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630725136169,"pkt":"bs1PogZtPJTVQTiBCABFAAA+gpBAADQRqlxK7xCcWpG0OrWAAasAKqAoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630430100534,"flow_src_last_pkt_time":1686630430100534,"flow_dst_last_pkt_time":1686630430100534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"90.111.212.50","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":507,"packets-processed":506,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":507,"packets-processed":506,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686633699223089,"pkt":"AAwp30Y4PJTVQTiBCABFCABL7LwAACIR3egjAGRzpZBUPrX8AasAN2vDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":508,"packets-processed":507,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":508,"packets-processed":507,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686635615867515,"pkt":"AAwp30Y4PJTVQTiBCABFCABLHKcAACQRp8jjhlHUWpOrM0SGAasAN9kDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":509,"packets-processed":508,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":509,"packets-processed":508,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686645708313834,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbhVdJCOIpXLKPd0YAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648509180305,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXu5MMof1Wo0lOMp8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2439,17 +2439,17 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648822385793,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOVFJOfmRW27NthOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":512,"packets-processed":511,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":512,"packets-processed":511,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686659729108378,"pkt":"3jHC4dyOPJTVQTiBCABFCABSFQsAAO0Rd7F6eqcJWo0lOKp+AasAPpZZAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686665626336271,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPb1yAasAJSz9AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666893687687,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OowIAasAJV5qAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2458,7 +2458,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666997632966,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NpV4AasAJVUAAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666997632966,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":38264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":516,"packets-processed":515,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":516,"packets-processed":515,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686668729813725,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OcD8AasAJSl4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2468,7 +2468,7 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686668903038990,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTfvg6CYWpOrM57NAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668903038990,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"239.131.160.152","dst_ip":"90.147.171.51","src_port":40653,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686669522645622,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPoHAAasAJWiwAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2481,7 +2481,7 @@
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686669802055928,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpSnthLCISm\/LN8hOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686670236730839,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcTJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2495,7 +2495,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686670830957645,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNbxnAasAJS4QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670830957645,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":48231,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670733471596,"flow_src_last_pkt_time":1686670733471596,"flow_dst_last_pkt_time":1686670733471596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":51457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":524,"packets-processed":523,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":524,"packets-processed":523,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686671088394461,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN9lqAasAJREPAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2505,12 +2505,12 @@
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686671667122633,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDNFGtG\/xWm\/UMuPMAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":526,"packets-processed":525,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":526,"packets-processed":525,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686672644862134,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMrDWAasAJTmkAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":527,"packets-processed":526,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":527,"packets-processed":526,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686675995117787,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRCZPItJByRW27NtUaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2523,43 +2523,43 @@
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686676562888350,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOOAVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686680332589205,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdzCF\/nzSm\/LN9XVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":531,"packets-processed":530,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":531,"packets-processed":530,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686682695732816,"pkt":"AAwp30Y4PJTVQTiBCABFAABL3fsAACcR9RylgP10pZBUPtBuAasAN168AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":532,"packets-processed":531,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":532,"packets-processed":531,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686684959984610,"pkt":"xmjqc4OdPJTVQTiBCABFAABLbxIAACcRZBadePx7unDKNS7OAasANwBtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":533,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":533,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686700828543151,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRYDBP0l+SpXLKPdXIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686703749016048,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbFq5H5kyunDKNcajAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":535,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":535,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686704612212174,"pkt":"3jHC4dyOPJTVQTiBCABFAABLT2YAACcRg7wid3p+Wo0lOIfrAasAN6dJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":536,"packets-processed":535,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":536,"packets-processed":535,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686705292730193,"pkt":"bpHurUgdPJTVQTiBCABFAABSlN0AAPMR8Cz9cOhbRW27NpxzAasAPqKqAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709262177735,"pkt":"AAwp30Y4PJTVQTiBCABFAABLpjwAACcRLOViZ\/1zWm\/UMrpnAasAN3TMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2568,7 +2568,7 @@
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709804807056,"pkt":"ipffLU2SPJTVQTiBCABFCABL1UgAACER9mnk\/1R3Sm\/LN\/BTAasANzF5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709804807056,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"228.255.84.119","dst_ip":"74.111.203.55","src_port":61523,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":539,"packets-processed":538,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":539,"packets-processed":538,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713625992470,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXoSy8P8iRW27Nta0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2577,12 +2577,12 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713856291158,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbY1Z7HpkWpG0OsrWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":541,"packets-processed":540,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":541,"packets-processed":540,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686714599962630,"pkt":"bpHurUgdPJTVQTiBCABFAABLYvQAACcRcDOagXt8RW27NojxAasAN6ZIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":542,"packets-processed":541,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":542,"packets-processed":541,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686715614560571,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxe4AACIRBL8j\/EVxWm\/UMu5VAasANzNyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2591,7 +2591,7 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686716172395855,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbTxe0sIfVW80OdC4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686716172395855,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"94.210.194.31","dst_ip":"85.111.52.57","src_port":53432,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":544,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":544,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717273049688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLtG0AACQRD\/vnJlLdWm\/UMkI5AasAN9tJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2600,12 +2600,12 @@
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717773171081,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLaxoAACQRWUtYH27bVW80OZqoAasAN4LXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686720855584550,"pkt":"bpHurUgdPJTVQTiBCABFCABLQSYAACQRg0fn33nVRW27Ng\/CAasANw3GAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":547,"packets-processed":546,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":547,"packets-processed":546,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722365950548,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+bGJAADQRNItAPySLpXLKPcKxAasAKgb4AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2623,7 +2623,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722933062511,"pkt":"bpHurUgdPJTVQTiBCABFAAA+udZAADQR5x9APySLRW27NsKxAasAKgcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722933062511,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"69.109.187.54","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722723892485,"flow_src_last_pkt_time":1686722723892485,"flow_dst_last_pkt_time":1686722723892485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"90.147.171.51","src_port":14637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":551,"packets-processed":550,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":551,"packets-processed":550,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722979135224,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+JuRAADQRegS\/OSSHpZBUPnioAasAKlD8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2643,99 +2643,99 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723218825916,"flow_src_last_pkt_time":1686723218825916,"flow_dst_last_pkt_time":1686723218825916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"85.111.52.57","src_port":45266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723156732545,"flow_src_last_pkt_time":1686723156732545,"flow_dst_last_pkt_time":1686723156732545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"74.111.203.55","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":555,"packets-processed":554,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":555,"packets-processed":554,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686723785197536,"pkt":"3jHC4dyOPJTVQTiBCABFAAA++PJAADQRp\/m4wTqGWo0lOFNsAasAKnY8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":556,"packets-processed":555,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":556,"packets-processed":555,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686725098326675,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXmQz8sA6pZBUPssVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":557,"packets-processed":556,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":557,"packets-processed":556,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686725813807299,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+QzNAADQRXblAwcSFunDKNbLEAasAKhbkAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":558,"packets-processed":557,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":558,"packets-processed":557,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686729365919386,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbbu5Hf3PWo0lONgMAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":559,"packets-processed":558,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":559,"packets-processed":558,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686732302782823,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXyExMUepWpOrM95sAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":560,"packets-processed":559,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":560,"packets-processed":559,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686734552484911,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUTGF1kcWm\/UMteLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686745116214925,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQo0AACQRgdjnJlLdunDKNYGCAasAN5v9AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148551,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148564,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148564,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":564,"packets-processed":563,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":564,"packets-processed":563,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352182,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352185,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352185,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":566,"packets-processed":565,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":566,"packets-processed":565,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686782629632128,"pkt":"AAwp30Y4PJTVQTiBCABFCABLh+kAACIRQr6fPLR2pXLKPZovAasAN4eSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":567,"packets-processed":566,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":567,"packets-processed":566,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686783435918307,"pkt":"AAwp30Y4PJTVQTiBCABFCABL9voAACIR06ykwFt1pZBUPqE7AasAN4CGAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":568,"packets-processed":567,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":568,"packets-processed":567,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686785007737222,"pkt":"bpHurUgdPJTVQTiBCABFCABLA0AAACQRwTOboKXQRW27Nse0AasAN1XZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":569,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":569,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686790507373750,"pkt":"xmjqc4OdPJTVQTiBCABFCABLxbwAACIRBPAjAGRzunDKNf5EAasANyOCAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686794003013015,"pkt":"AAwp30Y4PJTVQTiBCABFCABLrMYAACQRF6rn33nVWpOrMztCAasAN+JIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":571,"packets-processed":570,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":571,"packets-processed":570,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686799154433661,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbQVB2gagpXLKPddqAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":572,"packets-processed":571,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":572,"packets-processed":571,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686801707865988,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLmP8AACcROhldZnxwVW80OfvBAasANzNpAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":573,"packets-processed":572,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":573,"packets-processed":572,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686809757231212,"pkt":"3jHC4dyOPJTVQTiBCABFCABLKJcAACIRohgg+FR\/Wo0lOLDQAasAN3D5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686815428144220,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFFFGBs8Wm\/UMts1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":575,"packets-processed":574,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":575,"packets-processed":574,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686819439098098,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+YmVAADQRPoBAPtuCVW80OUQuAasAKoVzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2751,7 +2751,7 @@
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686819690034608,"pkt":"bpHurUgdPJTVQTiBCABFCABS21FAAC4Ros0JoKoaRW27NtFFAasAPuH0AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":579,"packets-processed":578,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":579,"packets-processed":578,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820137258813,"pkt":"bs1PogZtPJTVQTiBCABFAAA+CBNAADQRmNRAwcSFWpG0Osi0AasAKgDvAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2765,7 +2765,7 @@
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820293978966,"flow_src_last_pkt_time":1686820293978966,"flow_dst_last_pkt_time":1686820293978966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"186.112.202.53","src_port":41896,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820163339870,"flow_src_last_pkt_time":1686820163339870,"flow_dst_last_pkt_time":1686820163339870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"90.141.37.56","src_port":51252,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820910359963,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+iNFAADQRGBe\/OSSHpZBUPpZIAasAKjNcAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2776,22 +2776,22 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821183061310,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+lolAADQRCl9BwcuBWo0lOPn2AasAKs+tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":584,"packets-processed":583,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":584,"packets-processed":583,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821576328540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+edNAADQRJxlHvzWKpXLKPei+AasAKuDpAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686822857775383,"pkt":"ipffLU2SPJTVQTiBCABFAAA+b3NAADQRMYKgR9WMSm\/LN37iAasAKkrPAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686823539150971,"pkt":"ipffLU2SPJTVQTiBCABFAABLhjwAACcRTORiZ\/1zSm\/LN6HHAasAN41rAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686825966772504,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbU4h2Fo4pZBUPtxfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2804,18 +2804,18 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686826372484485,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtnBAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00989{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":590,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":590,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686827895727367,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbilBFN+XWpOrM8sJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":591,"packets-processed":590,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":591,"packets-processed":590,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686831590603565,"pkt":"AAwp30Y4PJTVQTiBCABFCABL3soAACQR5ZVYH27bpXLKPdRGAasAN0k0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":592,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":592,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834792524626,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX\/bOzrjxRW27NsSuAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2823,33 +2823,33 @@
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834822514899,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbYW+I+FZVW80Oc6DAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":594,"packets-processed":593,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":594,"packets-processed":593,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686835718979040,"pkt":"AAwp30Y4PJTVQTiBCABFCABL0T8AACQR8xzjB7LfpZBUPvdFAasANyYxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":595,"packets-processed":594,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":595,"packets-processed":594,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686837738680875,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbc0i1oDTSm\/LN8YLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":596,"packets-processed":595,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":596,"packets-processed":595,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686840095634071,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSMJwAAGsR5fhDnxCWVW80OawPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":597,"packets-processed":596,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":597,"packets-processed":596,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686840886120988,"pkt":"ipffLU2SPJTVQTiBCABFCABL2jYAACQR6jfn33nVSm\/LN5SAAasAN4kIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":598,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":598,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686854380719448,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbEHa4XwdRW27NsydAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":599,"packets-processed":598,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":599,"packets-processed":598,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686869889080815,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN7ipAasAJTHQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2858,17 +2858,17 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686870203714333,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtoxLaDXpXLKPcuOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686871454458967,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Ntr1AasAJQ+DAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":602,"packets-processed":601,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":602,"packets-processed":601,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686873049876707,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":603,"packets-processed":602,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":603,"packets-processed":602,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686874733087762,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSDAasAJRXyAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2877,47 +2877,47 @@
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686875253404813,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLoTQAACIRKX2Y\/6p8VW80ORc1AasANwqXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":605,"packets-processed":604,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":605,"packets-processed":604,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686875903844766,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMqN5AasAJUcBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":606,"packets-processed":605,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":606,"packets-processed":605,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686876990016671,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPdn5AasAJRB2AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":607,"packets-processed":606,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":607,"packets-processed":606,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686878041820268,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPuoiAasAJQBOAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":608,"packets-processed":607,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":608,"packets-processed":607,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686879129948527,"pkt":"AAwp30Y4PJTVQTiBCABFAABLl1IAACcRO9qdePx7WpOrM6cwAasAN4gOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686883384416005,"pkt":"AAwp30Y4PJTVQTiBCABFCABLS3QAACMRefObuV3XpZBUPj6fAasAN97iAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":610,"packets-processed":609,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":610,"packets-processed":609,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686884068384734,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX1OuMgcLunDKNcCGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":611,"packets-processed":610,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":611,"packets-processed":610,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686887976934834,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbRJZ1jiBSm\/LN9NxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":612,"packets-processed":611,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":612,"packets-processed":611,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686889052799486,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbgOm0SSoWo0lONXtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":613,"packets-processed":612,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":613,"packets-processed":612,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686891665856707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+4yBAADQRvaRGvyW9WpG0OtJrAasAKvcVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2941,12 +2941,12 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891994836858,"flow_src_last_pkt_time":1686891994836858,"flow_dst_last_pkt_time":1686891994836858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.144.84.62","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891861875895,"flow_src_last_pkt_time":1686891861875895,"flow_dst_last_pkt_time":1686891861875895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"69.109.187.54","src_port":28945,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891930334421,"flow_src_last_pkt_time":1686891930334421,"flow_dst_last_pkt_time":1686891930334421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":618,"packets-processed":617,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":618,"packets-processed":617,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686893335451836,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+KW1AADQRd2JYP9q4unDKNeGgAasAKufqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686892196221763,"flow_src_last_pkt_time":1686892196221763,"flow_dst_last_pkt_time":1686892196221763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"95.185.37.180","dst_ip":"85.111.52.57","src_port":56601,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":619,"packets-processed":618,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":619,"packets-processed":618,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894095858225,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+DzlAADQRkZhfvtu5Wm\/UMv93AasAKsoVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2958,28 +2958,28 @@
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894627287214,"pkt":"ipffLU2SPJTVQTiBCABFAAA+zylAADQR0apAOMuySm\/LN+POAasAKuXBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686895136332318,"pkt":"bpHurUgdPJTVQTiBCABFAABLZR8AACcRbf1dZnxwRW27NqqgAasAN4SOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894584993003,"flow_src_last_pkt_time":1686894584993003,"flow_dst_last_pkt_time":1686894584993003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"90.147.171.51","src_port":43664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":623,"packets-processed":622,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":623,"packets-processed":622,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686900080044444,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbia5GyWcWpG0OtW4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":624,"packets-processed":623,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":624,"packets-processed":623,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686903641258422,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbOK61Z7hWm\/UMtEvAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":625,"packets-processed":624,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":625,"packets-processed":624,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686910566541526,"pkt":"3jHC4dyOPJTVQTiBCABFCABL+kUAACIR0GunB5p9Wo0lONlaAasAN0hxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="}
 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":626,"packets-processed":625,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":626,"packets-processed":625,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686916643605858,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZlG2LpnWpOrM8wbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2987,7 +2987,7 @@
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686916678686629,"pkt":"AAwp30Y4PJTVQTiBCABFCABS3OcAAGsROahDnxCWpXLKPWbPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"}
 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":628,"packets-processed":627,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":628,"packets-processed":627,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686918716711404,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbEQ6FkMWVW80Oct8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="}
 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
@@ -2998,7 +2998,7 @@
 00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":629,"packets-processed":629,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":629,"packets-processed":629,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 629/629
 ~~ skipped flows.............: 0
@@ -3007,8 +3007,8 @@
 ~~ total active/idle flows...: 621/621
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6862854 bytes
-~~ total memory freed........: 6862854 bytes
+~~ total memory allocated....: 6872798 bytes
+~~ total memory freed........: 6872798 bytes
 ~~ total allocations/frees...: 93309/93309
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 553 chars
diff --git a/test/results/default/ssdp-m-search-ua.pcap.out b/test/results/default/ssdp-m-search-ua.pcap.out
index 987983472..3a599d9d4 100644
--- a/test/results/default/ssdp-m-search-ua.pcap.out
+++ b/test/results/default/ssdp-m-search-ua.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648315275444157}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648315275444157}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315275444157,"pkt":"AQBef\/\/68C9LCZO8CABFAADKnWgAAAEReOXAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"}
 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
@@ -7,7 +7,7 @@
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648315277449906,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315277449906,"pkt":"AQBef\/\/68C9LCZO8CABFAADKWrMAAAERu5rAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315278446168,"pkt":"AQBef\/\/68C9LCZO8CABFAADKE\/4AAAERAlDAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315278446168,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648315278446168}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648315278446168}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498097 bytes
-~~ total memory freed........: 5498097 bytes
+~~ total memory allocated....: 5498121 bytes
+~~ total memory freed........: 5498121 bytes
 ~~ total allocations/frees...: 85864/85864
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 578 chars
+~~ json message min len.......: 576 chars
 ~~ json message max len.......: 984 chars
-~~ json message avg len.......: 777 chars
+~~ json message avg len.......: 776 chars
diff --git a/test/results/default/ssdp-m-search.pcap.out b/test/results/default/ssdp-m-search.pcap.out
index 32dfbbea7..ba1746f47 100644
--- a/test/results/default/ssdp-m-search.pcap.out
+++ b/test/results/default/ssdp-m-search.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532054645808785}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532054645808785}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054645808785,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}}
@@ -9,7 +9,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532054665808769,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054665808769,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxfl5AAEARVgTAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054700808779,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054700808779,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054735808753,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054735808753,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1532054735808753}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1532054735808753}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498496 bytes
-~~ total memory freed........: 5498496 bytes
+~~ total memory allocated....: 5498520 bytes
+~~ total memory freed........: 5498520 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 555 chars
diff --git a/test/results/default/ssh.pcap.out b/test/results/default/ssh.pcap.out
index e8368e303..1edea45ff 100644
--- a/test/results/default/ssh.pcap.out
+++ b/test/results/default/ssh.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1320435464760244}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1320435464760244}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1320435464760244,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1320435464760244,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1320435464760270,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="}
@@ -13,7 +13,7 @@
 01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464770779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":805,"midstream":0,"thread_ts_usec":1320435464770779,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}}
 02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435472330349,"flow_dst_last_pkt_time":1320435469423179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":1885,"midstream":0,"thread_ts_usec":1320435472330349,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":394614.2,"max":2907110,"stddev":888738.9,"var":789856780288.0,"ent":2.5,"data": [26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110]},"pktlen": {"min":52,"avg":158.7,"max":956,"stddev":230.1,"var":52961.8,"ent":4.1,"data": [64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196]},"bins": {"c_to_s": [12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671]},"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01230{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":99,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435713237065,"flow_dst_last_pkt_time":1320435713237024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":5109,"flow_dst_tot_l4_payload_len":13389,"midstream":0,"thread_ts_usec":1320435713237065,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1320435713237065}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1320435713237065}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 258/258
 ~~ skipped flows.............: 0
@@ -22,8 +22,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507507 bytes
-~~ total memory freed........: 5507507 bytes
+~~ total memory allocated....: 5507531 bytes
+~~ total memory freed........: 5507531 bytes
 ~~ total allocations/frees...: 86124/86124
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/ssl-cert-name-mismatch.pcap.out b/test/results/default/ssl-cert-name-mismatch.pcap.out
index 908fe1447..8a7ceb426 100644
--- a/test/results/default/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/default/ssl-cert-name-mismatch.pcap.out
@@ -1,5 +1,5 @@
-00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620643422034834}
+00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620643422034834}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422034834,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422034834,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422162607,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="}
@@ -10,7 +10,7 @@
 01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422325332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1408,"midstream":0,"thread_ts_usec":1620643422325332,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
 01548{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422325356,"flow_dst_last_pkt_time":1620643422325538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":3334,"midstream":0,"thread_ts_usec":1620643422325538,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","ja4":"t12d3810ht_845d1e55a368_7448b1316cd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422749798,"flow_dst_last_pkt_time":1620643422754639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":3608,"midstream":0,"thread_ts_usec":1620643422754639,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1620643422754639}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1620643422754639}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 21/21
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508847 bytes
-~~ total memory freed........: 5508847 bytes
+~~ total memory allocated....: 5508871 bytes
+~~ total memory freed........: 5508871 bytes
 ~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 560 chars
diff --git a/test/results/default/starcraft_battle.pcap.out b/test/results/default/starcraft_battle.pcap.out
index 5b046755b..6a4a9619e 100644
--- a/test/results/default/starcraft_battle.pcap.out
+++ b/test/results/default/starcraft_battle.pcap.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437389953643103}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437389953643103}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1437389953643103,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -85,8 +85,8 @@
 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1437389964848660,"flow_dst_last_pkt_time":1437389964848509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1437389964848660,"pkt":"hCYVPnXEIImEa8W6CABFAADjFwtAAIAG6wbAqAFkV\/jd\/g20AFApaAexwNDY71AYBACGigAAR0VUIC9zYzItcG9kLXJldGFpbC9BRjExQ0QwMC9FVS8yNDYyMS5kaXJlY3QvczItMzYyODEtQkEzNTZERDU3NTU3NzI4ODQzQ0FGNjNBMTJDNzlBQTMubWZpbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogQmxpenphcmQgV2ViIENsaWVudA0KSG9zdDogbGxudy5ibGl6emFyZC5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
 01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389964848660,"flow_dst_last_pkt_time":1437389964848509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389964848660,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"llnw.blizzard.com","http": {"url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1437389964848660,"flow_dst_last_pkt_time":1437389964906753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1437389964906753,"pkt":"IImEa8W6hCYVPnXECABFAAAowZRAAPUGzDdX+N3+wKgBZABQDbTA0NjvKWgIbFAQD\/7OOgAAAAAAAAAA"}
-01430{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389964848660,"flow_dst_last_pkt_time":1437389964921004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1437389964921004,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"llnw.blizzard.com","http": {"url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}}
-02397{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389964979632,"flow_dst_last_pkt_time":1437389964979854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":20440,"midstream":0,"thread_ts_usec":1437389964979854,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":12212.4,"max":72387,"stddev":23706.7,"var":562007808.0,"ent":2.8,"data": [58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234]},"pktlen": {"min":40,"avg":685.5,"max":1500,"stddev":719.0,"var":516967.3,"ent":4.1,"data": [52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500]},"bins": {"c_to_s": [15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.624014378,4.863714218,4.730640888,5.822455883,4.457919598,5.306115150,4.661768913,5.107864380,4.580640793,5.186793804,4.730640888,5.093457222,4.680640697,5.097416878,4.630640984,5.152558804,4.621928215,5.157567024,4.621928215,5.123836517,4.680641174,5.187242508,4.730640888,5.148094177,4.730640888,5.081175804,4.680641174,5.152382851,4.680641174,5.186464310,4.680641174,5.134456635]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01449{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389964848660,"flow_dst_last_pkt_time":1437389964921004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1437389964921004,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"llnw.blizzard.com","http": {"url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}}
+02416{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389964979632,"flow_dst_last_pkt_time":1437389964979854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":20440,"midstream":0,"thread_ts_usec":1437389964979854,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":74,"avg":12212.4,"max":72387,"stddev":23706.7,"var":562007808.0,"ent":2.8,"data": [58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234]},"pktlen": {"min":40,"avg":685.5,"max":1500,"stddev":719.0,"var":516967.3,"ent":4.1,"data": [52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500]},"bins": {"c_to_s": [15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.624014378,4.863714218,4.730640888,5.822455883,4.457919598,5.306115150,4.661768913,5.107864380,4.580640793,5.186793804,4.730640888,5.093457222,4.680640697,5.097416878,4.630640984,5.152558804,4.621928215,5.157567024,4.621928215,5.123836517,4.680641174,5.187242508,4.730640888,5.148094177,4.730640888,5.081175804,4.680641174,5.152382851,4.680641174,5.186464310,4.680641174,5.134456635]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389967432431,"flow_dst_last_pkt_time":1437389967432431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389967432431,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1437389967432431,"flow_dst_last_pkt_time":1437389967432431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437389967432431,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1437389967432431,"flow_dst_last_pkt_time":1437389967630455,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437389967630455,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"}
@@ -370,7 +370,7 @@
 00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389968487945,"flow_src_last_pkt_time":1437389968610372,"flow_dst_last_pkt_time":1437389968610342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389968487945,"flow_src_last_pkt_time":1437389968610372,"flow_dst_last_pkt_time":1437389968610342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1437389963466906,"flow_src_last_pkt_time":1437389963469428,"flow_dst_last_pkt_time":1437389963466906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":372,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":89,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389968014702,"flow_dst_last_pkt_time":1437389968014656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":124315,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01236{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":89,"flow_first_seen":1437389964790451,"flow_src_last_pkt_time":1437389968014702,"flow_dst_last_pkt_time":1437389968014656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":124315,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01168{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389954123062,"flow_src_last_pkt_time":1437389954123062,"flow_dst_last_pkt_time":1437389954123062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01168{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389955642290,"flow_src_last_pkt_time":1437389955642290,"flow_dst_last_pkt_time":1437389955642290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -380,7 +380,7 @@
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389955747893,"flow_src_last_pkt_time":1437389955747893,"flow_dst_last_pkt_time":1437389955800556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":82,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389956550428,"flow_src_last_pkt_time":1437389956550723,"flow_dst_last_pkt_time":1437389956605099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":198,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01219{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389968027107,"flow_dst_last_pkt_time":1437389968027078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":16,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_usec":1437389985996137}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":16,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_usec":1437389985996137}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 800/797
 ~~ skipped flows.............: 0
@@ -389,10 +389,10 @@
 ~~ total active/idle flows...: 52/52
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5661118 bytes
-~~ total memory freed........: 5661118 bytes
+~~ total memory allocated....: 5661961 bytes
+~~ total memory freed........: 5661961 bytes
 ~~ total allocations/frees...: 87336/87336
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 310 chars
-~~ json message max len.......: 2402 chars
-~~ json message avg len.......: 1356 chars
+~~ json message max len.......: 2421 chars
+~~ json message avg len.......: 1365 chars
diff --git a/test/results/default/steam.pcapng.out b/test/results/default/steam.pcapng.out
index 89d829fe8..11b23bea3 100644
--- a/test/results/default/steam.pcapng.out
+++ b/test/results/default/steam.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705442515175582}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705442515175582}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":1705442515175582,"pkt":"\/\/\/\/\/\/\/\/8C90rUP1CABFAADUuntAAEARTGbAqFjnwKhY\/2mcaZwAwDQJ\/\/\/\/\/yFMX6AWAAAACPzT8eO3vL\/PdhABGK\/Km6qggNnkApIAAAAICBAGGJzTASIJbG9jYWxob3N0MAI4yP7\/\/\/\/\/\/\/\/\/AUABSg4JNikQBgEAEAEQ3Z\/wMFgBYNL5m60GcAB6EUYwOjJGOjc0OkFEOjQzOkY1ogEOMTcyLjE3LjIyOS4xODSiAQ4xOTIuMTY4Ljg4LjIzMaoBDjE5NS4xOTEuMTU4Ljk0uAECwAEAyAHMxYetBtABAg=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442515175582,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":184,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442515175582,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -56,7 +56,7 @@
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1705442515175582,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442515175582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.255","src_port":27036,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"155.133.252.86","src_port":46604,"dst_port":27045,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SteamDatagramRelay","proto_id":"235","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1705442537191671,"flow_src_last_pkt_time":1705442537191671,"flow_dst_last_pkt_time":1705442537191671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":287,"midstream":0,"thread_ts_usec":1705442537191671,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"2.20.254.25","src_port":59739,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Steam","proto_id":"7.74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1705442537191671}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/steam.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":9722,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1705442537191671}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -65,8 +65,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529007 bytes
-~~ total memory freed........: 5529007 bytes
+~~ total memory allocated....: 5529127 bytes
+~~ total memory freed........: 5529127 bytes
 ~~ total allocations/frees...: 85993/85993
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/stomp.pcapng.out b/test/results/default/stomp.pcapng.out
index b9d64fe52..f2bd55965 100644
--- a/test/results/default/stomp.pcapng.out
+++ b/test/results/default/stomp.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705991300787923}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705991300787923}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300787923,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300787923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300787923,"pkt":"CAAnV5yX8C90rUP1CABFAAA8BTdAAEAGAofAqFjnwKhYxoes8K2uTxbxAAAAAKACfXgzLQAAAgQFtAQCCAo\/vGWFAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1705991300787923,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1705991300788027,"pkt":"8C90rUP1CAAnV5yXCABFAAA8AABAAEAGB77AqFjGwKhY5\/Cth6x7iEuQrk8W8qAS\/oiWyQAAAgQFtAQCCAq1pSADP7xlhQEDAwc="}
@@ -8,7 +8,7 @@
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705991300788235,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1705991300788235,"flow_dst_last_pkt_time":1705991300788283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1705991300788283,"pkt":"8C90rUP1CAAnV5yXCABFAAA0r4NAAEAGWELAqFjGwKhY5\/Cth6x7iEuRrk8XDYAQAf3CBQAAAQEICrWlIAQ\/vGWF"}
 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1705991300787923,"flow_src_last_pkt_time":1705991319806753,"flow_dst_last_pkt_time":1705991319806991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":111,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":1705991319806991,"l3_proto":"ip4","src_ip":"192.168.88.231","dst_ip":"192.168.88.198","src_port":34732,"dst_port":61613,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STOMP","proto_id":"390","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1705991319806991}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stomp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":486,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1705991319806991}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498524 bytes
-~~ total memory freed........: 5498524 bytes
+~~ total memory allocated....: 5498548 bytes
+~~ total memory freed........: 5498548 bytes
 ~~ total allocations/frees...: 85879/85879
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out
index 1dc803926..a90d37fff 100644
--- a/test/results/default/stun.pcap.out
+++ b/test/results/default/stun.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568718599876883}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568718599876883}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="}
@@ -7,7 +7,7 @@
 00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1595356443140497}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1595356443140497}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1595356443140497,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwL+tAAEAR+4LAqAypSn33gKgIDZYAHBBnAAEAACESpEJTSGtoRjhvZHdneVY="}
 00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356443140497,"flow_dst_last_pkt_time":1595356443140497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356443140497,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -22,7 +22,7 @@
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1595356444494918,"pkt":"CL6sCxdumt9Y+uvcCABFwABs98MAAEABcr7AqAypSn33gAMDDJoAAAAARQAAUAEJAABmEURFSn33gMCoDKkNlqgIADx61wEEACAhEqRCamF6aTYyTmZVRDV3AA0ABAAAAAAACAAUCDrQbj\/HZPzecgDWKnOqyyksqcs="}
 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.279952}}
 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1595356444494918,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1614938022295727}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1614938022295727}
 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="}
 00986{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -36,7 +36,7 @@
 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1629291451242856}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":3,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1629291451242856}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="}
 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -47,7 +47,7 @@
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="}
 02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1643626018009166}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1643626018009166}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="}
@@ -57,7 +57,7 @@
 00961{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}}
 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="}
 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1647958145472010}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1647958145472010}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"}
 00956{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -67,7 +67,7 @@
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="}
 02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1661169535535091}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1661169535535091}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"}
 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -78,7 +78,7 @@
 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535657522,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZk0RAAEAR2S7AqCuphuBab77WImEAxZayFv7\/AAAAAAAAAAEAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"}
 01149{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"t00d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc"}}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1661169535657522,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":8,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1697468908358667}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":18508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":8,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1697468908358667}
 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1697468908358667,"pkt":"eq+3+1HBILAB4IZiht1mBDreADwROyYAGQBBYFmZAAAAGQAAAAAgAQsHCj3BEkihEJQSJygeDZa73gA87sUBCQAgIRKkQktkZmJkWjJhZlo4bAAIABRFsDl4oh6bf+GLBENYf43S4VSdWIAoAASacRNB"}
 00981{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908358667,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908358667,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -86,7 +86,7 @@
 01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535657522,"flow_dst_last_pkt_time":1661169535617418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1697468908358667,"flow_src_last_pkt_time":1697468908376988,"flow_dst_last_pkt_time":1697468908358667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468908376988,"l3_proto":"ip6","src_ip":"2600:1900:4160:5999::19::","dst_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","src_port":3478,"dst_port":48094,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":18612,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1697468908376988}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":18612,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":3,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1697468908376988}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 200/200
 ~~ skipped flows.............: 0
@@ -95,8 +95,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525345 bytes
-~~ total memory freed........: 5525345 bytes
+~~ total memory allocated....: 5525497 bytes
+~~ total memory freed........: 5525497 bytes
 ~~ total allocations/frees...: 86154/86154
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
diff --git a/test/results/default/stun_classic.pcap.out b/test/results/default/stun_classic.pcap.out
index 5bc500ceb..859e22f85 100644
--- a/test/results/default/stun_classic.pcap.out
+++ b/test/results/default/stun_classic.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1343740773475497}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1343740773475497}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1343740773475497,"pkt":"AAwpNoBVAAQTMSCJCABFoAA4AABAAEARYv+sED\/grBA\/FdcKNoYAJLX1AAEACJQp74gpTdUmMscpMcuNu0wAAwAEAAAAAA=="}
 01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -9,7 +9,7 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519014,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKIHYgBKuFgTp+jg6ptkixFMgl8ob0pereNKsssPr4lzFXNo="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519635,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKGlAgBKuFwTp+tg6ptki+Hq86nrAqyROkV67ctF76o6uaf8="}
 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1343740773708889}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1343740773708889}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 22/22
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498611 bytes
-~~ total memory freed........: 5498611 bytes
+~~ total memory allocated....: 5498635 bytes
+~~ total memory freed........: 5498635 bytes
 ~~ total allocations/frees...: 85882/85882
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 559 chars
diff --git a/test/results/default/stun_dtls_rtp.pcapng.out b/test/results/default/stun_dtls_rtp.pcapng.out
index fa31f8da3..5cbaf16b7 100644
--- a/test/results/default/stun_dtls_rtp.pcapng.out
+++ b/test/results/default/stun_dtls_rtp.pcapng.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1669989925164266}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1669989925164266}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="}
 01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -9,7 +9,7 @@
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"}
 02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989926044388,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1669989926044388}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1669989926044388}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 39/39
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499104 bytes
-~~ total memory freed........: 5499104 bytes
+~~ total memory allocated....: 5499128 bytes
+~~ total memory freed........: 5499128 bytes
 ~~ total allocations/frees...: 85899/85899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 2349 chars
-~~ json message avg len.......: 1433 chars
+~~ json message avg len.......: 1432 chars
diff --git a/test/results/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/default/stun_dtls_rtp_unidir.pcapng.out
index 382fc9c67..f0150e8a3 100644
--- a/test/results/default/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/default/stun_dtls_rtp_unidir.pcapng.out
@@ -1,5 +1,5 @@
-00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449812497255265}
+00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449812497255265}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"}
 01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -18,7 +18,7 @@
 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1449812497496479,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1449812497496479,"pkt":"ACZs0wdDACZsIyatCABFAADMboRAAEARt44KAQADCgoAARbdCvgAuIfMABcAnCESpEKabwkxCgNoKDFqLpgAEwBsAAEAWCESpEJ+6j0VqO37x7qvJhcABgAZZWEydnJwQzRKd2NqQ0YwZToyNzBlMzkzZgAAAAAlAAAAJAAEbn4A\/4AqAAgAAAAAAAAAAQAIABSRSix2Wt+JeRYEja3Dcq7w4OuHlYAoAARIzREHABIACAABzHArEqTRgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInICc="}
 01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1449812504427110}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1449812504427110}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 43/43
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501448 bytes
-~~ total memory freed........: 5501448 bytes
+~~ total memory allocated....: 5501488 bytes
+~~ total memory freed........: 5501488 bytes
 ~~ total allocations/frees...: 85916/85916
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 577 chars
diff --git a/test/results/default/stun_dtls_unidirectional_client.pcap.out b/test/results/default/stun_dtls_unidirectional_client.pcap.out
index 492d1fab2..0dc18af95 100644
--- a/test/results/default/stun_dtls_unidirectional_client.pcap.out
+++ b/test/results/default/stun_dtls_unidirectional_client.pcap.out
@@ -1,5 +1,5 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975037261}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975037261}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761975037261,"pkt":"AAAA1W9UrOh7zGISCABFuACMS9UAAD8RCqYaUwlRISPfZ+DfAhwAeBxIAAEAXCESpEKZUujby\/MKtb8jCDoAJAAEfv\/\/\/4AqAAgAAAAAAAAAAAAGACE0RDJ1Z1BuQnpFMFJ3ejEvOldacWs5TytnaWo4YXp0TVQgICAACAAUvs4hyEIUQeaHuhq3F0UydHxRy82AKAAEFxfLgw=="}
 01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -10,7 +10,7 @@
 01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761975908886,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":873,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":873,"pkt_l4_len":839,"thread_ts_usec":1441761975908886,"pkt":"AAAA1W9UrOh7zGISCABFuANb39wAAD8Rc88aUwlRISPfZ+DfAhwDR3CWFv7\/AAAAAAAAAAEA8wsAAbwAAQAAAAAA5wABuQABtjCCAbIwggEboAMCAQACCQD0VYORJLQQeTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMB4XDTE1MDkwODAwNTYzOFoXDTE2MDkwODAwNTYzOFowGzEZMBcGA1UEAwwQTGl2ZUZvdW5kcnkgSW5jLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuyhRVMs+Bz5qXqjQxGuyubanVpTs60WsXdygsd2nIf4kvClwVquI8p1OxMqlgF8HlLijUgedsnTkkRmXmvipQaKNlBb+\/wAAAAAAAAACAOELAAG8AAEAAOcAANUnAKw\/TDJBOJEtFXJH4pn5j+EVPXFJwG0ewl7Y3I+QBvhsLsEcisVV6boyWBxnFqgDuk46QV\/oUQago8jLAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAbmuxjO+DGgTv9Cpvf7qVf5kLHqHELP9rky2H1P4GJ2nkhu32wLxDpHbNkCNXubBcoeKjifYW\/p7enSVXgJbHkC6K6K4pvbE6MpZEZziaHK+me7jcyIPcDIetLLB8DCmNWqBB1nwLfbv5oHQ\/sW4Fk7kc2N\/BnYBZnooBLXGA+QIW\/v8AAAAAAAAAAwBOEAAAQgACAAAAAABCQQRmi6ltyNjABc7J9cmLPyxxoFJaQFZGAdA4a0tDfgl\/OKIfL84oddpzdf6Kayr7\/BgOAKI24ob\/PlWf\/svbnjLBFv7\/AAAAAAAAAAQAjg8AAIIAAwAAAAAAggCAsV3MYNlV6t3t7wUcqu8HNVVy6F6itfNXpKr+SPzgWi5H+pHWgBnNYHji0+tD\/BDAG5eMCMDzQTG8jsgJXK5BB6Hr9Fe4qk2975dPYTHajbw52dKgFiq3UWDX4uFUP\/pzlqsiwXx3Mu39P5qXb6EHVSIE0\/ju6iWmEKcUmF\/7MZcU\/v8AAAAAAAAABQABARb+\/wABAAAAAAAAAEAMbAJX5zrSBaDIrFais+q41JcBYbEnW\/coGYBOyFA2dIufD7sV4lF\/Cqc3FzuF4ZsErUUG3QtWv\/gI2EBqztZC"}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976197146,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761976197146,"pkt":"AAAA1W9UrOh7zGISCABFuACQk6QAAD8RwtIaUwlRISPfZ+DfAhwAfLweAAEAYCESpEJrTB4zaBoKl1i8ZbIAJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFOc58IHgzuDAt1G6OOMDB5sPTvG4gCgABJMut1k="}
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761976198231,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":831,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1456,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976198231,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1441761976198231}
+00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1441761976198231}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500223 bytes
-~~ total memory freed........: 5500223 bytes
+~~ total memory allocated....: 5500247 bytes
+~~ total memory freed........: 5500247 bytes
 ~~ total allocations/frees...: 85868/85868
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 593 chars
+~~ json message min len.......: 591 chars
 ~~ json message max len.......: 1669 chars
-~~ json message avg len.......: 1116 chars
+~~ json message avg len.......: 1115 chars
diff --git a/test/results/default/stun_dtls_unidirectional_server.pcap.out b/test/results/default/stun_dtls_unidirectional_server.pcap.out
index 22edda12f..377f90ff1 100644
--- a/test/results/default/stun_dtls_unidirectional_server.pcap.out
+++ b/test/results/default/stun_dtls_unidirectional_server.pcap.out
@@ -1,5 +1,5 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975301582}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975301582}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975301582,"pkt":"AAAA1W9UACWeBue\/CABFAABckk9AAC8RlRMhI99nGlMJUQIc4N8ASKsWAQEALCESpEKZUujby\/MKtb8jCDoAIAAIAAHBzSQ2G6oACAAUOG6\/PReCUq3JlsJgMEqY8IjJzYmAKAAEznYIbw=="}
 01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -10,7 +10,7 @@
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761976174312,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1441761976174312,"pkt":"AAAA1W9UACWeBue\/CABFAAB3kwJAAC8RlEUhI99nGlMJUQIc4N8AY1hwFP7\/AAAAAAAAAAgAAQEW\/v8AAQAAAAAAAABAMEcyXPNODypMYT0Ssk4r7kdOXW+9U7+hCDxTj4d5TTNRdICHtbeHbXcfrCzPQpDaPm44sdeZ+qA0rw0R8k1fQA=="}
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976174318,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761976174318,"pkt":"AAAA1W9UACWeBue\/CABFAACMkwNAAC8RlC8hI99nGlMJUQIc4N8AeKyrAAEAXCESpEKP0YtwXMNQlfFxwRMAJAAEfv\/\/\/4ApAAgAAAAAAAAAAAAGACFXWnFrOU8rZ2lqOGF6dE1UOjREMnVnUG5CekUwUnd6MS8gICAACAAUiKI62VDnyBUKfHf8mnzR1DIkRoWAKAAEF76wAg=="}
 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761976462611,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976462611,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
-00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1441761976462611}
+00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1441761976462611}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502331 bytes
-~~ total memory freed........: 5502331 bytes
+~~ total memory allocated....: 5502355 bytes
+~~ total memory freed........: 5502355 bytes
 ~~ total allocations/frees...: 85872/85872
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 593 chars
+~~ json message min len.......: 591 chars
 ~~ json message max len.......: 1783 chars
-~~ json message avg len.......: 1182 chars
+~~ json message avg len.......: 1181 chars
diff --git a/test/results/default/stun_google_meet.pcapng.out b/test/results/default/stun_google_meet.pcapng.out
index 466ccb040..080ab8923 100644
--- a/test/results/default/stun_google_meet.pcapng.out
+++ b/test/results/default/stun_google_meet.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687685002250009}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687685002250009}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="}
 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -52,7 +52,7 @@
 01139{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01140{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":2,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1697468935898948}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":2,"total-updates":6,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1697468935898948}
 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"thread_ts_usec":1697468935898948,"pkt":"ILAB4IZieq+3+1HBht1gC69IAIQRQCABCwcKPcESSKEQlBInKB4gAUhgSGQABgAAAAAAAACBsgRLaQCETH0AAQBoIRKkQmtPaTNJMjc0OHB2QQAGAB95dzhscXc0TXhnSDhpZ29LQUFpS0FpQURFQTpOQUNFAMBXAAQAAwAKgCoACGra\/nXE2k9tACQABG5\/KP\/AWQACAAEAAAAIABSaw7PkfELbyrRWbnt+uUO3nio4h4AoAAQFm42R"}
 01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468935898948,"flow_src_last_pkt_time":1697468935898948,"flow_dst_last_pkt_time":1697468935898948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468935898948,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:48a1:1094:1227:281e","dst_ip":"2001:4860:4864:6::81","src_port":45572,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -68,7 +68,7 @@
 01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1697468936608486,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":362,"packets-processed":362,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1697468936608486}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":362,"packets-processed":362,"total-skipped-flows":0,"total-l4-payload-len":56433,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":6,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1697468936608486}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 362/362
 ~~ skipped flows.............: 0
@@ -77,8 +77,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5521503 bytes
-~~ total memory freed........: 5521503 bytes
+~~ total memory allocated....: 5521623 bytes
+~~ total memory freed........: 5521623 bytes
 ~~ total allocations/frees...: 86288/86288
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/stun_msteams_unidir.pcapng.out b/test/results/default/stun_msteams_unidir.pcapng.out
index 7f094e535..5cec026a3 100644
--- a/test/results/default/stun_msteams_unidir.pcapng.out
+++ b/test/results/default/stun_msteams_unidir.pcapng.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744005970632}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744005970632}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1618744005970632,"pkt":"AAAAAAAAAAUA5TB2CABFAABkOG0AAG4RTXE0c4g3CgAAAQ2Xw1YAUAESAQEANCESpEJWcAnCrgDmmNmPAZCAcAAEAAAABwAgAAgAAeJEc6CbOQAIABQIHBh8TPkDR23jBTje41VGgqHl0IAoAARRPQxU"}
 01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -8,7 +8,7 @@
 02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744006480360,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480360,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHIAAG4RSPU0c4g3CgAAAQ2Xw1YEx\/GBgMkBKwAAA+gk6GdnQrq1sxg2rp3tQsLgw0gVWymTaLOvFHT9ui9D7gDmu\/IOxaHejjGputpbrUbXgAbO8Er99xmHrDIMUbUtyv51Hl7AneuGh6Dd2p5b\/VwN4FXKvV+F+9SbOhEAXHBCYBh8VFS+gkvRvb5DM05KtlLw3IlGYKJIjBf+U9MtVgNdPrr\/SUHwUJnVhqaFyMbeFNwwwjKt6W2sHlQ72rrpPBq4S3rd+Oe6kEb1pEYreq6bW1jEGHdkOV0iMK0Jrk+7Mr\/iAK1zlpK6Lr\/o+CIxRNeX3vLHLOFk63nkefy0IYKoOev6VK0c2oTcvttvlpvT4nuVeCtO34N9H1eF6gZ5iQfmgYZnv8JY6Gse5CnhCmALTKVCNIzytzsvQP5nntxH1Re9YTf38i1Wn7vQ3q\/GsfKaeEQFnApXe7KiW0ezdf7Wa1SQ\/gCnbIJs2390UpYixvatPIUurguPoVkFZUWMx21eEdysM9loFemtygvGTTFEr6TVPztELotocBHR05nFbKhmEumGH0VD11Z9Zn00I6Qcy9GrBja9dX7AMG9MWIh6dO1uT6Q7K32st76EZcJMPK6jf2mRRu2rmKjvy3iyMJI4zao8WBQ+RS\/q1HkmDaQQfOMGlzLEy24bXJ6bl6jeHzl0VrhmJ5lIBGm6YxLbNAWKJK7pW\/1+e9nAUIpqcna3GU7DZqjcDQYLYcYGbYl9MxJ8yJtwv8TUlEzOgeoR6gLH8odQhnVskEi9WnOkrb0FXzeU5vpLKLTevAisomyWbIJAQXW1jmnCMnZsU9bXqz6gsW9rOvE8aIwRLWzn72RU+B+rD13+E7VdNEQu+CxTs0HXh5eswjm+jKjiL4XIN+B1HyAFjm7gfxpPZVA0VXGgVxcb6ECAUg91y2oSFlfwSzKSqlpnM5GjsmkEEgIWKh+jaRFv7w\/leDpePcdailRyGFuKP2FfSJQST2W2zlQrMF\/oNUjP6aZdNaxzoSoCXMJd7Up\/mt8RqMgsrWcYUMHvQ06h+exj898vCZtB1V+TLwW9uBektzF+CXOqqrF1Z9FSLK6FRk\/mRj4sDj4kh9egaoIbswL\/TUDlkzUlOiGsXKLhjW3tS3FyfPt1tfezIXGHEh4EW60zksXjIEgJDPLc\/qO4WG42aNVJdylffvScrUJ3xzSfGuM0vqgfMiB+3CM4zhYcDJCEucrnFdmhMiEQPdR7A9TRXrNULsYoSroOvapvGllOcBcM6yVEVim0NhZ6IqBqdVPRFgM6TEKUId6MqCsrZOn505zSvp6uI+iYbTVt2vAwVNgy8zy9fIWVcuykSzkvH+d42DP+VXtpttwkWetjb36T\/ZS2XTr7PuIk7Yvla\/G4HlzHMbBpi60aJl0BS37yoR0f2qm9WHw2KnODhEyhAYb4IeKTGj\/HuRy9XbO6k1YH6otSJwQ\/cgkZs2iWIsENJksqX0PSeqfZ7ACHXxQiZEIMG8YTWkv4u7u2JT7ExAILLkiwT\/QQD4jmFyu\/ht83e0GIjVy9NYLfpkj64XFHRO7PLRYwx8ki+XfUPsu1+DA2BfaB3A+I8\/B11Z4sg+PtwrTD3Q9hvnk7uPTQPIiGzwEGgAChYAHgggO6ksVgq664"}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744006794573,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1618744006794573,"pkt":"AAAAAAAAAAUA5TB2CABFAACHOHQAAG4RTUc0c4g3CgAAAQ2Xw1YAc6HlgMgADgAAA+hZLCORUikt0lMMVuqc62jK8b9ObVoTSM\/lJgLtxS1nRRDaLJ4KDYgtyq2PsWx4ZAx8e0UeKef0\/\/qTc52IDGdgIZ3TuK4YxTFWM4fkMdciSGlScqeAAKFiAVZYWPTPO\/w0aQ0="}
 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744010505540}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744010505540}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498321 bytes
-~~ total memory freed........: 5498321 bytes
+~~ total memory allocated....: 5498345 bytes
+~~ total memory freed........: 5498345 bytes
 ~~ total allocations/frees...: 85872/85872
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 578 chars
diff --git a/test/results/default/stun_signal.pcapng.out b/test/results/default/stun_signal.pcapng.out
index 5c974e455..00e2f4c96 100644
--- a/test/results/default/stun_signal.pcapng.out
+++ b/test/results/default/stun_signal.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1636901936040353}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1636901936040353}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="}
 01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -50,7 +50,9 @@
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936411307,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="}
+01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936411307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936411307,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936415304,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="}
+01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936415304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901936415304,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936663206,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80O8AACYRz3Os\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="}
@@ -76,8 +78,10 @@
 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="}
+01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956960274,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956969064,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuhAAEAR8zXAqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="}
+01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956969064,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956969064,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956971552,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956971552,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nulAAEAR8zTAqAypI563p6g8DZYAJNbdAAMACCESpEJQZE0rWTlGNXNyQ3EAGQAEEQAAAA=="}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901956977270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4P7RAAOQRrikjnrenwKgMqQ2WnA4AZNRVARMASCESpEJuWjVNSmNUejZrc3YACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlM2Q3MGU4YTI4NzhlYWI4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABPdDwsE="}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956982713,"flow_dst_last_pkt_time":1636901956977270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956982713,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnupAAEAR8tvAqAypI563p5wODZYAfID0AAMAYCESpEJoVnBuRlhEMWd5a3MAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGUzZDcwZThhMjg3OGVhYjgACAAUhea72wHPPgTdSOnBEkAPMzKPAD4="}
@@ -85,12 +89,16 @@
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1636901956989826,"flow_dst_last_pkt_time":1636901956988183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901956989826,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnutAAEAR8trAqAypI563p6g8DZYAfJbSAAMAYCESpEJELzRSL1I0ZVdVN0kAGQAEEQAAAAAGABUxNjM2OTg4MzU2OjExMjQwNjMwMDAAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDJjNWJhY2UxODI5ZDI2OWUACAAUvJldU9tsWUvBCpl53HMUEVhvq8k="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957149857,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957149857,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvtAAEAR8yrAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957151010,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevNAAEARy\/vAqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="}
+01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957151010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957172132,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevRAAEARy\/rAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="}
+01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957172132,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957180832,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957180832,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnvxAAEAR8ynAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957210204,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957210204,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv5AAEAR8x\/AqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957219600,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901957219600,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nv9AAEAR8x7AqAypI563p5wOAbsAJPaJAAMACCESpEIyY0FuemxRWWpFQmIAGQAEEQAAAA=="}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957274630,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86goAACYRtlis\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="}
+01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957274630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957274630,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957301798,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8efYAACURJ+2s\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="}
+01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957301798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901957301798,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957151010,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957525218,"pkt":"mt9Y+uvcCL6sCxduCABFgAA86ikAACYRtjms\/Xl\/wKgMqUtmqDwAKGNbAQEADCESpEJuRGJFSkJreUFwVW4AIAAIAAEPlHw9RVE="}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957551924,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8ergAACURJyus\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957650455,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957650455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxNAAEAR8xLAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="}
@@ -108,9 +116,9 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="}
 02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01130{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -126,6 +134,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="}
 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998642149,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="}
 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -133,29 +142,38 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="}
 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="}
+01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998645824,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="}
+01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654623,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="}
+00995{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"}
+00985{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998663215,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998669539,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49kxAAOQRNEUjnnrTwKgMqQ2WlFIAZMvXARMASCESpEJOTG9MWFNjWDdLU3cACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2MzExMjRhZWUxZDEzNDUwABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABOHlRAQ="}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865349,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998892782,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998892782,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FlAAEAR8pjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998900771,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998900771,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVXoAAOMBFnQjnnrTwKgMqQMDaO0AAAAARQAAMNxXQAAgERKjwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998914396,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998914396,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FtAAEAR8pbAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967333,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="}
+01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998967333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967333,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901998967382,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="}
+01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998967382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1636901998967382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242071,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uigAACUR57qs\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242113,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OWgAACYRZvus\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386450,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386450,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3HxAAEAR8n3AqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="}
@@ -176,10 +194,10 @@
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000173314,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000173314,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/dAAEARXs7AqAypEsODj7qX8DoAcOfaAAEAVCESpEJYdGpHMEQ4MEppTE0ABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAgAkAARufx7\/AAgAFM7+Ft2Y0101jZUj75NnkTl5UB7JgCgABNI9yPM="}
 02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01134{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01137{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01135{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01245{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01137{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00956{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -187,20 +205,20 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="}
 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -208,7 +226,7 @@
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":8,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":211,"global_ts_usec":1636902021384737}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":26,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1636902021384737}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 460/460
 ~~ skipped flows.............: 0
@@ -217,9 +235,9 @@
 ~~ total active/idle flows...: 23/23
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5559341 bytes
-~~ total memory freed........: 5559341 bytes
-~~ total allocations/frees...: 86572/86572
+~~ total memory allocated....: 5559997 bytes
+~~ total memory freed........: 5559997 bytes
+~~ total allocations/frees...: 86582/86582
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
 ~~ json message max len.......: 2355 chars
diff --git a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
index 781c3d09f..3fda943cd 100644
--- a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
+++ b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
@@ -1,5 +1,5 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645514762350619}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645514762350619}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514762350619,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1645514762350619,"pkt":"AAAAAAAAAAoA2nGfCABFAAA8AABAAFcGEY6mrI6DF7fFRw2Xp2H0bFeT0HMflKAS\/\/+7nwAAAgQFtAQCCAr+HMRdGiKsgwEDAwg="}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762356326,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxJAAD8GdmcXt8VHpqyOg6dhDZfQcx+U9GxXlIAYAU3vTgAAAQEIChoirLb+HMRdAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="}
@@ -8,7 +8,7 @@
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514763155219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514763155219,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxVAAD8GdmQXt8VHpqyOg6dhDZfQcx\/M9GxXlIAYAU3t4wAAAQEIChoirZj+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1645514773276175,"pkt":"AAAAAAAAAA4AwKFPCABFAACIsxpAAD8GdicXt8VHpqyOg6dhDZfQcx\/o9GxXlIAZAU3usAAAAQEIChoiuYL+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAAADAAghEqRCcEtuRTlSWGdGWWxZABkABBEAAAAAAwAIIRKkQnBLbkU5UlhnRllsWQAZAAQRAAAA"}
 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1645514773276175,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1645514773276175}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1645514773276175}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500166 bytes
-~~ total memory freed........: 5500166 bytes
+~~ total memory allocated....: 5500190 bytes
+~~ total memory freed........: 5500190 bytes
 ~~ total allocations/frees...: 85866/85866
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 583 chars
diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out
index bad8efb1c..1302ca1ca 100644
--- a/test/results/default/stun_wa_call.pcapng.out
+++ b/test/results/default/stun_wa_call.pcapng.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="}
 00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
@@ -98,7 +98,9 @@
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1676660024325807,"pkt":"CL6sCxduJjb1W8R1CABFwAB1QNhAAEARWCPAqAycXSF2V8F2oJMAYc1lkHgABQAA3UBRZ9y23r4AA1ErK2EAvZEZhwAAAKbOSK90hIl36enLLzUIk6r\/w1XH6T2mtq3Gg8VNMWWeuoZcZLDNzrjMgd0lraiBKjJ3Gy5jB\/m61+BApbg="}
+01094{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":177,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1676660024325807,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024620334,"pkt":"CL6sCxduJjb1W8R1CABFwABISE9AAEAR8Q7AqAycClIo8cF2nfQANEB+AAEAGCESpEIXwuNn6QQGBGvPy2QACAAUUNSepUVO3cHbT1W7D8IkB9QMLLk="}
+01222{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024620334,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1676660025173851,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025173851,"pkt":"CL6sCxduJjb1W8R1CABFwABISHxAAEAR8OHAqAycClIo8cF2nfQANJUKAAEAGCESpEJbGGZZJbjNIbGSmgoACAAUqscImv03XhISfmW0WS8IT6fPtOk="}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1676660025726086,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025726086,"pkt":"CL6sCxduJjb1W8R1CABFwABISIRAAEAR8NnAqAycClIo8cF2nfQANJ6PAAEAGCESpEKk0qlxm\/ZTOSdEwkYACAAUXDPKAV6TGyzZ4WyS4fYKXK0zlIs="}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="}
@@ -118,8 +120,8 @@
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660035302856,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660035303048,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659999805645,"flow_dst_last_pkt_time":1676659970555584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -127,7 +129,7 @@
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":206,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659999805377,"flow_dst_last_pkt_time":1676659999441975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":21189,"flow_dst_tot_l4_payload_len":21151,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":20,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":130,"global_ts_usec":1676660035303048}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":22,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1676660035303048}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 591/591
 ~~ skipped flows.............: 0
@@ -136,10 +138,10 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5541456 bytes
-~~ total memory freed........: 5541456 bytes
-~~ total allocations/frees...: 86593/86593
+~~ total memory allocated....: 5541700 bytes
+~~ total memory freed........: 5541700 bytes
+~~ total allocations/frees...: 86594/86594
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 576 chars
+~~ json message min len.......: 574 chars
 ~~ json message max len.......: 2211 chars
-~~ json message avg len.......: 1392 chars
+~~ json message avg len.......: 1391 chars
diff --git a/test/results/default/stun_zoom.pcapng.out b/test/results/default/stun_zoom.pcapng.out
index ebcf92338..c8bbf0bf3 100644
--- a/test/results/default/stun_zoom.pcapng.out
+++ b/test/results/default/stun_zoom.pcapng.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1661169535535091}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1661169535535091}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"}
 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -24,7 +24,7 @@
 02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1661169536805680}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1661169536805680}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 70/70
 ~~ skipped flows.............: 0
@@ -33,10 +33,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511410 bytes
-~~ total memory freed........: 5511410 bytes
+~~ total memory allocated....: 5511450 bytes
+~~ total memory freed........: 5511450 bytes
 ~~ total allocations/frees...: 85950/85950
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 573 chars
+~~ json message min len.......: 571 chars
 ~~ json message max len.......: 2323 chars
-~~ json message avg len.......: 1421 chars
+~~ json message avg len.......: 1420 chars
diff --git a/test/results/default/syncthing.pcap.out b/test/results/default/syncthing.pcap.out
index 2513f9674..79de7aa10 100644
--- a/test/results/default/syncthing.pcap.out
+++ b/test/results/default/syncthing.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663058610822000}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663058610822000}
 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":267,"pkt_l4_len":213,"thread_ts_usec":1663058610822000,"pkt":"MzMAAIOEYDjgxTWght1gAesUANURAf6AAAAAAAAAYjjg\/\/7FNaD\/EgAAAAAAAAAAAAAAAIOEpYJSIwDV+Zwup9kLCiCSt2JimWKUgl\/GzObPNHlCiCgtc7Xs3y3LKb\/UhMQtbxIZdGNwOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIXdGNwOi8vMTkyLjE2OC4wLjE6MjIwMDASF3RjcDovLzE5Mi4xNjguMy4xOjIyMDAwEhpxdWljOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIYcXVpYzovLzE5Mi4xNjguMC4xOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4zLjE6MjIwMDAYzqG5+MLl+b1h"}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}}
@@ -37,7 +37,7 @@
 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"thread_ts_usec":1663059067177000,"pkt":"\/\/\/\/\/\/\/\/YDjgxTWgCABFAAHwU\/5AALkR5UrAqAJkwKgC\/9bBUiMB3IihLqfZCwogkrdiYplilIJfxszmzzR5QogoLXO17N8tyym\/1ITELW8S6gFyZWxheTovLzE1MS44MC40My4xNjc6MjIwNjcvP2dsb2JhbExpbWl0QnBzPTAmaWQ9UVpKRllPUy1CSlBBNFVPLVlQQVhDTlUtUEVHT1BWNC1YNTZJSU9aLTNJR0pEMlAtSDVZNUFDSS00Rk1DTkFOJm5ldHdvcmtUaW1lb3V0PTJtMHMmcGluZ0ludGVydmFsPTFtMHMmcHJvdmlkZWRCeT1odHRwcyUzQSUyRiUyRmtleWJhc2UuaW8lMkZtb3ZpdXJvJnNlc3Npb25MaW1pdEJwcz0wJnN0YXR1c0FkZHI9JTNBMjIwNzASGnF1aWM6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4wLjE6MjIwMDASGHF1aWM6Ly8xOTIuMTY4LjMuMToyMjAwMBIYcXVpYzovLzIuMjAzLjIzNC40OjIyMDAwEhl0Y3A6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhd0Y3A6Ly8xOTIuMTY4LjAuMToyMjAwMBIXdGNwOi8vMTkyLjE2OC4zLjE6MjIwMDAYtbyZh9yrvO9z"}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663059067177000,"flow_src_last_pkt_time":1663059067179000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.255","src_port":54977,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}}
 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663058647185000,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663058647185000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":47077,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":34,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1663059067179000}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":34,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1663059067179000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 34/34
 ~~ skipped flows.............: 0
@@ -46,10 +46,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505363 bytes
-~~ total memory freed........: 5505363 bytes
+~~ total memory allocated....: 5505435 bytes
+~~ total memory freed........: 5505435 bytes
 ~~ total allocations/frees...: 85923/85923
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 1177 chars
-~~ json message avg len.......: 873 chars
+~~ json message avg len.......: 872 chars
diff --git a/test/results/default/synscan.pcap.out b/test/results/default/synscan.pcap.out
index eac4f6b01..461f4496e 100644
--- a/test/results/default/synscan.pcap.out
+++ b/test/results/default/synscan.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278275056274870}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278275056274870}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056274870,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056274870,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1278275056274870,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276409,"flow_src_last_pkt_time":1278275056276409,"flow_dst_last_pkt_time":1278275056276409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056276409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -7993,7 +7993,7 @@
 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058595442,"flow_src_last_pkt_time":1278275058595442,"flow_dst_last_pkt_time":1278275058595442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01067{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}}
 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1858,"total-guessed-flows":136,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1858,"total-guessed-flows":136,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2011/2011
 ~~ skipped flows.............: 0
@@ -8002,8 +8002,8 @@
 ~~ total active/idle flows...: 1994/1994
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 9885248 bytes
-~~ total memory freed........: 9885248 bytes
+~~ total memory allocated....: 9917160 bytes
+~~ total memory freed........: 9917160 bytes
 ~~ total allocations/frees...: 109801/109801
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out
index ba2e26eb2..94a434fc7 100644
--- a/test/results/default/syslog.pcap.out
+++ b/test/results/default/syslog.pcap.out
@@ -1,9 +1,9 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":108743144,"packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144}
 01223{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":703,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":703,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AqsAIUW0AqkAAEAAQBEKT1+I8jZdFH5uAgICAgKVMFQ8MjY+SmFuIDAxIDAwOjAxOjQ3IG5iNiBuYmQ6IDAxPTc7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMDc7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7MDc9NDA7MDg9MTA7MEE9MTQwMTA7MEI9MTEyODswQz0xNjAwMDswRD0xMDY4OzBFPTMzLjA7MEY9MTguNDsxMj02LjI7MTM9Ni44OzE0PTE5Ljg7MTU9MTIuMTsxNj0wOzE3PTA7MTg9MDsxOT0wOzFCPTE7MUM9QURTTDIrOzFEPTA7MUU9YXV0bzsxRj0xOzIxPTA7MjI9Mzk7MjM9MDsyND0yNjs0Qj0zOzRDPTA7NEQ9MjQ3Mzg7NEU9MzEzNTE2OzRGPTA7NTA9MDs1MT0wOzUyPTA7MTA9MTsxMT00OzMwPTA7MzE9MDszMj0yOzMzPTI7MzQ9MDszNT0wOzM2PTA7NDE9MDs0Mj11bmtub3duOzdDPTA7N0Q9dW5rbm93bjsyRD11bmtub3duOzJGPXVua25vd247Mzk9MDszQT0wOzQ0PTQ5OzQ2PTQ5OzQ4PTQ5OzNCPTA7M0M9MDszRD0wOzNFPTA7M0Y9MDs0MD0wOzc3PTU7Nzg9MDs3OT0wOzkwPTA7OTE9MDs5Mj0wOzk4PTs5OT07OWE9dW5rbm93bjs5Yj1vbjs5Yz1kb3duOzlkPTA7QjA9MA=="}
 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":113756696,"packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696}
 00791{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1377043331844398,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -11,14 +11,14 @@
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1377043331893307,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043331893307,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"}
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1377043337197703,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1377043337197703,"pkt":"vDBb56YVAASWJ4vKCABFAACIJ3YAADwRXV2sFDM2rB9uKAICAgIAdHXTPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBJZGxlIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDYyNTQKMCBMSVAoRjgsRjcpIFJlY2VpdmVkCgoA"}
 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1377043337206117,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043337206117,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ3cAADwRXQisFDM2rB9uKAICAgIAyG\/hPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTI0MQowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIERPV046IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1388653792914155}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1388653792914155}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653792914155,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="}
 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1488571038380901}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1488571038380901}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="}
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -32,7 +32,7 @@
 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1557406267494812}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1557406267494812}
 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"}
 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267510571,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":5}
@@ -43,7 +43,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"}
 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1600781689297122}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1600781689297122}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1600781689297122,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -63,7 +63,7 @@
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1600781952293713,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1600782411853866}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1600782411853866}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1600782411853866,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -93,7 +93,7 @@
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1618744015613076}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1618744015613076}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015613076,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -116,13 +116,13 @@
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1639052948178444}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1639052948178444}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1646228387732435}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1646228387732435}
 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435}
 00991{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"}
 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384}
@@ -131,7 +131,7 @@
 00891{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="}
 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633}
 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1646781267422628}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1646781267422628}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -145,7 +145,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1646781268509996}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1646781268509996}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 94/88
 ~~ skipped flows.............: 0
@@ -154,8 +154,8 @@
 ~~ total active/idle flows...: 19/19
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5541865 bytes
-~~ total memory freed........: 5541865 bytes
+~~ total memory allocated....: 5542177 bytes
+~~ total memory freed........: 5542177 bytes
 ~~ total allocations/frees...: 86154/86154
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 285 chars
diff --git a/test/results/default/tailscale.pcap.out b/test/results/default/tailscale.pcap.out
index d89ceecf1..a136a5ed6 100644
--- a/test/results/default/tailscale.pcap.out
+++ b/test/results/default/tailscale.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623328901893092}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623328901893092}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1623328901893092,"pkt":"poPnuslkAAwplE+vCABFAAB4d9xAAEART3bAqFgDEsRHs6KpoqkAZHYFVFPwn5KstoR90hKud3v64hSzbQ2XEVLwx+BSTgwosKAQW1+mFhcDIU7pTkASV+cPow8CosaxW7erOd5Ypqum39pp9XjnyWeXa9gOouLKbhi2mYRqmqG3HWqWW+4="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
@@ -9,7 +9,7 @@
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328904184015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1623328904184015,"pkt":"AAwplE+vpoPnuslkCABFAACcwGAAADARAAASxEezwKhYA6KpoqkAiNUeBAAAAJjIPnoBAAAAAAAAAIDRhelXasbgL\/+zYa0dujImbboZHw5LtTzrMLrAnJiErjX4Q\/gpsHyUZ2phBiZAcnlAJHPknh+UjOJs8w8oU91sAPPQbskYRx3J+rH+DeFVFEtkDOzsDsjpsegoPlzrb\/fiUGSsuyCgJy+T4mnA9xA="}
 02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328910935194,"flow_dst_last_pkt_time":1623328911751937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":1430,"flow_dst_tot_l4_payload_len":2162,"midstream":0,"thread_ts_usec":1623328911751937,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":609708.0,"max":1999684,"stddev":605237.1,"var":366311899136.0,"ent":4.2,"data": [1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405]},"pktlen": {"min":120,"avg":140.2,"max":156,"stddev":15.4,"var":237.9,"ent":5.0,"data": [120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120]},"bins": {"c_to_s": [0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1],"entropies": [6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":56,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328931902798,"flow_dst_last_pkt_time":1623328933775730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":5700,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1623328933775730,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1623328933775730}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1623328933775730}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 107/107
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501076 bytes
-~~ total memory freed........: 5501076 bytes
+~~ total memory allocated....: 5501100 bytes
+~~ total memory freed........: 5501100 bytes
 ~~ total allocations/frees...: 85967/85967
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 2244 chars
-~~ json message avg len.......: 1324 chars
+~~ json message avg len.......: 1323 chars
diff --git a/test/results/default/targusdataspeed_false_positives.pcap.out b/test/results/default/targusdataspeed_false_positives.pcap.out
index 0443aacd4..24a53a892 100644
--- a/test/results/default/targusdataspeed_false_positives.pcap.out
+++ b/test/results/default/targusdataspeed_false_positives.pcap.out
@@ -1,4 +1,4 @@
-00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":35569737,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+ehEAAIARLTAKAAIPT6Q3e126E4kAahVHZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOvYCdwGYYsEclb708wDvUFa3aEpxZTE6cTk6ZmluZF9ub2RlMTp0ODqI0o3DoQnQUDE6eTE6cWU="}
 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}}
@@ -9,7 +9,7 @@
 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":47351725,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLPoUAAEARp+tZQC3jCgACDxRRXboBN3DOZDI6aXA2Ol0v4fi2NTE6cmQyOmlkMjA6Cixkc\/ArsXcJ7U3wslfTpV0++Qo1Om5vZGVzMjA4OgnoTWcn5Dz1WsC7MJGi19W6kHfXwIMsWf7sCMB+iYC28R+pvpNIPRWUbo8TACBttiU\/eIoJTCvSXHm7E6mVIW1xdJVtFGBxj71Fdbbh6Qi0O4aQ71PNaDpVSFMJBfrOkxEjUPl1HgURCYdIr0PZ+eaVADua7fVMXBTcQ4EChJrSdkcJ4hLhbiau6yJI+VuOfD+bIhmzz7V5SbNlNQhV3fqFlrrzSnPbqxOCr29KlotYDsDTJxC1CNuf8fG76euzpts8hww+mSReDZCIHta8ty8xOnBpNDY2NDVlZTE6dDg6yqEY3ZzscnUxOnY0OkxUAQIxOnkxOnJl"}
 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":46627016,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35636027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":47351725}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":47351725}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500317 bytes
-~~ total memory freed........: 5500317 bytes
+~~ total memory allocated....: 5500357 bytes
+~~ total memory freed........: 5500357 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 593 chars
+~~ json message min len.......: 591 chars
 ~~ json message max len.......: 1096 chars
-~~ json message avg len.......: 842 chars
+~~ json message avg len.......: 841 chars
diff --git a/test/results/default/tcp_scan.pcapng.out b/test/results/default/tcp_scan.pcapng.out
index 6f06e8d05..84dcec87e 100644
--- a/test/results/default/tcp_scan.pcapng.out
+++ b/test/results/default/tcp_scan.pcapng.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1674583448287506}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1674583448287506}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1674583461865595,"pkt":"AICPmq69KDc3AG3ICABFAABAAABAAP8G97LAqAGywKgBAtvQAFAaMXySAAAAALAC\/\/+gxwAAAgQFtAEDAwUBAQgKBzOYGQAAAAAEAgAA"}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461865599,"flow_dst_last_pkt_time":1674583461865599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865599,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -39,7 +39,7 @@
 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461866946,"flow_dst_last_pkt_time":1674583461866839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01063{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1674583501983146}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1674583501983146}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/18
 ~~ skipped flows.............: 0
@@ -48,8 +48,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511690 bytes
-~~ total memory freed........: 5511690 bytes
+~~ total memory allocated....: 5511810 bytes
+~~ total memory freed........: 5511810 bytes
 ~~ total allocations/frees...: 85952/85952
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/teams.pcap.out b/test/results/default/teams.pcap.out
index 79f633d89..57b0b64c3 100644
--- a/test/results/default/teams.pcap.out
+++ b/test/results/default/teams.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
 01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
@@ -469,7 +469,7 @@
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -483,7 +483,7 @@
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
@@ -492,9 +492,11 @@
 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
+00991{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":">??i)?<????????????r"}}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
+00991{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"s?>?ed???[??+ez4???m"}}
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
@@ -542,9 +544,13 @@
 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
+01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
+01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
+00992{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
+00992{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -561,7 +567,9 @@
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
 02293{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
@@ -595,10 +603,10 @@
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
-01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
@@ -634,7 +642,7 @@
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01070{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00869{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -649,13 +657,13 @@
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01076{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01000{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
 01001{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
@@ -671,7 +679,7 @@
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":57,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1587041698021081}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":65,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":682,"global_ts_usec":1587041698021081}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1540/1498
 ~~ skipped flows.............: 0
@@ -680,9 +688,9 @@
 ~~ total active/idle flows...: 83/83
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6631998 bytes
-~~ total memory freed........: 6631998 bytes
-~~ total allocations/frees...: 88661/88661
+~~ total memory allocated....: 6633459 bytes
+~~ total memory freed........: 6633459 bytes
+~~ total allocations/frees...: 88666/88666
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 295 chars
 ~~ json message max len.......: 2501 chars
diff --git a/test/results/default/teamspeak3.pcap.out b/test/results/default/teamspeak3.pcap.out
index 6a116a612..9b813d247 100644
--- a/test/results/default/teamspeak3.pcap.out
+++ b/test/results/default/teamspeak3.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946745680740311}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946745680740311}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745680740311,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="}
 00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
@@ -7,7 +7,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946745681306941,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745681306941,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946745681306983,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946745681306983,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946745682007760,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745682007760,"pkt":"REREREREZmZmZmZmCABFAAA+yf1AAHgRnY8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2MAAAAAAAAAAA=="}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1667856551682719}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1667856551682719}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551682719,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667856551682719,"pkt":"AABeAAEK6qmpVXFVCABFAAAg6GhAAD8RkF7BHxlGM0S1XAfbB9oADMMjAYCEAQ=="}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1667856551687540,"pkt":"6qmpVXFVEA5+JvHACABFAAAkwyxAADQRwJYzRLVcwR8ZRgfaB9sAEFGEAYCEAXxl2acAAAAAAAA="}
@@ -17,247 +17,247 @@
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551693001,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1667857151661156,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667857151661156,"pkt":"AABeAAEK6qmpVXFVCABFAAAgFyVAAD8RYaLBHxlGM0S1XAfbB9oADMMjAYKEAQ=="}
 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857151666127,"flow_dst_last_pkt_time":1667857151670963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1667857151670963,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1667857751746605}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1667857751746605}
 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857751751776,"flow_dst_last_pkt_time":1667857751756665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1667857751756665,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1667858351841483}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1667858351841483}
 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858351846489,"flow_dst_last_pkt_time":1667858351851342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1667858351851342,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858951749360,"flow_dst_last_pkt_time":1667858951754177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":65,"midstream":0,"thread_ts_usec":1667858951754177,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1667859551930352}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1667859551930352}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667859551935305,"flow_dst_last_pkt_time":1667859551940122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1667859551940122,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860151925248,"flow_dst_last_pkt_time":1667860151930037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1667860151930037,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1667860752077584}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1667860752077584}
 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4821,"avg":270993696.0,"max":600180997,"stddev":298614912.0,"var":89170865459036160.0,"ent":3.8,"data": [4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963]},"pktlen": {"min":32,"avg":40.0,"max":44,"stddev":4.7,"var":22.0,"ent":5.0,"data": [32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861351993175,"flow_dst_last_pkt_time":1667861351998031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1667861351998031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1667861952155552}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1667861952155552}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861952160606,"flow_dst_last_pkt_time":1667861952165473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1667861952165473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667862552075384,"flow_dst_last_pkt_time":1667862552080210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1667862552080210,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1667863152145991}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1667863152145991}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863152150938,"flow_dst_last_pkt_time":1667863152155777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1667863152155777,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863752105541,"flow_dst_last_pkt_time":1667863752110395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":169,"midstream":0,"thread_ts_usec":1667863752110395,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1667864352264298}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1667864352264298}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864352269395,"flow_dst_last_pkt_time":1667864352274267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1667864352274267,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1667864952277211}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1667864952277211}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":30,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864952282201,"flow_dst_last_pkt_time":1667864952287024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1667864952287024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1667865552502273}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1667865552502273}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":32,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667865552507391,"flow_dst_last_pkt_time":1667865552512264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1667865552512264,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866152387758,"flow_dst_last_pkt_time":1667866152392764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":221,"midstream":0,"thread_ts_usec":1667866152392764,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1667866752540859}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1667866752540859}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":36,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866752545981,"flow_dst_last_pkt_time":1667866752550878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":234,"midstream":0,"thread_ts_usec":1667866752550878,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867352498846,"flow_dst_last_pkt_time":1667867352503806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1667867352503806,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1667867952564843}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1667867952564843}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867952571449,"flow_dst_last_pkt_time":1667867952576449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1667867952576449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1667868552626724}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1667868552626724}
 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":42,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667868552631982,"flow_dst_last_pkt_time":1667868552644435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1667868552644435,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1667869152831749}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1667869152831749}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":44,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869152836944,"flow_dst_last_pkt_time":1667869152841890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":286,"midstream":0,"thread_ts_usec":1667869152841890,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":46,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869752718957,"flow_dst_last_pkt_time":1667869752723999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":299,"midstream":0,"thread_ts_usec":1667869752723999,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1667870352860295}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1667870352860295}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":48,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870352865541,"flow_dst_last_pkt_time":1667870352870527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1667870352870527,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1667870952861879}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1667870952861879}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":50,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870952856962,"flow_dst_last_pkt_time":1667870952861879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":500,"flow_dst_tot_l4_payload_len":325,"midstream":0,"thread_ts_usec":1667870952861879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1667871552965002}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1667871552965002}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667871552970090,"flow_dst_last_pkt_time":1667871552974984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":338,"midstream":0,"thread_ts_usec":1667871552974984,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1667872152967383}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1667872152967383}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872152962414,"flow_dst_last_pkt_time":1667872152967383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":351,"midstream":0,"thread_ts_usec":1667872152967383,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1667872753004113}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1667872753004113}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872753009396,"flow_dst_last_pkt_time":1667872753014340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":364,"midstream":0,"thread_ts_usec":1667872753014340,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":126,"packets-processed":125,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1667873353144571}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":126,"packets-processed":125,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1667873353144571}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":58,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873353149829,"flow_dst_last_pkt_time":1667873353154817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":377,"midstream":0,"thread_ts_usec":1667873353154817,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1667873953146815}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1667873953146815}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":60,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873953141847,"flow_dst_last_pkt_time":1667873953146815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":390,"midstream":0,"thread_ts_usec":1667873953146815,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1667874553276670}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1667874553276670}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":62,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667874553281783,"flow_dst_last_pkt_time":1667874553286698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":403,"midstream":0,"thread_ts_usec":1667874553286698,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":64,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875153244452,"flow_dst_last_pkt_time":1667875153249351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1667875153249351,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":72,"global_ts_usec":1667875753342484}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":72,"global_ts_usec":1667875753342484}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":66,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875753347778,"flow_dst_last_pkt_time":1667875753352702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":429,"midstream":0,"thread_ts_usec":1667875753352702,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1667876353408264}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1667876353408264}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":68,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876353413449,"flow_dst_last_pkt_time":1667876353418444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1667876353418444,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1667876953587033}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1667876953587033}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":70,"flow_dst_packets_processed":70,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876953592257,"flow_dst_last_pkt_time":1667876953597228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":455,"midstream":0,"thread_ts_usec":1667876953597228,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667877553543097,"flow_dst_last_pkt_time":1667877553548159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1667877553548159,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1667878153569226}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1667878153569226}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":74,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878153574404,"flow_dst_last_pkt_time":1667878153579443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":481,"midstream":0,"thread_ts_usec":1667878153579443,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1667878753632528}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1667878753632528}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":76,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878753638134,"flow_dst_last_pkt_time":1667878753643091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1667878753643091,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1667879353636120}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1667879353636120}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":78,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879353641506,"flow_dst_last_pkt_time":1667879353646439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1667879353646439,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1667879953703352}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1667879953703352}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":80,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879953708739,"flow_dst_last_pkt_time":1667879953713725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":520,"midstream":0,"thread_ts_usec":1667879953713725,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1667880553876737}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1667880553876737}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":82,"flow_dst_packets_processed":82,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667880553881895,"flow_dst_last_pkt_time":1667880553886879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":533,"midstream":0,"thread_ts_usec":1667880553886879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":84,"flow_dst_packets_processed":84,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881153859790,"flow_dst_last_pkt_time":1667881153864831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1667881153864831,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1667881753952134}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1667881753952134}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":86,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881753957333,"flow_dst_last_pkt_time":1667881753962303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1667881753962303,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":88,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882353935191,"flow_dst_last_pkt_time":1667882353940184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1667882353940184,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":190,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1667882954166449}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":190,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1667882954166449}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":90,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882954171570,"flow_dst_last_pkt_time":1667882954176520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":585,"midstream":0,"thread_ts_usec":1667882954176520,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":92,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667883554074126,"flow_dst_last_pkt_time":1667883554079112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":598,"midstream":0,"thread_ts_usec":1667883554079112,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1667884154200917}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1667884154200917}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":94,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884154206101,"flow_dst_last_pkt_time":1667884154211101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":611,"midstream":0,"thread_ts_usec":1667884154211101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":96,"flow_dst_packets_processed":96,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884754157900,"flow_dst_last_pkt_time":1667884754162909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1667884754162909,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":99,"global_ts_usec":1667885354328064}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":99,"global_ts_usec":1667885354328064}
 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":98,"flow_dst_packets_processed":98,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885354333244,"flow_dst_last_pkt_time":1667885354338234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":980,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1667885354338234,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1667885954340552}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1667885954340552}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885954345790,"flow_dst_last_pkt_time":1667885954350789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":650,"midstream":0,"thread_ts_usec":1667885954350789,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_usec":1667886554547380}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_usec":1667886554547380}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":102,"flow_dst_packets_processed":102,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667886554552478,"flow_dst_last_pkt_time":1667886554557490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":1667886554557490,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":104,"flow_dst_packets_processed":104,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887154419061,"flow_dst_last_pkt_time":1667887154424032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1667887154424032,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_usec":1667887754581847}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_usec":1667887754581847}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":106,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887754587099,"flow_dst_last_pkt_time":1667887754592084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1667887754592084,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":108,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888354542054,"flow_dst_last_pkt_time":1667888354546973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":702,"midstream":0,"thread_ts_usec":1667888354546973,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":230,"packets-processed":229,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1667888954680644}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":230,"packets-processed":229,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1667888954680644}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":110,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888954685885,"flow_dst_last_pkt_time":1667888954690939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":715,"midstream":0,"thread_ts_usec":1667888954690939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1667889554755560}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1667889554755560}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":112,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667889554760836,"flow_dst_last_pkt_time":1667889554765828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":728,"midstream":0,"thread_ts_usec":1667889554765828,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":113,"global_ts_usec":1667890154914103}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":113,"global_ts_usec":1667890154914103}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":114,"flow_dst_packets_processed":114,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890154919389,"flow_dst_last_pkt_time":1667890154924380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1140,"flow_dst_tot_l4_payload_len":741,"midstream":0,"thread_ts_usec":1667890154924380,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":116,"flow_dst_packets_processed":116,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890754878493,"flow_dst_last_pkt_time":1667890754883473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1160,"flow_dst_tot_l4_payload_len":754,"midstream":0,"thread_ts_usec":1667890754883473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1667891355001091}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1667891355001091}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":118,"flow_dst_packets_processed":118,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891355006788,"flow_dst_last_pkt_time":1667891355011838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":767,"midstream":0,"thread_ts_usec":1667891355011838,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":120,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891954956914,"flow_dst_last_pkt_time":1667891954961842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1667891954961842,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1667892555167346}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1667892555167346}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":122,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667892555172533,"flow_dst_last_pkt_time":1667892555177496,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":793,"midstream":0,"thread_ts_usec":1667892555177496,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":124,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893155127871,"flow_dst_last_pkt_time":1667893155132919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":1667893155132919,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":122,"global_ts_usec":1667893755260179}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":122,"global_ts_usec":1667893755260179}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":126,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893755265342,"flow_dst_last_pkt_time":1667893755270276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":819,"midstream":0,"thread_ts_usec":1667893755270276,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1667894355302105}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1667894355302105}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":128,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894355307414,"flow_dst_last_pkt_time":1667894355312359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1667894355312359,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1667894955409230}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1667894955409230}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":130,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894955414396,"flow_dst_last_pkt_time":1667894955419371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1667894955419371,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":132,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667895555356769,"flow_dst_last_pkt_time":1667895555361872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":858,"midstream":0,"thread_ts_usec":1667895555361872,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":129,"global_ts_usec":1667896155512008}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":129,"global_ts_usec":1667896155512008}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":134,"flow_dst_packets_processed":134,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896155517256,"flow_dst_last_pkt_time":1667896155522215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1340,"flow_dst_tot_l4_payload_len":871,"midstream":0,"thread_ts_usec":1667896155522215,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":136,"flow_dst_packets_processed":136,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896755496441,"flow_dst_last_pkt_time":1667896755501407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":884,"midstream":0,"thread_ts_usec":1667896755501407,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1667897355721055}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1667897355721055}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":138,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897355726163,"flow_dst_last_pkt_time":1667897355731141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1380,"flow_dst_tot_l4_payload_len":897,"midstream":0,"thread_ts_usec":1667897355731141,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897955693161,"flow_dst_last_pkt_time":1667897955698197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":910,"midstream":0,"thread_ts_usec":1667897955698197,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1667898555812144}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1667898555812144}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":142,"flow_dst_packets_processed":142,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667898555817351,"flow_dst_last_pkt_time":1667898555822315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":923,"midstream":0,"thread_ts_usec":1667898555822315,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":144,"flow_dst_packets_processed":144,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899155761861,"flow_dst_last_pkt_time":1667899155766839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":936,"midstream":0,"thread_ts_usec":1667899155766839,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":302,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_usec":1667899755907084}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":302,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_usec":1667899755907084}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":146,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899755912613,"flow_dst_last_pkt_time":1667899755917554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":949,"midstream":0,"thread_ts_usec":1667899755917554,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":148,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900355876128,"flow_dst_last_pkt_time":1667900355881101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1667900355881101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":310,"packets-processed":309,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_usec":1667900956028384}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":310,"packets-processed":309,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_usec":1667900956028384}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900956033514,"flow_dst_last_pkt_time":1667900956038487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1667900956038487,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":152,"flow_dst_packets_processed":152,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667901555988133,"flow_dst_last_pkt_time":1667901555993121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1520,"flow_dst_tot_l4_payload_len":988,"midstream":0,"thread_ts_usec":1667901555993121,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1667902156041748}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1667902156041748}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":154,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902156047066,"flow_dst_last_pkt_time":1667902156052018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":1001,"midstream":0,"thread_ts_usec":1667902156052018,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1667902756106952}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1667902756106952}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":156,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902756112485,"flow_dst_last_pkt_time":1667902756117482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1014,"midstream":0,"thread_ts_usec":1667902756117482,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1667903356166082}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1667903356166082}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":158,"flow_dst_packets_processed":158,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903356171219,"flow_dst_last_pkt_time":1667903356176150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":1027,"midstream":0,"thread_ts_usec":1667903356176150,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":330,"packets-processed":329,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_usec":1667903956205391}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":330,"packets-processed":329,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_usec":1667903956205391}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":160,"flow_dst_packets_processed":160,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903956210625,"flow_dst_last_pkt_time":1667903956215536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1667903956215536,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1667904556255353}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1667904556255353}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":162,"flow_dst_packets_processed":162,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667904556260623,"flow_dst_last_pkt_time":1667904556265561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1667904556265561,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":154,"global_ts_usec":1667905156369162}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":154,"global_ts_usec":1667905156369162}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":164,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905156374273,"flow_dst_last_pkt_time":1667905156379254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":1066,"midstream":0,"thread_ts_usec":1667905156379254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":166,"flow_dst_packets_processed":166,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905756313488,"flow_dst_last_pkt_time":1667905756318378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1660,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1667905756318378,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":346,"packets-processed":345,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1667906356457980}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":346,"packets-processed":345,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1667906356457980}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":168,"flow_dst_packets_processed":168,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906356463124,"flow_dst_last_pkt_time":1667906356468031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1680,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1667906356468031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":170,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906956410643,"flow_dst_last_pkt_time":1667906956415568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":1105,"midstream":0,"thread_ts_usec":1667906956415568,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":160,"global_ts_usec":1667907556513484}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":160,"global_ts_usec":1667907556513484}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":172,"flow_dst_packets_processed":172,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667907556518677,"flow_dst_last_pkt_time":1667907556523620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":1118,"midstream":0,"thread_ts_usec":1667907556523620,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":361,"packets-processed":360,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_usec":1667908156515424}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":361,"packets-processed":360,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_usec":1667908156515424}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":174,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908156510528,"flow_dst_last_pkt_time":1667908156515424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":1131,"midstream":0,"thread_ts_usec":1667908156515424,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1667908756689314}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1667908756689314}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":176,"flow_dst_packets_processed":176,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908756694403,"flow_dst_last_pkt_time":1667908756699292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":1144,"midstream":0,"thread_ts_usec":1667908756699292,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":178,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909356671590,"flow_dst_last_pkt_time":1667909356676397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1780,"flow_dst_tot_l4_payload_len":1157,"midstream":0,"thread_ts_usec":1667909356676397,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1667909956810650}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1667909956810650}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":180,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909956815838,"flow_dst_last_pkt_time":1667909956820716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1667909956820716,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":182,"flow_dst_packets_processed":182,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667910556765092,"flow_dst_last_pkt_time":1667910556769939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1820,"flow_dst_tot_l4_payload_len":1183,"midstream":0,"thread_ts_usec":1667910556769939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1667911156952838}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1667911156952838}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":184,"flow_dst_packets_processed":184,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911156957940,"flow_dst_last_pkt_time":1667911156962766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":1196,"midstream":0,"thread_ts_usec":1667911156962766,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":186,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911756928410,"flow_dst_last_pkt_time":1667911756933311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1667911756933311,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1667912357066553}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1667912357066553}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":188,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912357071592,"flow_dst_last_pkt_time":1667912357076394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1880,"flow_dst_tot_l4_payload_len":1222,"midstream":0,"thread_ts_usec":1667912357076394,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":390,"packets-processed":389,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1667912957180917}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":390,"packets-processed":389,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1667912957180917}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":190,"flow_dst_packets_processed":190,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912957187835,"flow_dst_last_pkt_time":1667912957193306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1900,"flow_dst_tot_l4_payload_len":1235,"midstream":0,"thread_ts_usec":1667912957193306,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":192,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667913557149355,"flow_dst_last_pkt_time":1667913557154138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":1248,"midstream":0,"thread_ts_usec":1667913557154138,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":398,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":178,"global_ts_usec":1667914157284622}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":398,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":178,"global_ts_usec":1667914157284622}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":194,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914157289594,"flow_dst_last_pkt_time":1667914157294449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":1261,"midstream":0,"thread_ts_usec":1667914157294449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":402,"packets-processed":401,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1667914757354818}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":402,"packets-processed":401,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1667914757354818}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":196,"flow_dst_packets_processed":196,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914757360081,"flow_dst_last_pkt_time":1667914757364918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":1274,"midstream":0,"thread_ts_usec":1667914757364918,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":182,"global_ts_usec":1667915357412080}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":182,"global_ts_usec":1667915357412080}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":198,"flow_dst_packets_processed":198,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915357417116,"flow_dst_last_pkt_time":1667915357421996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1287,"midstream":0,"thread_ts_usec":1667915357421996,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_usec":1667915957427289}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_usec":1667915957427289}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":200,"flow_dst_packets_processed":200,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915957432416,"flow_dst_last_pkt_time":1667915957437254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2000,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1667915957437254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_usec":1667916557456657}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_usec":1667916557456657}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":202,"flow_dst_packets_processed":202,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667916557461709,"flow_dst_last_pkt_time":1667916557466499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":1313,"midstream":0,"thread_ts_usec":1667916557466499,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":204,"flow_dst_packets_processed":204,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917157423210,"flow_dst_last_pkt_time":1667917157428021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2040,"flow_dst_tot_l4_payload_len":1326,"midstream":0,"thread_ts_usec":1667917157428021,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_usec":1667917757547203}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_usec":1667917757547203}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":206,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917757552293,"flow_dst_last_pkt_time":1667917757557136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":1339,"midstream":0,"thread_ts_usec":1667917757557136,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":191,"global_ts_usec":1667918357617085}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":191,"global_ts_usec":1667918357617085}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":208,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918357622166,"flow_dst_last_pkt_time":1667918357626995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2080,"flow_dst_tot_l4_payload_len":1352,"midstream":0,"thread_ts_usec":1667918357626995,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1667918957773708}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1667918957773708}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":210,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918957778810,"flow_dst_last_pkt_time":1667918957783659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":1365,"midstream":0,"thread_ts_usec":1667918957783659,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":212,"flow_dst_packets_processed":212,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667919557747659,"flow_dst_last_pkt_time":1667919557752579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2120,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1667919557752579,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1667920157885500}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1667920157885500}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":214,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920157890541,"flow_dst_last_pkt_time":1667920157895403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2140,"flow_dst_tot_l4_payload_len":1391,"midstream":0,"thread_ts_usec":1667920157895403,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":216,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920757821189,"flow_dst_last_pkt_time":1667920757826024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2160,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1667920757826024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":199,"global_ts_usec":1667921357934789}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":199,"global_ts_usec":1667921357934789}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":218,"flow_dst_packets_processed":218,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921357939819,"flow_dst_last_pkt_time":1667921357944657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2180,"flow_dst_tot_l4_payload_len":1417,"midstream":0,"thread_ts_usec":1667921357944657,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":201,"global_ts_usec":1667921957936046}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":201,"global_ts_usec":1667921957936046}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":220,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921957941247,"flow_dst_last_pkt_time":1667921957946139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2200,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1667921957946139,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1667922558027247}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1667922558027247}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":222,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667922558032278,"flow_dst_last_pkt_time":1667922558037152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2220,"flow_dst_tot_l4_payload_len":1443,"midstream":0,"thread_ts_usec":1667922558037152,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":224,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923157994247,"flow_dst_last_pkt_time":1667923157999099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2240,"flow_dst_tot_l4_payload_len":1456,"midstream":0,"thread_ts_usec":1667923157999099,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":462,"packets-processed":461,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_usec":1667923758140912}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":462,"packets-processed":461,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_usec":1667923758140912}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":226,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923758145987,"flow_dst_last_pkt_time":1667923758150812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2260,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1667923758150812,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1667924358195146}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1667924358195146}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924358200510,"flow_dst_last_pkt_time":1667924358205436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2280,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1667924358205436,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":210,"global_ts_usec":1667924958336024}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":210,"global_ts_usec":1667924958336024}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":230,"flow_dst_packets_processed":230,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924958341359,"flow_dst_last_pkt_time":1667924958346268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2300,"flow_dst_tot_l4_payload_len":1495,"midstream":0,"thread_ts_usec":1667924958346268,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":232,"flow_dst_packets_processed":232,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667925558331107,"flow_dst_last_pkt_time":1667925558336001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1667925558336001,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1667926158477541}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1667926158477541}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":234,"flow_dst_packets_processed":234,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926158482640,"flow_dst_last_pkt_time":1667926158487504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":1521,"midstream":0,"thread_ts_usec":1667926158487504,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":236,"flow_dst_packets_processed":236,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926758424196,"flow_dst_last_pkt_time":1667926758429128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2360,"flow_dst_tot_l4_payload_len":1534,"midstream":0,"thread_ts_usec":1667926758429128,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1667927358576852}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1667927358576852}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":238,"flow_dst_packets_processed":238,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927358582077,"flow_dst_last_pkt_time":1667927358587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2380,"flow_dst_tot_l4_payload_len":1547,"midstream":0,"thread_ts_usec":1667927358587005,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":240,"flow_dst_packets_processed":240,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927958536913,"flow_dst_last_pkt_time":1667927958541805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1667927958541805,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":494,"packets-processed":493,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1667928558676547}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":494,"packets-processed":493,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1667928558676547}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":242,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667928558681642,"flow_dst_last_pkt_time":1667928558686523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2420,"flow_dst_tot_l4_payload_len":1573,"midstream":0,"thread_ts_usec":1667928558686523,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":244,"flow_dst_packets_processed":244,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929158637190,"flow_dst_last_pkt_time":1667929158642079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2440,"flow_dst_tot_l4_payload_len":1586,"midstream":0,"thread_ts_usec":1667929158642079,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1667929758769940}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1667929758769940}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":246,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929758775023,"flow_dst_last_pkt_time":1667929758779865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2460,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1667929758779865,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":248,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930358755038,"flow_dst_last_pkt_time":1667930358759853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":1612,"midstream":0,"thread_ts_usec":1667930358759853,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":225,"global_ts_usec":1667930958886671}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":225,"global_ts_usec":1667930958886671}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":250,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930958891808,"flow_dst_last_pkt_time":1667930958896692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1625,"midstream":0,"thread_ts_usec":1667930958896692,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":252,"flow_dst_packets_processed":252,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667931558871110,"flow_dst_last_pkt_time":1667931558875920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2520,"flow_dst_tot_l4_payload_len":1638,"midstream":0,"thread_ts_usec":1667931558875920,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":228,"global_ts_usec":1667932159023314}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":228,"global_ts_usec":1667932159023314}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":254,"flow_dst_packets_processed":254,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932159028303,"flow_dst_last_pkt_time":1667932159033132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":1651,"midstream":0,"thread_ts_usec":1667932159033132,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":522,"packets-processed":521,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_usec":1667932759077722}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":522,"packets-processed":521,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_usec":1667932759077722}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":256,"flow_dst_packets_processed":256,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932759082733,"flow_dst_last_pkt_time":1667932759087559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":1664,"midstream":0,"thread_ts_usec":1667932759087559,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":258,"flow_dst_packets_processed":258,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933358966393,"flow_dst_last_pkt_time":1667933358971321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1667933358971321,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":233,"global_ts_usec":1667933959089706}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":233,"global_ts_usec":1667933959089706}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":260,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933959094917,"flow_dst_last_pkt_time":1667933959099748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":1690,"midstream":0,"thread_ts_usec":1667933959099748,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":235,"global_ts_usec":1667934559114048}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":235,"global_ts_usec":1667934559114048}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":262,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667934559119423,"flow_dst_last_pkt_time":1667934559124245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2620,"flow_dst_tot_l4_payload_len":1703,"midstream":0,"thread_ts_usec":1667934559124245,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":538,"packets-processed":537,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1667935159188577}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":538,"packets-processed":537,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1667935159188577}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":264,"flow_dst_packets_processed":264,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935159193608,"flow_dst_last_pkt_time":1667935159198401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2640,"flow_dst_tot_l4_payload_len":1716,"midstream":0,"thread_ts_usec":1667935159198401,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":266,"flow_dst_packets_processed":266,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935759106386,"flow_dst_last_pkt_time":1667935759111237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2660,"flow_dst_tot_l4_payload_len":1729,"midstream":0,"thread_ts_usec":1667935759111237,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":240,"global_ts_usec":1667936359250805}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":240,"global_ts_usec":1667936359250805}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":268,"flow_dst_packets_processed":268,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936359255952,"flow_dst_last_pkt_time":1667936359260802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2680,"flow_dst_tot_l4_payload_len":1742,"midstream":0,"thread_ts_usec":1667936359260802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":550,"packets-processed":549,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_usec":1667936959271744}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":550,"packets-processed":549,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_usec":1667936959271744}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":270,"flow_dst_packets_processed":270,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936959276903,"flow_dst_last_pkt_time":1667936959281745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":1667936959281745,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":554,"packets-processed":553,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":244,"global_ts_usec":1667937559422166}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":554,"packets-processed":553,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":244,"global_ts_usec":1667937559422166}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":272,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667937559427332,"flow_dst_last_pkt_time":1667937559432171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":1768,"midstream":0,"thread_ts_usec":1667937559432171,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":274,"flow_dst_packets_processed":274,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938159333625,"flow_dst_last_pkt_time":1667938159338503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1667938159338503,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":247,"global_ts_usec":1667938759434538}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":247,"global_ts_usec":1667938759434538}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":276,"flow_dst_packets_processed":276,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938759439542,"flow_dst_last_pkt_time":1667938759444375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2760,"flow_dst_tot_l4_payload_len":1794,"midstream":0,"thread_ts_usec":1667938759444375,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":278,"flow_dst_packets_processed":278,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939359421713,"flow_dst_last_pkt_time":1667939359426519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2780,"flow_dst_tot_l4_payload_len":1807,"midstream":0,"thread_ts_usec":1667939359426519,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1667939959475875}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1667939959475875}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":280,"flow_dst_packets_processed":280,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939959480953,"flow_dst_last_pkt_time":1667939959485802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2800,"flow_dst_tot_l4_payload_len":1820,"midstream":0,"thread_ts_usec":1667939959485802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1667940559505023}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1667940559505023}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":282,"flow_dst_packets_processed":282,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667940559510206,"flow_dst_last_pkt_time":1667940559515036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2820,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1667940559515036,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":578,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":254,"global_ts_usec":1667941159559112}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":578,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":254,"global_ts_usec":1667941159559112}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":284,"flow_dst_packets_processed":284,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941159564239,"flow_dst_last_pkt_time":1667941159569033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2840,"flow_dst_tot_l4_payload_len":1846,"midstream":0,"thread_ts_usec":1667941159569033,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1667941759635973}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1667941759635973}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":286,"flow_dst_packets_processed":286,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941759641101,"flow_dst_last_pkt_time":1667941759645959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2860,"flow_dst_tot_l4_payload_len":1859,"midstream":0,"thread_ts_usec":1667941759645959,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1667942359803826}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1667942359803826}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":288,"flow_dst_packets_processed":288,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667942359808855,"flow_dst_last_pkt_time":1667942359813747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2880,"flow_dst_tot_l4_payload_len":1872,"midstream":0,"thread_ts_usec":1667942359813747,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":589,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":260,"global_ts_usec":1667942359813747}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":589,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":260,"global_ts_usec":1667942359813747}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 589/589
 ~~ skipped flows.............: 0
@@ -266,8 +266,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517226 bytes
-~~ total memory freed........: 5517226 bytes
+~~ total memory allocated....: 5517266 bytes
+~~ total memory freed........: 5517266 bytes
 ~~ total allocations/frees...: 86460/86460
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 524 chars
diff --git a/test/results/default/teamviewer.pcap.out b/test/results/default/teamviewer.pcap.out
index 69013858e..3e6845247 100644
--- a/test/results/default/teamviewer.pcap.out
+++ b/test/results/default/teamviewer.pcap.out
@@ -1,4 +1,4 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="}
@@ -16,11 +16,11 @@
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":520201475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":520201475,"pkt":"CAAns+YuUlQAEjUCCABFAAAwFQEAAEARG41dL+DxCgACD4zFhnEAHDKfAAAAAAAAAABEJgMXJHMEAAAAAAA="}
 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":31,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521274313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":13050,"midstream":0,"thread_ts_usec":521274313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":36716.1,"max":442863,"stddev":96766.6,"var":9363771392.0,"ent":2.6,"data": [12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12]},"pktlen": {"min":44,"avg":438.8,"max":1052,"stddev":450.4,"var":202865.5,"ent":4.2,"data": [124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71]},"bins": {"c_to_s": [0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":579147460,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":633881700}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":633881700}
 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":639022187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":129,"flow_dst_packets_processed":160,"flow_first_seen":330297046,"flow_src_last_pkt_time":729854393,"flow_dst_last_pkt_time":729854070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":60753,"flow_dst_tot_l4_payload_len":64705,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":352,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":729854393}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":352,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":729854393}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 352/352
 ~~ skipped flows.............: 0
@@ -29,8 +29,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510370 bytes
-~~ total memory freed........: 5510370 bytes
+~~ total memory allocated....: 5510410 bytes
+~~ total memory freed........: 5510410 bytes
 ~~ total allocations/frees...: 86224/86224
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 513 chars
diff --git a/test/results/default/telegram.pcap.out b/test/results/default/telegram.pcap.out
index 3ad3520a5..71faeded3 100644
--- a/test/results/default/telegram.pcap.out
+++ b/test/results/default/telegram.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588779596451825}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588779596451825}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1588779596451825,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
@@ -337,7 +337,7 @@
 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":148,"flow_dst_packets_processed":153,"flow_first_seen":1588779617174153,"flow_src_last_pkt_time":1588779629315487,"flow_dst_last_pkt_time":1588779629237403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":30560,"flow_dst_tot_l4_payload_len":28992,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634795180,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1378,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":0,"flow_first_seen":1588779596708683,"flow_src_last_pkt_time":1588779655298782,"flow_dst_last_pkt_time":1588779596708683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19803,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":14,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":340,"global_ts_usec":1588779655298782}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":14,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":340,"global_ts_usec":1588779655298782}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1566/1566
 ~~ skipped flows.............: 0
@@ -346,8 +346,8 @@
 ~~ total active/idle flows...: 48/48
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5645145 bytes
-~~ total memory freed........: 5645145 bytes
+~~ total memory allocated....: 5645921 bytes
+~~ total memory freed........: 5645921 bytes
 ~~ total allocations/frees...: 87930/87930
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 556 chars
diff --git a/test/results/default/telegram_videocall.pcapng.out b/test/results/default/telegram_videocall.pcapng.out
index 461e3f08c..f4eaae284 100644
--- a/test/results/default/telegram_videocall.pcapng.out
+++ b/test/results/default/telegram_videocall.pcapng.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648032334213648}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648032334213648}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="}
 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -136,16 +136,16 @@
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="}
-01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="}
-01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="}
-01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"}
@@ -154,15 +154,15 @@
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="}
-01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354274610,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="}
-01211{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
+01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354323453,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032354824070,"pkt":"MzMAAAACCL6sCxduht1gAAAAABA6\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAAChQDivgAAAAABAQi+rAsXbg=="}
 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354886306,"flow_dst_last_pkt_time":1648032354873460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":649,"midstream":0,"thread_ts_usec":1648032354886306,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":51751.5,"max":474673,"stddev":95446.3,"var":9109989376.0,"ent":3.6,"data": [75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495]},"pktlen": {"min":49,"avg":106.2,"max":265,"stddev":48.9,"var":2396.0,"ent":4.9,"data": [128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119]},"bins": {"c_to_s": [3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0],"entropies": [5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354886306,"flow_dst_last_pkt_time":1648032354873460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":649,"midstream":0,"thread_ts_usec":1648032354886306,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":51751.5,"max":474673,"stddev":95446.3,"var":9109989376.0,"ent":3.6,"data": [75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495]},"pktlen": {"min":49,"avg":106.2,"max":265,"stddev":48.9,"var":2396.0,"ent":4.9,"data": [128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119]},"bins": {"c_to_s": [3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0],"entropies": [5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354972956,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354972956,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3rRAAEARHHHAqAypCi5nyKWlpjoAbKiIAAEAUCESpEJIMGllM1hUOElYclgABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUIfqSi1aNpSsABSuloxN5Y\/\/7Bh2AKAAEpHJZAg=="}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354991775,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1648032354991775,"pkt":"MzMAAAD7CL6sCxduht1gAkk0ADUR\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1CIEAAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="}
@@ -226,10 +226,10 @@
 01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032367726063,"flow_dst_last_pkt_time":1648032367761550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":816,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032366834658,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -239,9 +239,9 @@
 01005{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364836832,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336807614,"flow_dst_last_pkt_time":1648032336880010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":684,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":684,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032367726487,"flow_dst_last_pkt_time":1648032367858291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032367880227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032367726813,"flow_dst_last_pkt_time":1648032367876128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -251,11 +251,11 @@
 00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032367732783,"flow_dst_last_pkt_time":1648032367761600,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":889,"packets-processed":887,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1648032378336597}
+01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":889,"packets-processed":887,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":32,"total-detection-updates":14,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1648032378336597}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 889/887
 ~~ skipped flows.............: 0
@@ -264,10 +264,10 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5613748 bytes
-~~ total memory freed........: 5613748 bytes
+~~ total memory allocated....: 5614300 bytes
+~~ total memory freed........: 5614300 bytes
 ~~ total allocations/frees...: 87117/87117
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
-~~ json message max len.......: 2331 chars
-~~ json message avg len.......: 1437 chars
+~~ json message max len.......: 2353 chars
+~~ json message avg len.......: 1448 chars
diff --git a/test/results/default/telnet.pcap.out b/test/results/default/telnet.pcap.out
index 2e321f14d..972411fc3 100644
--- a/test/results/default/telnet.pcap.out
+++ b/test/results/default/telnet.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":943755158387203}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":943755158387203}
 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":943755158387203,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158387203,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158389728,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="}
@@ -11,7 +11,7 @@
 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160949196,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160949196,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"fake","password":""}}}
 02271{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160950568,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160950568,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":172,"avg":125200.9,"max":1232764,"stddev":336743.6,"var":113396252672.0,"ent":2.2,"data": [2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372]},"pktlen": {"min":52,"avg":63.2,"max":137,"stddev":18.8,"var":354.0,"ent":4.9,"data": [60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52]},"bins": {"c_to_s": [15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0],"entropies": [4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}}
 01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755197957149,"flow_dst_last_pkt_time":943755197958477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":943755197958477,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":943755197958477}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":943755197958477}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 92/92
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502689 bytes
-~~ total memory freed........: 5502689 bytes
+~~ total memory allocated....: 5502713 bytes
+~~ total memory freed........: 5502713 bytes
 ~~ total allocations/frees...: 85953/85953
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 543 chars
diff --git a/test/results/default/tencent_games.pcap.out b/test/results/default/tencent_games.pcap.out
index b2f09bb29..ca7409795 100644
--- a/test/results/default/tencent_games.pcap.out
+++ b/test/results/default/tencent_games.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707238628700988}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1707238628700988}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628700988,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628700988,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1707238628700988,"pkt":"RQAAPBTXQABABi6oCtetASuCE+OpJP3ySA0izgAAAACgAv\/\/6UkAAAIEJugEAggKADg0GAAAAAABAwMJ"}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1707238628700988,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1707238628897041,"pkt":"RQAAMAAAQABABkOLK4IT4wrXrQH98qkkd+t360gNIs9wEgQAXdMAAAIEJugDAwkA"}
@@ -7,7 +7,7 @@
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":116,"pkt_l4_len":96,"thread_ts_usec":1707238628901586,"pkt":"RQAAdBTZQABABi5uCtetASuCE+OpJP3ySA0iz3frd+xQGACAkWEAADNmAAsACxABAAAAAAEAAABMAAAAAAIDAAAnEAAAAGUAAwMAAAAUOTA4OTQ5OTU2NTE0OTMyMDQzMAAAAAAAAAAAAAAAAwAAAAAAAAA="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1707238628700988,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628897041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1707238628901586,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"43.130.19.227","src_port":43300,"dst_port":65010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1707238628901586,"flow_dst_last_pkt_time":1707238628901869,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1707238628901869,"pkt":"RQAAKAAAQABABkOTK4IT4wrXrQH98qkkd+t37EgNIxtQEAP\/soAAAA=="}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1710911174720280}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":390,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1710911174720280}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911174720280,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174720280,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710911174720280,"pkt":"RQAAPLrbQABABsQjCtetAaI+Yaa2Qh+VE6JEngAAAACgAv\/\/DDQAAAIEJugEAggKD4MhPgAAAAABAwMJ"}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710911174720280,"flow_dst_last_pkt_time":1710911174815632,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710911174815632,"pkt":"RQAAMAAAQABABn8Loj5hpgrXrQEflbZCd+t36xOiRJ9wEhAAcS4AAAIEJugDAwkA"}
@@ -23,7 +23,7 @@
 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":378,"pkt_l4_len":358,"thread_ts_usec":1710911201676284,"pkt":"RQABej1+AABABm0gCtetAaI+dMmncFD7voEv1Xfrd+xQGACAbJAAAAAAAU54ATVRy2rDMBD8lz27Ru9HbjmUnAKl0JvByNY6mNiWK4uUEPLvle0E6aAd7WhnRg9Y8LfuPRxYAe3otyMlhBaQ7jPmcwFdDGPdz3AASsp1UWKggDmGFpdlZxQwhje5gBvGpQ9TZhzPp8+fj+PkY+j9hyxJJjbB3\/PVo4Iw45RJFRwq0FxIa4jWQlKihTGygqICN8\/vDsaN3bDFRXQbxBVlesfmwaVXI30hLqY+ZR0bSPbn2k1zClfcYdk1eSbhbYOcWC+NMygkc7xhhBNKrHK+EW33Zq+pbMTvr1N9CuEy5HKdFsOAr\/lWcmWU5YxZIYUSjFfwzMZ3L9n66iTXE6a\/EK\/1njScQ9MPmPEFJ1+nfsQluXHLXWchlDJClZZrgjHrj\/Vt\/xTFyrwpVWVuWOn9ZY3eIecd61rFrOw011IaL9AylNrYjih4\/gOOuZK9"}
 00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201551469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710911201676284,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1710911201676284,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1710911201676455,"pkt":"RQAAKAAAQABABmvwoj50yQrXrQFQ+6dwd+t37L6BMSdQEA\/\/+QgAAA=="}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1710946393543759}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1710946393543759}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946393543759,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393543759,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1710946393543759,"pkt":"RQAAPEo\/QABABk94CtetAYHiZ0q3xnkblxhB9QAAAACgAv\/\/rcQAAAIEJugEAggKMFSdvAAAAAABAwMJ"}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1710946393543759,"flow_dst_last_pkt_time":1710946393905382,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1710946393905382,"pkt":"RQAAMAAAQABABpnDgeJnSgrXrQF5G7fGd+t365cYQfZwEgQAvA4AAAIEJugDAwkA"}
@@ -34,7 +34,7 @@
 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1710946393543759,"flow_src_last_pkt_time":1710946394270452,"flow_dst_last_pkt_time":1710946394629878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":2332,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":2332,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"129.226.103.74","src_port":47046,"dst_port":31003,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1710911174720280,"flow_src_last_pkt_time":1710911174823773,"flow_dst_last_pkt_time":1710911174895319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":125,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":125,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.97.166","src_port":46658,"dst_port":8085,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1710911201480980,"flow_src_last_pkt_time":1710911201708919,"flow_dst_last_pkt_time":1710911201676455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":433,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710946394629878,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"162.62.116.201","src_port":42864,"dst_port":20731,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TencentGames","proto_id":"395","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1710946394629878}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tencent_games.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4226,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1710946394629878}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 32/32
 ~~ skipped flows.............: 0
@@ -43,8 +43,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513609 bytes
-~~ total memory freed........: 5513609 bytes
+~~ total memory allocated....: 5513681 bytes
+~~ total memory freed........: 5513681 bytes
 ~~ total allocations/frees...: 85929/85929
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 519 chars
diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out
index 18e501ca0..8ad56b0ba 100644
--- a/test/results/default/teredo.pcap.out
+++ b/test/results/default/teredo.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1438853615305874}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1438853615305874}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853615305874,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -30,7 +30,7 @@
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853653349933,"flow_dst_last_pkt_time":1438853653403120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1438853653403120}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1438853653403120}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
 ~~ skipped flows.............: 0
@@ -39,10 +39,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507357 bytes
-~~ total memory freed........: 5507357 bytes
+~~ total memory allocated....: 5507445 bytes
+~~ total memory freed........: 5507445 bytes
 ~~ total allocations/frees...: 85928/85928
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 978 chars
-~~ json message avg len.......: 772 chars
+~~ json message avg len.......: 771 chars
diff --git a/test/results/default/tftp.pcap.out b/test/results/default/tftp.pcap.out
index dcd510c41..f50d488b8 100644
--- a/test/results/default/tftp.pcap.out
+++ b/test/results/default/tftp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946730124846355}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946730124846355}
 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946730124846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtViAEUAGx52AAEAAAAAAAAAAAAAAG9jdGV0AA=="}
 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -15,7 +15,7 @@
 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}}
 01194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_usec":946730124846355,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"}
 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":8256,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.0,"max":0,"stddev":0.0,"var":0.0,"ent":0.0,"data": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"pktlen": {"min":46,"avg":295.0,"max":544,"stddev":249.0,"var":62001.0,"ent":4.4,"data": [544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946733724846355}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946733724846355}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946733724846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtVjAEUAGx52AAFzeXNtYW4ubGlzAG9jdGV0AA=="}
 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"sysman.lis"}}}
@@ -25,7 +25,7 @@
 00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":24795,"flow_dst_tot_l4_payload_len":196,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":946737844630728}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":946737844630728}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":946737844630728,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"}
 00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"zz.bin"}}}
@@ -36,7 +36,7 @@
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":946737844632198,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgquAAAEARbK+sHAWqrBwFW\/JqrkoADPvdAAQAAQ=="}
 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}}
 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":108,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1692571562010945}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":108,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":7,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1692571562010945}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1692571562010945,"pkt":"gB8CRSVHAADNOBNDCABFAABJmb1AAEARGqHAqAItwKgCyIwAAEUANb2WAAJlbXB0eTEwMEtCAG9jdGV0AGJsa3NpemUAMTQ2OAB0c2l6ZQAxMDAwMDAA"}
 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562010945,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"empty100KB"}}}
@@ -47,7 +47,7 @@
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562010945,"flow_src_last_pkt_time":1692571562010945,"flow_dst_last_pkt_time":1692571562010945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"192.168.2.45","dst_ip":"192.168.2.200","src_port":35840,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1692571562013335,"flow_src_last_pkt_time":1692571562013335,"flow_dst_last_pkt_time":1692571562013335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"192.168.2.200","dst_ip":"192.168.2.45","src_port":47649,"dst_port":35840,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1692571562013335,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1692571562013335}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":26189,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1692571562013335}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 109/109
 ~~ skipped flows.............: 0
@@ -56,8 +56,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518510 bytes
-~~ total memory freed........: 5518510 bytes
+~~ total memory allocated....: 5518662 bytes
+~~ total memory freed........: 5518662 bytes
 ~~ total allocations/frees...: 86057/86057
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 517 chars
diff --git a/test/results/default/threema.pcap.out b/test/results/default/threema.pcap.out
index ae5ecb99d..28ad988bd 100644
--- a/test/results/default/threema.pcap.out
+++ b/test/results/default/threema.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655301424082000}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655301424082000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301424082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424082000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424108000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="}
@@ -21,7 +21,7 @@
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301676990000,"pkt":"eJS0JASgYDjgxTWgCABFAABkOh1AAD8GmKPAqAJkuVjsbsVEFGa+1hz2PrdC4oAYAVeW7QAAAQEICgAPJvYNuzbqEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k5Ez5IOu8sHTBCPJKxiuLUM"}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301677017000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301677017000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxUQ+t0LivtYdJoAYBBT1kQAAAQEICg27NwgADyb2pST6cJDhur1ILq6UIEWtlnuQFkcU2\/xfWadEuFW78qsYg5wMjFnUvaWsfnK6Fp3dpRxs6\/7D1WxjM2X8\/Gu1wMcVtNcAnkhA9GW1gMlDC+8="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301678700000,"flow_dst_last_pkt_time":1655301677048000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655301678700000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1655304039977000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1655304039977000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655304039977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304039977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304040001000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="}
@@ -30,7 +30,7 @@
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040029000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655304040029000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxbp03BGrfdbJWYAYBBS+bwAAAQEICjtrfvAAEMblDwmY0u1\/FJJlG8pGMzR4DHUA2SbDCPgL7VMIbmcQJS5Wyz7JHVONLuWdk575DHG9THznkpqJQgv38Qj\/f\/dhFRs1\/8YAkvYQ2sZA5fjM1T8="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304040312000,"flow_dst_last_pkt_time":1655304040064000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655304040312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301738438000,"flow_dst_last_pkt_time":1655301678762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655304045367000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655306704436000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655306704436000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655306704436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704460000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="}
@@ -38,7 +38,7 @@
 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655306704464000,"pkt":"eJS0JASgYDjgxTWgCABFAABkW4VAAD8GdzvAqAJkuVjsbsYeFGbGZSTpLWF89IAYAVetkAAAAQEICgASf3J3Y\/lmEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4sbataBLDe6as2OUn4cnpB"}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704488000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655306704488000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxh4tYXz0xmUlGYAYBBTJUQAAAQEICndj+YQAEn9yeZWV+OdkU0mSnCGppCSAJbL9JS8rd+OXEO3cXQRLF+HwyR8sz+yuANi\/FNlAZNb3PrHf0YF9udqW3VvcrW+\/D2pjQJ1v\/TFBzsLCAdVVzZ8="}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304045367000,"flow_dst_last_pkt_time":1655304045364000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655306704559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655307958972000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655307958972000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655307958972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958972000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958996000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="}
@@ -51,7 +51,7 @@
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301621987000,"flow_dst_last_pkt_time":1655301622013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1655308018973000}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1655308018973000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 83/83
 ~~ skipped flows.............: 0
@@ -60,8 +60,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523528 bytes
-~~ total memory freed........: 5523528 bytes
+~~ total memory allocated....: 5523632 bytes
+~~ total memory freed........: 5523632 bytes
 ~~ total allocations/frees...: 86004/86004
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 545 chars
diff --git a/test/results/default/thrift.pcap.out b/test/results/default/thrift.pcap.out
index 45657bdf5..7f0af4d82 100644
--- a/test/results/default/thrift.pcap.out
+++ b/test/results/default/thrift.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618939325157360}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618939325157360}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157360,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157360,"pkt":"ZGV2aWNlZHJpdmVyCABFAAA0aulAAIAGAACp\/jv3qf4uBNCLKwLKdsytAAAAAIACIAB\/HQAAAgQFtAEDAwgBAQQC"}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157427,"pkt":"ZHJpdmVyZGV2aWNlCABFAAA0AABAAD4Gvc2p\/i4Eqf479ysC0Iu7suEFynbMroASchBOjwAAAgQFtAEBBAIBAwMG"}
@@ -8,14 +8,14 @@
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157555,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1618939325157615,"pkt":"ZHJpdmVyZGV2aWNlCABFAAAoqt1AAD4GEvyp\/i4Eqf479ysC0Iu7suEGynbM1lAQAcn\/fwAAAAAAAAAA"}
 02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325159246,"flow_dst_last_pkt_time":1618939325159187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2920,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3250,"flow_dst_tot_l4_payload_len":7422,"midstream":0,"thread_ts_usec":1618939325159246,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":119.8,"max":188,"stddev":47.3,"var":2241.9,"ent":4.8,"data": [67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119]},"pktlen": {"min":40,"avg":375.2,"max":2960,"stddev":637.8,"var":406764.6,"ent":3.6,"data": [52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960]},"bins": {"c_to_s": [5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1622206473205908}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1622206473205908}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 07056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4936,"pkt_l4_len":4902,"thread_ts_usec":1622206473205908,"pkt":"AAAAAAAAAAAAAAAACABFABM6Zi5AAEARw4J\/AAABfwAAAcAMGq8TJhE6goGygQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBaGuaOvmYTOqQQWABbMtcCLqNbW4eoBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFprMtIHs2OEFFrAHGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3NzUxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWnNG0gezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWxJryxpeBoekEFgAWyPDeuea8r6YuFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFval54Hs2OEFFqwJGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3ODMxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW\/qvngezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAW8uWpt+qqgKsEFgAWqYLBtf270evxARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbonO2B7NjhBRbeBxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzgzOAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFoSh7YHs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFvqGnZy9+dfwAhYAFtO46sffyaa7GhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaOjdaC7NjhBRaqBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzk4NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtaQ1oLs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuzjrKCg6bX5ARYAFpqsg8CNmf7v3wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWxozeguzY4QUW1AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjc5OTQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBb4kN6C7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbgo7HM4sDc9gIWABat27nxrfeN4TsWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW5q\/Cg+zY4QUW+AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjgxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBawtMKD7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbcivTis8qLvAEWABbczvODu7Ks5pEBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrrbloTs2OEFFrQFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjQxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFuaWr8eDzPlFFgAW2IOOiNmRvvVRFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFqjTnoTs2OEFFsIFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjUyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWrtaehOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWqOOBz+7B0NMCFgAW5qywk4TRx6YBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs6wo4Ts2OEFFsoDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjU2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFozT1u+3sNX5AxYAFruLnr+svsXNXBYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhas7ryE7NjhBRbKCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODI5MwAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFqD2vITs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuTvlKK6tbniBBYAFt7TxoLztJ7ExgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqrLkhezY4QUW3g0ZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1NzMAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbMu+SF7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABaAqfv135ayxQEWABbxqpG05PnOr20WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW3PrvhezY4QUWgAIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1ODUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW7v+RypLGwoIFFgAWpa2JyqmV2qBHFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs7htobs2OEFFvoKGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4NzA2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW2Oi2huzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWvrSo25Lk6ZEBFgAW\/Mu25N3Uuy8WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWnKqph+zY4QUWygQZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg4MjcAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWqqCtwe+ZmegCFgAWrqHm7O\/56JRtFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrT9rYfs2OEFFrgMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4ODM3ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW6oSuh+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAWtIi99PnliOMDFgAWr4D1oIH+tqbMARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbIi9iH7NjhBRa4Cxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODg4NgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvyS2Ifs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpiG28yl9YTqAxYAFp6Khpqln4D\/vAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtIWniOzY4QUWwgcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkwMDUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa6iqeI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbU4KrL85XASBYAFtnRoOjBlpPt8wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW9tnkiOzY4QUW4AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBaI3uSI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABbyn72E39iHyQIWABb8lfCbktCR8\/QBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFo7D84js2OEFFtYGGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MTMyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWtMfziOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW1r+jys2k3sEBFgAWqbSn9uzasMAgFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFpDVs4ns2OEFFsYIGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MjM4ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWutqziezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAAAA=="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":104,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325167655,"flow_dst_last_pkt_time":1618939325167596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6875,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14450,"flow_dst_tot_l4_payload_len":71295,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
 06247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4322,"pkt_l4_len":4288,"thread_ts_usec":1622206484939295,"pkt":"AAAAAAAAAAAAAAAACABFABDUa\/ZAAEARwCB\/AAABfwAAAcAMGq8QwA7UgoG0gQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBa0g7LzyrnngQEWABblrKGoxcOvpxwWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWhLSTiuzY4QUW8AIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjk0MDQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWtv6FuMfW8JgCFgAW3qHqkaHita3BARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbAwKqK7NjhBRbKAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTQ0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABbstN+sgbOr9wMWABbIn4yOmKP384MBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuSY7ovs2OEFFp4JGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5NjcxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWlp\/ui+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW0tWM2OiK4r0BFgAWo+eQwO2qkOjeARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAha414eM7NjhBRbmBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTcwNAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsDbh4zs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAFpryttmhxKdTFgAWseWtqrqlgq9cFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFtqLpI3s2OEFFtYFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5OTMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFtrmpq3dmcfxARYAFtjY6ratrM+VrgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqsnLjezY4QUWpAgZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAwMTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW3sK6\/MSryJHTARYAFqLGvoqEgZqcLBYAGAZ4eHgxMjMlBhaUjfCM7NjhBRbc+Z4BGRwYEXNhbXBsaW5nLnByaW9yaXR5FQZGAgAZDAAWyKqwjd6emYcEFgAW4qH\/nbeXkeoCFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuyjkY7s2OEFFtAMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMTM1ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW8KuRjuzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWpLug4Pyk6vkCFgAW3OjsypaSgdgeFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFryryo7s2OEFFsIDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMjMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFvzArf3L35zQBBYAFq2f5a3mhJWg9QEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW\/P7pjuzY4QUW+AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAyODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWkvOmk8WC2swCFgAWtI7dwaDc4Z2\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbqnOWP7NjhBRaWCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDQ3MAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvSj5Y\/s2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpTB1qCT2cqkBBYAFvSMwrWC39zRxQEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtOPrj+zY4QUWigYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA0ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbi5uuP7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABb+mOqot9nKqQQWABa2lJymztvVvjYWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWgpOxkOzY4QUWwgEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA1ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWjv\/Q15zA+P8DFgAW+\/2iuY3E3+P9ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaepeOQ7NjhBRaWBBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDY1OAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsyn45Ds2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFujnhs\/6qqS7AxYAFub224W23ojIPhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaGgYeS7NjhBRamAhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDk2NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABakkI\/xl8iqzQMWABaIpcHvzq\/79SoWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWzNuwkuzY4QUWwAoZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwMzQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa04rCS7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABa8+tv72OzRmAIWABbH5c6EkKG4hCIWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWloTAkuzY4QUW4gEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwNTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW\/N+I9eTZqIwDFgAWg7v+\/4PfgvG7ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbQ+fuS7NjhBRbcAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTE0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtz7+5Ls2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFsSeqPfrlcbzAhYAFqXK8qPO186QwAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWlNCJk+zY4QUW9AMZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzExNjgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWxPPB2pP1wZMBFgAW+KuAr+XO8fi\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaO\/8uU7NjhBRa6BBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTQzNgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFuyBzJTs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAAAA="}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206484939295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":172,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1622206484939295}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":172,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1622206484939295}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 172/172
 ~~ skipped flows.............: 0
@@ -24,8 +24,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507181 bytes
-~~ total memory freed........: 5507181 bytes
+~~ total memory allocated....: 5507221 bytes
+~~ total memory freed........: 5507221 bytes
 ~~ total allocations/frees...: 86044/86044
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 530 chars
diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out
index 281a64e23..1ab04d8b1 100644
--- a/test/results/default/tinc.pcap.out
+++ b/test/results/default/tinc.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495983427717971}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495983427717971}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -34,7 +34,7 @@
 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983475073125,"flow_dst_last_pkt_time":1495983475073073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":2339,"flow_dst_tot_l4_payload_len":2308,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1495983475109122}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1495983475109122}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 317/317
 ~~ skipped flows.............: 0
@@ -43,8 +43,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518006 bytes
-~~ total memory freed........: 5518006 bytes
+~~ total memory allocated....: 5518078 bytes
+~~ total memory freed........: 5518078 bytes
 ~~ total allocations/frees...: 86220/86220
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 527 chars
diff --git a/test/results/default/tk.pcap.out b/test/results/default/tk.pcap.out
index 6307c524b..e7efd84c0 100644
--- a/test/results/default/tk.pcap.out
+++ b/test/results/default/tk.pcap.out
@@ -1,5 +1,5 @@
-00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613939315029133}
+00557{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00620{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613939315029133}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1613939315029133,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"}
 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -18,7 +18,7 @@
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315127815,"flow_src_last_pkt_time":1613939315127815,"flow_dst_last_pkt_time":1613939315183610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315184123,"flow_src_last_pkt_time":1613939315184123,"flow_dst_last_pkt_time":1613939315239614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315127338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613939315239614}
+00625{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613939315239614}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502491 bytes
-~~ total memory freed........: 5502491 bytes
+~~ total memory allocated....: 5502547 bytes
+~~ total memory freed........: 5502547 bytes
 ~~ total allocations/frees...: 85888/85888
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
diff --git a/test/results/default/tls-appdata.pcap.out b/test/results/default/tls-appdata.pcap.out
index 1c4ef03a0..0a2911aa1 100644
--- a/test/results/default/tls-appdata.pcap.out
+++ b/test/results/default/tls-appdata.pcap.out
@@ -1,5 +1,5 @@
-00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642636825083000}
+00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642636825083000}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1642636825083000,"pkt":"YDjgxTWgeJS0JASgCABFAADTdsZAAFQGdWizPMOtwKgCZAG77NyYT4Q6bz7CkoAYARcapAAAAQEICuA9efAA6xLnFwMDAJq6kl+L8CkANElxlxEecHMQmMQNkeaHxIp41zgnfTmHWl1kbYylGWBjaZG2NzJzlVXZWLztslEjbtyBdUs5oPdXaxkx+\/Qqz25LpRnvI2Oa6mejiJQ6cva3m1sq7WKg7Tr1kRyTeD3F3LCkV1iqkLWh7Tv+UIHyUeGMLTuUM2Ln4Jd+SMy0A0nofS3noQlT0jEHIJotqStJgnoJ"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -9,7 +9,7 @@
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825302000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"}
 00933{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825302000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825303000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1643610288722000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1643610288722000}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288722000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1643610288722000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUr1ZAAG4GmdrAqAJkNN\/GB+ZgAbs5J4UhnRUwIFAQJz3DuQAAFwMDBbsPVRnTUZmGPBlnKdgK94iLfa1WzOumranE61s0xvAtVjrmnivoUriXENTZHZ6xJ+jtI02SpI1pRFy9oatnRAti+z3dflh9zDeImNOzWaaReV7pRcOrrq7tetZhYkU+J8nisBJ42M5+CPOJz2x9RWtShEja6uVC5aX31AdfQo20rLfO\/h359IB7fzanuauTs\/HdR9kryxM8fpmunMnX8WXp67VFyeXC9tn4sMVL2L1iFuAZ2WReqtOFPjc27OdH3FdONsJrS3rdK2QVlml0LGbtHI9L05So1IHq5iGWqnYrZQ589c78wmLTg0z6Ka0yN+W3FGjoIGV3+LcQLvz6QRgjR\/kIHAJohOAQCxTc9V8F6Gv4p79TOjrL8QYreKxwrcyV7t0\/ffxHqa6wsgnwahqHz5mGSmBc+NEk20kRh8LU5Ux04uV1MrApZkpFkwVelAuPdI3nbz4UYiSP08RLjt7FwNdonwA2wk0UsATBQ2iYBLpKcWy8MNYJXPH2+OoHv7AYz4ifKDgWz1xsViG63GdMyM6QWXC1knvXeFbsFV0zb686r04l1qD5DGVWted1hpWErKnl1mFLjhp7NBh19Fu92aw6Pp1LmbPygTeDVvX2BkgA980SLqucCK1QQ\/87Y2y1rEMBDJI337XRO9fLLom3N1GZGcfdjcOmFx23h3Xsl+JOKuIRqUHcNjsuWmsI93vxv7AiXhfl3ON6PBpCzXsWfQd5CnOow3DrBISIOf0QBKNxmFchEodhvvam7eYuYBOrQVQbZqwqAEmXVvmKkPfxg11O7945k9bJbHrHGnTHIJFPF8Wi5iInrrMIczLCm1Ty3X1uvh+KSzqOKu23gp0oy8tw8FSTiaFy88XbiN7NdhsKDDqcgzhRWXEyoPsqv8ZLHWmNQtFHEc1otdBhKSXxBo4sSfSRCFeFjnRiWuoJkIwrZr\/BJCPDk0kJntgUkKLVBB9u32VxY3auwEwW8zwog0Kk3+GGDIkvqFTJNbiOxAZx3Bh00tLdNxMKdSO2fUGW4NL+WwwvLg+eGNlmxqkHecoyIHU6SnMN0ibGz7t0FimXl9FSI77SBAp8XGca7+fLewD9OHIgZzvqQJhSicTTl9ZflYmqdns0hrrJmkNCykZ4VHxI+domV7DRJABw2KvQ0HwDx5SMRpKeA2sueP598Raa+9F37mFZha6n1dhCKRSIkHPBCXwqEfhybcdOppz7dducg\/rDRmksOfTm7RdRFeBiYRjuqqdrpfrvqj4+n50RtPuOEamaACLRJe6TZ7AW60wNgZ4dbP5mBUOsUL+tGIvS3nrV+yuTsPHrJLA6h95nQQJJp1gPln6Nqwtu9dkRRA6KEKJsdtHc3JqWZjaSLJzaseg\/8y7N52Wwn6qAh47XHIlR\/ujrZyknuYN7irKa4apesgI2eDCnzFOHgd17m7AHq7vKvKmnQgplT+sFJcUwVu3nfqOhQjoDv02P5GlZXrAskO+6m+j9jtZMWk5ljB89fKaXNeLo2zjdBvluIThOvbDD4qSD+Jyi+\/ACr297jxF4hgS34EXR2bPMBCWBQ7weITTmdrwxEGtvfRK6RrUaKt0mA7Mmh2K3xkeJIyTQWAWBfCDfp+4+jtl\/HFNZ3X72EWk2uH6pI3SkOAUM71ZFkDV0zGFae0Xl1Uvj44SLDq0NxVlzOiFLtUYYjE6EZp45LPVhL8l6xcclI4RpJZwSBG5E9xwp658S+bV\/0zFdLWUxoCdi1hOVc+KmQMRQFDNgNxnLdxBG\/I6e1KPzAP3ozk4qy5VXGqPMtnuKoWBMuYqKTJjEAlG62upJHVz1g7aZjkN7ewqhTZXT4U3\/nLD+KKBpRA+6aGJQ3Wk\/Yc7YyxkVi+HCxxNdytkZcR22mmETB+o4WMzW60Iu0eFVoPREMdUcI4HUkA0F\/UGykYOAX3kyJbTw"}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643610288724000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8r1dAAG4Gn3HAqAJkNN\/GB+ZgAbs5J4rNnRUwIFAYJz2+IQAAaUBxB\/Gc\/nglm3L+T6FaB1y1dAs="}
@@ -20,11 +20,11 @@
 04463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288740000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_usec":1643610288740000,"pkt":"YDjgxTWgeJS0JASgCABFAAuAJktAADkGUjo038YHwKgCZAG75mCdFTXMOSeK4VAQCRbJZQAAojBMnRDZFuM5IayC7DxZg14hGjptzpz7JyYn\/VlCW5HvsHG0Mf4\/S4so+0jRr7AUxe\/99FVXASYAy6+CnvN+L3wtaase6XcKwXPlMdIoSbRjhWoksZG1BLBjH5CzFnJVtvvwB4EQoSLCePdVBagaQtfWaLJfD9KQjJfE3+tjeuNO1zSZMQ3b3SV\/CSdUT8nZm6O5PfBzi9sFGCnyTeNgfHUexbr2KlFVjtjvSJtGOZY9oQaXPXGon+WPWFia+cJl+PLMl30C6oEUkTrH1lnP6uYZAtt02PaZK3cUjSU38gWQl0mmp1p4JVBUFUunkphM0+4YGawKHKXk+vQiFjN3ioqCBpN2z5nUccWMpzdzKOH6igknO7RExCKwvouXPpQ1blUE60W7wlRxBK7a0fhB\/hEFnGm0piRzqfUyfkXfj8Aof2hNjFMEOEym2LmXZpn326GR6rL8krrzqq3jihuk9\/AJbQW14B0xtzidDDna0EDhooCbiph5alqpOttnFPxdRRlN4M3rm\/reacV6TXT7cW1KkHfh4S8amolRozdjsBvB+KXa1i0gO\/5vi2yk8+fmbTfysVYk0Mvot7TD7\/Q1OwHq8ukhZ98JRoSBH0A8ZugikuD+4fy8dDXQgmV9\/YjKxYS6suqEHKksJ6+eZnU0mOC1DFDZX8lJCGWr8U4GyEY2CucVAkVGOktZvjRxG+3KNum5rBmsjeKJKSXGphUlupzVu0f4VVY7wiV4ctynrgVcw6ux9CX0IeEQl5wqxPMtwt7BaO89NjsCNj6gBqvFnAiEPTlZMERaymXlqNjw6veeiP13MVewTF0Rlrxjs8XDcqVMweVVmiCGwNbAjrc9sbh5GiU+faYg0AZTYafaQ36A7UsGPL3XlJxu951A5GXa6I2hlFIfAm7t0yxrQzKkAFb92IMk0IgoUmNFBTaMIniGjbcg\/z72wygn0RTxN8KnivzxYQacLE1FbOM0XK4dmV2rWgp+Woc+M1naNVKjCed5+RuQ+PBJD2sGM593KdXRlSF0I\/SAHo+T0+jf2U3PXlt2QrPuQpndaIkizrlweYwaGhzlzfAThT79ndRbdgGdHcTIIJL+MXNsCiks6XeMcyRuHaOEvM1XIHYKmvKFAJZlleY\/Md9YkNu8Lc1FVg28\/P\/YP9PE+FE0wUPrHKDT90ahjqHx43fmVvDRFl0eyLX3VrDZHsVxgJz2NN\/6cFvSemOcMT6B5\/SaiFcsESeYNjEqMLLc\/tV3eHld9iBH+VKKSpOWuT31emkQm6WixpHzFLID7PdiPOPeJv\/Z++fRf7ZLiyjHCozFlx4mqF7XfW9kA9UjpiMSECP+TidaPkx1HpdntfbzbR7fbmt6D993D4P6R0yffuLWnvUMv4qc+9exQOApudzlzhy8NkoTfBeulTXY5\/ULZFEW04bMOmxUV5Ne4bJTPM85nWvxLwxrGbnCTGn1gZMhUBctWzKdsQtAZQBwJqg\/qxXYLpiyHVwsiuv7ogoiDRR6QB6CsGgfBJOngbM\/aB5tsN1FXLYI2gLNzpo+xIqeYAtt1NTdzgJBvWrxj6Duk0z6E4qZpjDk\/svivOFJiM8KoSRX02zLN5x++UZ25zaMeFAwNEEL35xQQ4+Romt98\/A8tPyC4dL3gsmm7tYWUXOSd8QR\/+NkCUj\/dcif73fs+3ibQHbzNwa6kSb32Hx6C5Y+4xJeMGX92ODFuVRrt83\/1jnoAmrYSyiFAHhIOa1xKvUU8AH\/LXNtfqCN74U9hr+Wn8eg8quEgaeugyd7xLnbDYEQqYYnIcDbxSZ6XYYn9DMkM0ySze2bJmgpY9ix3kvkhVIIHhheuMqAS9jeqpodL+prASW5286G5rJV1w6ZaHEbL9tyhpXhdjHxkKivgLhvlkGYbWuGY2gK4BqKCsUf0afYcwpk59fZcpXaa\/X1cUuThVmEFyCzCKV90qwcQbbh3NV94v59hKYCqRRVRhczTJbB3O24laSakXKqPpoCepQA4PYv0unbtAjaTLi7fnhCTbkJUeBKwZDldC5PTtweRlnf8strRAZKsIR8IQXhz+ZULlotXXCRgmVXaJT6ntsyREGK4i2UG6IiNPExNFOuYp7ngey+fOEo37VnteRim5SBGHCmpjlaIEO6il7e14KczR2ul0BjjZg1LVP4XtQzVGx50jB2l8EZPGZrIiDab6th1u3sffiYMboSZlVYcGeeeQAQYcxYkSJ5ikCOo2r71WNGtMobC1nRrpkIkH60qawk3IFODuL3ip6EVMR0gUK4uJLQ451UAiCycCyM3CKstjMDA3+H2kNBwIk3K3ualeSa0ojhqP9TMdZ2Upmf7xvtPxNOj3h7Vepw41umUU94JF4B56rNQVjbppIuFIvFcX0R4mYCImIYYsreCnItiEnzaz8qLLKy0DfMK0uYjezNlowQAxgmeGeM7rACrWUV8MTm\/FksrPSXAAjmkFYlv0\/ha6Hgb5hC7dwHoszxFNONQhLvB+l1oMZE3OczPqJkj2NcafixDE7zVK+ICgGbXwYGzzVjpgU3jKIBPryo+Mtqmz9ww8OES90G77kCoTiJrGSIbwPF9xf6g56VF9GoPrRNwWpdiu3KuJYw98xjWhVX2xnNbhSb4CONR1K1stR3uCOKxPYE1Y0WCpQ5aDNUSlleK5PTy4H51wRPNViq9PWUz72OoK2qNv7Cm2bFrTIY\/uCDzd4QSh9OHwBLCqlInnnwzjZ3hk9I6v7OyEGeqjryjZ8Xdy8iIoPkYNQJBlq5UbqDVkawPgYeELv3Xp+4mLSAz3VjZsPByIvGEuV5erP1UlRyVhmB+g64ztQZglHJAUxLbmhoCe43waLX218\/mXhae1gmHPSpKzBfGlu32McJYULZY32m+WjPTruIMvwjvc6SKGFSR0vSBsOkqlUtZV3yp9sqkwkU+LeNfQVrRZzzRFN6DGJ24PJfxgvI1RYt8dN2Nri4x7+3pAfT5WWt+O6qbHbvfM8h+hBty\/3VRCemu+NcbzhUmRNuS9yHf0pm5rCKEl5F2kggRV\/GrvmICg3rJCbvLZjITqdjJmYudk5RyaSyiJTaYphXdTPMcl4YG8cyyAH6s\/1wgixKpV3xb\/SfMo4qWJoIVuhR7WvPzNE\/MI0ALUEw63Pc3e8E4+F3F2bjw8BGgwKoQfW2Lyfo24WttMks8v8TOzcFnwSxtAPEjoZ8zUo\/uvMNI917Cfo2O2azHoB26EdQTS73RiPZo1210flS1H9TiWVMOwalb\/LRkw8knpierR0b3sF9t1vudCPcllN\/5soJ1f2xf\/Nh\/YJcFGdtYLxK3I0j9\/V6D6fmziCR08\/WOtbeL4EQKrGverdZekDGA7LmHuyhMOxDNE06L4PcioMQclaxuQyq38gf5nWqDn6RoVu3Z41rAgmRlLOnF18QFLOBDph08txavJqEvdWoTP+qDUKSDfYW+QFthsg+Qo+JgOoHCWonB8FWzYEgWi8\/atdiP5WDsg2rwQrr\/NUT1vgk5ZclxAx1\/e54AU9jBsWrS4sUBQQb3bLz2P7PqgURGuoIecGXEI\/hnw109WGsaESCD9fllzvGhKzmyWbTPb1KCFfmfAQpkuHkBytT5BBiBauRp5IEiTD4bjWwk9lHcRP6F3bisGHc+igeU9j62Qa9LX3HabNwo1841nlNNKWPQ+zsvGMqE3e2viT4h\/3LDoe4E1i1FBbi4OzpDPLSJ\/dxPvQ\/+1eGqycUBPOm4aqeSJh4OgXPDJpRHNr7MWnZ\/WfBGq4GZHKyKD4IcFcLwVibRcMQQ7pkbbzEla\/I4\/EdC1pemyTZynZWPszPz4NWCy22jypV\/MHL0PpLsWrMnnU7TRwpsljMYp00akEln5hv5cNWNhrdre4SI+py"}
 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288741000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 02139{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610304703000,"flow_dst_last_pkt_time":1643610304703000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":4416,"flow_dst_tot_l4_payload_len":30419,"midstream":1,"thread_ts_usec":1643610304703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1031032.2,"max":15956000,"stddev":3917522.5,"var":15346982453248.0,"ent":1.0,"data": [2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000]},"pktlen": {"min":40,"avg":1129.2,"max":2944,"stddev":1252.1,"var":1567845.6,"ent":4.0,"data": [1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9]},"directions": [0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643611942615000}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643612754900000}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1643614758865000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643611942615000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643612754900000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1643614758865000}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":49,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643614758886000,"flow_dst_last_pkt_time":1643614758885000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":11776,"flow_dst_tot_l4_payload_len":101176,"midstream":1,"thread_ts_usec":1643614758886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1643614758886000}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1643614758886000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 120/120
 ~~ skipped flows.............: 0
@@ -33,9 +33,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5544576 bytes
-~~ total memory freed........: 5544576 bytes
-~~ total allocations/frees...: 85999/85999
+~~ total memory allocated....: 5544629 bytes
+~~ total memory freed........: 5544629 bytes
+~~ total allocations/frees...: 86000/86000
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
 ~~ json message max len.......: 4468 chars
diff --git a/test/results/default/tls-esni-fuzzed.pcap.out b/test/results/default/tls-esni-fuzzed.pcap.out
index 6f1cec8db..dfeb7a8da 100644
--- a/test/results/default/tls-esni-fuzzed.pcap.out
+++ b/test/results/default/tls-esni-fuzzed.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
 01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","ja4":"t13d1813h2_29a2cd9e9f10_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
@@ -12,7 +12,7 @@
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3/3
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509844 bytes
-~~ total memory freed........: 5509844 bytes
+~~ total memory allocated....: 5509900 bytes
+~~ total memory freed........: 5509900 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 1509 chars
-~~ json message avg len.......: 1042 chars
+~~ json message avg len.......: 1041 chars
diff --git a/test/results/default/tls-rdn-extract.pcap.out b/test/results/default/tls-rdn-extract.pcap.out
index 201cb0065..34c034bd5 100644
--- a/test/results/default/tls-rdn-extract.pcap.out
+++ b/test/results/default/tls-rdn-extract.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="}
 01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","tls": {"version":"TLSv1","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -10,7 +10,7 @@
 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5UxAADUGLQDVx5X7CgAAAQG7emnv2MeHZGeGnVAQGJhPMQAAiAWJbWaSMKuviDnX1C0Llpx4JK8Aq88JPhOua8Pg4c9gf4tT3ALQ87CGEd69AgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBQIQuPbThFm87UIxUDbVXwzRhGDODALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwgACDAjBgkrBgEEAYI3FQIEFgQUforCnFoyjMJxotlPdXD3qRv2lAUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwHwYDVR0jBBgwFoAUMyHwy\/6ioESS3vY7M9hfAUuXeF0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4Y2aHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3JshjRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3Jshh9odHRwOi8vY29ycHBraS9jcmwvbXN3d3coNSkuY3JsMHkGCCsGAQUFBwEBBG0wazA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvbXN3d3coNSkuY3J0MCsGCCsGAQUFBzAChh9odHRwOi8vY29ycHBraS9haWEvbXN3d3coNSkuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCPwtFc7xQRdxdjBzxMfGja\/oZK4iDMP7AnPdHirMiLSKbkWfc6Bq19UvH2ZWGWISKuaL4vet6zDPXpxd34ZYJdy2w+DDcRdBUJeFW9JhK71pV007z1dgkqat82xI5W1R8g33+CMNdDq2gii2paxZvQnY0LDFCFfsxagAeLA06\/vV9sVg8FqeJUw6XTUlxfTQvdBfhREgMhb5xsl5gqwcERvL0brvvjV19PHwCe4qRR0\/esCTdYpQkh0XLQssGL203cE9FUWE0rwK36Uxk1sRWoQmS37ccfpXmoDTjUUL\/0Wv8v6b8\/fTjl+yAM1E7gLx1FevsoLzFIb8xuXGhC+urICwEw7BAmQjgjqcMZuNlwGmgsksufc+bM\/zMj7ttetX8FWD9QxRwIGPTrL2KqU\/ehzd7j64IcGmdroUynaHFA0WU7QRicSeNx++tNg5PTR+ZkQsu2NRz7NA6hKPuMoacfAShR5XGUN5zcQVt8fuksI2eUnXPfX0B5o42VMMxTFwi8UIbz\/BAZgfz0Wm7z3KKadXvDrKBR7TK2WN9PjpFTatKqG13mU7iJo56JoeMp4LNs6xrMb1qqwuL2HkUp79bCQ7E7rT4m\/IGXXEj9Ylk0ksn7uaHXQgX7GfZ+MvspNNWHZuUEHcg+EPqmePUefd4aOnh83CpxBqMtbwVVI4uQ7wAFFjCCBRIwggR7oAMCAQICBAcnYgIwDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMDA0MTQxODEyMjZaFw0xODA0MTQxODEyMTRaMCcxJTAjBgNVBAMTHE1pY3Jvc29mdCBJbnRlcm5ldCBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC99M0npUrYkBnbsgp7YKROjw6Yo5x8UHbrs0qMnxiw55rFK4KGCSisERIyJvUZ6vC4Z2jFBv30Ga7ZE6DQgScIpnmcBPVIMi42H6trJuyhQ7SdgLBJA+qCSV8FE8Wgg1\/hKvQEGUt+yNqIvLVdA7x4VqHpf8Vq77b\/HQFZtx9TWl\/G+JFtxX1Dkxg="}
 03639{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","tls": {"version":"TLSv1","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d120500_d94e65cdb899_c35b4a14be45","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}}
 01311{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":946681200000000}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":946681200000000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5541948 bytes
-~~ total memory freed........: 5541948 bytes
+~~ total memory allocated....: 5541972 bytes
+~~ total memory freed........: 5541972 bytes
 ~~ total allocations/frees...: 85919/85919
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 3644 chars
-~~ json message avg len.......: 2035 chars
+~~ json message avg len.......: 2034 chars
diff --git a/test/results/default/tls_2_reasms.pcapng.out b/test/results/default/tls_2_reasms.pcapng.out
index ee982a6be..f9a5d0e5f 100644
--- a/test/results/default/tls_2_reasms.pcapng.out
+++ b/test/results/default/tls_2_reasms.pcapng.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052958270296}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052958270296}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052958270296,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052958270296,"pkt":"AAAAAAAAAAgAHsfjCABFAAA8AABAAFkGPQnAW7quGYlQIAG7lPYStl7aMwcmoaAS\/\/+mFwAAAgQFcAQCCAqXmyQsjJgTHgEDAwg="}
 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1639052958421275,"pkt":"AAAAAAAAAAQAaxhhCABFAAHI7AFAAD8GaXsZiVAgwFu6rpT2AbszByahErZe24AYAVd0fQAAAQEICoyYE\/2XmyQsFgMBAY8BAAGLAwMAlXJSyLbTWNrF02NSj28hHamky0L5wCYQnHUCL\/6z3iD5LhfBzVNFGwCCqzHgNKOymBfZ7K0vIQElpPRSPY852QAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgECxpEscXa0pzp0dwcj2NsRSDz0wt8A5bNiy0soe+2RYADQAKAAgEAwUDBgMIBAAAABQAEgAAD2kuaW5zdGFncmFtLmNvbQAQABQAEgJoMgVoMi1mYghodHRwLzEuMQAtAAMCAQAAKgAAACkAsgCNAIeEDo4Sq5aYEoWVI9gb5X7lsbxoLQQbqHnFpnF8aI1WLwAAAADufwuTcgHc7lYZ8SVlha1U3Zkr0Vd9xmvbgpohpkFSNMLDIZ8FmR2pTMB4b2CxLJGFEpspmoijBCvKQSfpFOQOBLhObW1gKrl6AV8Y7rEcYgAxc577AZrXxt9LdTNXMRicjW5cSz1JACEgle78vT7B+RG\/cD3MjAcV8pXx7rRg8Vriehdr1EpDdxs="}
@@ -9,7 +9,7 @@
 01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1752,"midstream":0,"thread_ts_usec":1639052958440022,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309h2_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052958440086,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1639052958440086,"pkt":"AAAAAAAAAAgAHsfjCABFAACEnctAAFkGnvXAW7quGYlQIAG7lPYStl+zMwcoNYAYAQVfGQAAAQEICpebJNaMmBP9FwMDAEsVFAAoT9R4PGUK6JrmQv\/2lo7Dahbke\/2rvVxk1LkuGDP3Y8z\/sO7TJHJKOoOMuj6Phx3KHeI4aO8E3Ijyz4MTDLUa8BC7ydQgDY8="}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":3,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052959221756,"flow_dst_last_pkt_time":1639052958885962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":3685,"flow_dst_tot_l4_payload_len":2290,"midstream":0,"thread_ts_usec":1639052959221756,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052959221756}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052959221756}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502516 bytes
-~~ total memory freed........: 5502516 bytes
+~~ total memory allocated....: 5502540 bytes
+~~ total memory freed........: 5502540 bytes
 ~~ total allocations/frees...: 85878/85878
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 566 chars
diff --git a/test/results/default/tls_2_reasms_b.pcapng.out b/test/results/default/tls_2_reasms_b.pcapng.out
index b4e2754cd..a59fe591f 100644
--- a/test/results/default/tls_2_reasms_b.pcapng.out
+++ b/test/results/default/tls_2_reasms_b.pcapng.out
@@ -1,5 +1,5 @@
-00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052962482663}
+00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052962482663}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052962482663,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052962482663,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zceQAAAgQFcAQCCAq\/P97mAJHwdAEDAwg="}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052963485255,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zYjwAAAgQFcAQCCAq\/P+LQAJHwdAEDAwg="}
@@ -9,7 +9,7 @@
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1639052963520379,"pkt":"AAAAAAAAAAEAEgm4CABFAAESFlNAAFgGvv5YDonDxOql2AG7kxooFUS5SyLI2YAYAHvAaQAAAQEICr8\/4vQAkfDbFgMDAIACAAB8AwO6kuss6bcDSmq8e3GmR05l1RLxmI+dIDHmj2MZ7KgmySCbv0ACoTPxsYE+8Du\/oovylIsJjYgk88YoxhddfiCfjBMBAAA0ACsAAvsaADMAJAAdACAT3wI3T1d\/roP16TYt+DuVSSDCoKmbANYTUw0nFkrHCgApAAIAABQDAwABARcDAwBOZM1cpMqCvWSFHnQFxWqH2pxndfCRMiA\/Np\/+gM72QwNKEfL75BOGgEEdzjYI+CBE83znTyMCWcL06Crm+s3ylM3y+iehn1hG+hQOkfn2"}
 01306{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1639052963520379,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t00d0309ht_55b375c5d22e_566d5108064c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963537951,"flow_dst_last_pkt_time":1639052963523453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":10270,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1639052963537951,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052963537951}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052963537951}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5538938 bytes
-~~ total memory freed........: 5538938 bytes
+~~ total memory allocated....: 5538962 bytes
+~~ total memory freed........: 5538962 bytes
 ~~ total allocations/frees...: 85885/85885
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 568 chars
diff --git a/test/results/default/tls_alert.pcap.out b/test/results/default/tls_alert.pcap.out
index e8498976c..345ec049c 100644
--- a/test/results/default/tls_alert.pcap.out
+++ b/test/results/default/tls_alert.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1628259176203392}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1628259176203392}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176203392,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1628259176203392,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1628259176203813,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="}
@@ -8,7 +8,7 @@
 01360{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176204397,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1628259176204809,"pkt":"oM7IELEuAICPmq69CABFAAA0KOtAAEAGjbTAqAEUwKgBwAG79rbEoc1G7SBJ1oAQAOsSLwAAAQEICgCx5a0T0iP8"}
 01471{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1628259176204934,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1642662403350000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1642662403350000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662403350000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2VAAD8GBknAqAJkoCzKypOUAbvHogbZRxwevVAYAY\/SKwAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -18,7 +18,7 @@
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642662404144000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662404144000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2lAAD8GBkXAqAJkoCzKypOUAbvHogbZRxwevVAZAY\/SKgAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="}
 01214{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176205826,"flow_dst_last_pkt_time":1628259176206182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"34": {"risk":"TLS Fatal Alert","severity":"Low","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662407022000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1642662407022000}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1642662407022000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 18/18
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506863 bytes
-~~ total memory freed........: 5506863 bytes
+~~ total memory allocated....: 5506903 bytes
+~~ total memory freed........: 5506903 bytes
 ~~ total allocations/frees...: 85894/85894
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out
index fb3538c12..c19563b17 100644
--- a/test/results/default/tls_certificate_too_long.pcap.out
+++ b/test/results/default/tls_certificate_too_long.pcap.out
@@ -1,5 +1,5 @@
-00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626168074745096}
+00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626168074745096}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -95,7 +95,7 @@
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1626168077633946,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"}
 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168077633946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077643688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077643688,"pkt":"8BiYFWV8WNVuaKQACABFAAA0bRxAADkG7oUCFiHrwKgBeQBQ0pgVbXIHxxGuhoAQAfzP6QAAAQEICqAEF+I90fkH"}
-01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
+01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077660456,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077660456,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077670653,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="}
@@ -103,7 +103,7 @@
 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1626168077671150,"pkt":"WNVuaKQA8BiYFWV8CABFAAEJAABAAEAGU83AqAF5AhYh69KZAFBWi1SlxUZcNoAYCAqtegAAAQEICj3R+SqAXqM6R0VUIC9wa2lvcHMvY2VydHMvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3J0IEhUVFAvMS4xDQpIb3N0OiB3d3cubWljcm9zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogaXQtaXQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogY29tLmFwcGxlLnRydXN0ZC8yLjANCg0K"}
 01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077680554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077680554,"pkt":"8BiYFWV8WNVuaKQACABFAAA0kqtAADkGyPYCFiHrwKgBeQBQ0pnFRlw2VotVeoAQAfyTkwAAAQEICoBeo0Q90fkq"}
-01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
+01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168077734028,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077734028,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -215,8 +215,8 @@
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607950,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
-01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
+01243{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
+01243{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -246,10 +246,10 @@
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081946770,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993721,"flow_src_last_pkt_time":1626168077017862,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077848703,"flow_dst_last_pkt_time":1626168077848617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00894{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+01012{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1626168081946770}
+00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1626168081946770}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 315/315
 ~~ skipped flows.............: 0
@@ -258,9 +258,9 @@
 ~~ total active/idle flows...: 35/35
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5700574 bytes
-~~ total memory freed........: 5700574 bytes
-~~ total allocations/frees...: 86688/86688
+~~ total memory allocated....: 5701243 bytes
+~~ total memory freed........: 5701243 bytes
+~~ total allocations/frees...: 86693/86693
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
 ~~ json message max len.......: 2529 chars
diff --git a/test/results/default/tls_cipher_lens.pcap.out b/test/results/default/tls_cipher_lens.pcap.out
index 8c15a4b0d..e2391675b 100644
--- a/test/results/default/tls_cipher_lens.pcap.out
+++ b/test/results/default/tls_cipher_lens.pcap.out
@@ -1,5 +1,5 @@
-00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1391444859282829}
+00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1391444859282829}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
 01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","tls": {"version":"TLSv1","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","ja4":"t10d360600_77f462745360_6072aad2e91d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
@@ -20,7 +20,7 @@
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1391444859282829}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1391444859282829}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -29,10 +29,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5517076 bytes
-~~ total memory freed........: 5517076 bytes
+~~ total memory allocated....: 5517164 bytes
+~~ total memory freed........: 5517164 bytes
 ~~ total allocations/frees...: 85919/85919
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 577 chars
+~~ json message min len.......: 575 chars
 ~~ json message max len.......: 1283 chars
-~~ json message avg len.......: 929 chars
+~~ json message avg len.......: 928 chars
diff --git a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out
index 8652a5d1b..7c979a2c8 100644
--- a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -1,5 +1,5 @@
-00605{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00668{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663090549179486}
+00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00666{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663090549179486}
 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549179486,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"}
@@ -17,7 +17,7 @@
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549540818,"pkt":"PKn0qB\/seq+3+1HBCABFAAA02g9AAEAG3C7AqAG1wKgBgBue6WrMegHJm3t+OIAQAKzwSQAAAQEICp2aQ2XJG2ol"}
 01375{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549222749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1094,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":1383,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01359{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549603905,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00677{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1663090549603905}
+00675{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1663090549603905}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506843 bytes
-~~ total memory freed........: 5506843 bytes
+~~ total memory allocated....: 5506883 bytes
+~~ total memory freed........: 5506883 bytes
 ~~ total allocations/frees...: 85895/85895
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 588 chars
diff --git a/test/results/default/tls_ech.pcapng.out b/test/results/default/tls_ech.pcapng.out
index e9b56fd46..3792a8c80 100644
--- a/test/results/default/tls_ech.pcapng.out
+++ b/test/results/default/tls_ech.pcapng.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688191412679858}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688191412679858}
 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="}
@@ -9,7 +9,7 @@
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="}
 01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1516h2_8daaf6152771_02713d6af862","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1688191412746874}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1688191412746874}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5504569 bytes
-~~ total memory freed........: 5504569 bytes
+~~ total memory allocated....: 5504593 bytes
+~~ total memory freed........: 5504593 bytes
 ~~ total allocations/frees...: 85875/85875
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 1368 chars
-~~ json message avg len.......: 964 chars
+~~ json message avg len.......: 963 chars
diff --git a/test/results/default/tls_esni_sni_both.pcap.out b/test/results/default/tls_esni_sni_both.pcap.out
index 256aae0ed..6698363dc 100644
--- a/test/results/default/tls_esni_sni_both.pcap.out
+++ b/test/results/default/tls_esni_sni_both.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595697574192522}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595697574192522}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574192522,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1595697574192522,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1595697574222665,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"}
@@ -18,7 +18,7 @@
 01505{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597802693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697597802693,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.3","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d031100_55b375c5d22e_77359c92d649","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}}
 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574326162,"flow_dst_last_pkt_time":1595697574326417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":6772,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01217{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597855622,"flow_dst_last_pkt_time":1595697597855003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":5312,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1595697597855622}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1595697597855622}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5523897 bytes
-~~ total memory freed........: 5523897 bytes
+~~ total memory allocated....: 5523937 bytes
+~~ total memory freed........: 5523937 bytes
 ~~ total allocations/frees...: 85925/85925
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 540 chars
diff --git a/test/results/default/tls_false_positives.pcapng.out b/test/results/default/tls_false_positives.pcapng.out
index e9fe7d681..3f829873a 100644
--- a/test/results/default/tls_false_positives.pcapng.out
+++ b/test/results/default/tls_false_positives.pcapng.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1641232761063506}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1641232761063506}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641232761063506,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1641232761063506,"pkt":"AAAAAAAAAAcAi3YBCABFAAA0AABAADcGbxAKCgoBwKgAAQWlUfMZL\/oS1g972YASchBrdgAAAgQFtAEBBAIBAwMK"}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761612243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1641232761612243,"pkt":"AAAAAAAAAAcAi3YBCABFAACs+xRAAD4GbIPAqAABCgoKAVHzBaXWD3vZGS\/6E1AYBVnujAAAhAAAAAKIJwDIAAUJDggAAAAEAFNDuAsEAAEAAAAEAFND8wMEAGAAAAAFAGFidmVyBAAxMDA3CwBjb3VudHJ5Y29kZQIAT00DAGlzcAcAT29yZWRvbwIAb3MHAGFuZHJvaWQHAHNka3R5cGUEAG5lcnYLAHZlcnNpb25jb2RlBAA0ODIz"}
@@ -8,7 +8,7 @@
 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1641232761626007,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1641232767278395,"pkt":"AAAAAAAAAAcAi3YBCABFAAF\/+xdAAD4Ga63AqAABCgoKAVHzBaXWD4HVGS\/6IFAYBVm3VgAAb2RlBAAAABQAcXVpY19kb3dubG9hZF9wYXJhbTEAAAAAEgBxdWljX3VwbG9hZF9wYXJhbTIAAAAAFABxdWljX2Rvd25sb2FkX3BhcmFtMgAAAAAJAGV3bWFfc2xvdwMAAAASAHF1aWNfdXBsb2FkX3BhcmFtMQAAAAAOAGxpbWl0X3Jlc2xldmVsAQAAABEAc19waWNrX2xldmVsX21vZGUNAAAAEgBxdWljX3VwbG9hZF9wYXJhbTACAAAACgBzcGVlZF9tb2RlBAAAAAkAZXdtYV9mYXN0CQAAABgAcXVpY19kb3dubG9hZF9wYXJhbXNfbnVtAwAAAAgAcGxheV9vd24DAAAAFgBwaWNrX2xldmVsX2luZGVwZW5kZW50AAAAAAcAYndlX2RlZgEAAAAUAHF1aWNfZG93bmxvYWRfcGFyYW0wAgAAAP\/\/\/\/8BAAAAgAAAAA=="}
 00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1641232767465459}
+00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1641232767465459}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500891 bytes
-~~ total memory freed........: 5500891 bytes
+~~ total memory allocated....: 5500915 bytes
+~~ total memory freed........: 5500915 bytes
 ~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 560 chars
diff --git a/test/results/default/tls_invalid_reads.pcap.out b/test/results/default/tls_invalid_reads.pcap.out
index dff25c118..46018012f 100644
--- a/test/results/default/tls_invalid_reads.pcap.out
+++ b/test/results/default/tls_invalid_reads.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1252380859868541}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1252380859868541}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859868541,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859868541,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859884558,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"}
@@ -9,11 +9,11 @@
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859903858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1252380859903858,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"}
 01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859904145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":851,"midstream":0,"thread_ts_usec":1252380859904145,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","ja4":"","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}}
 01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1252380859942787,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","ja4":"","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1421985541772794}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1421985541772794}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1421985541772794,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="}
 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1544035479538596}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1544035479538596}
 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479538596,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596}
 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479721867,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867}
@@ -22,7 +22,7 @@
 00743{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"}
 01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoTo","proto_by_ip_id":293,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1544035479768404}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1544035479768404}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/9
 ~~ skipped flows.............: 0
@@ -31,8 +31,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5506556 bytes
-~~ total memory freed........: 5506556 bytes
+~~ total memory allocated....: 5506596 bytes
+~~ total memory freed........: 5506596 bytes
 ~~ total allocations/frees...: 85884/85884
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 311 chars
diff --git a/test/results/default/tls_long_cert.pcap.out b/test/results/default/tls_long_cert.pcap.out
index 3ca6b34d1..b3857da4a 100644
--- a/test/results/default/tls_long_cert.pcap.out
+++ b/test/results/default/tls_long_cert.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1553619078033240}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1553619078033240}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078033240,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1553619078033240,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1553619078058439,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="}
@@ -11,7 +11,7 @@
 02778{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","ja4":"t13d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}}
 02150{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078157096,"flow_dst_last_pkt_time":1553619078157742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1610,"flow_dst_tot_l4_payload_len":13760,"midstream":0,"thread_ts_usec":1553619078157742,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8011.5,"max":34221,"stddev":11402.3,"var":130012760.0,"ent":3.6,"data": [25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1]},"pktlen": {"min":52,"avg":532.9,"max":1500,"stddev":584.9,"var":342142.3,"ent":4.1,"data": [64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1],"entropies": [4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":96,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619149347313,"flow_dst_last_pkt_time":1553619149372363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":102711,"midstream":0,"thread_ts_usec":1553619149372363,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1553619149372363}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1553619149372363}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 182/182
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5546140 bytes
-~~ total memory freed........: 5546140 bytes
+~~ total memory allocated....: 5546164 bytes
+~~ total memory freed........: 5546164 bytes
 ~~ total allocations/frees...: 86106/86106
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 552 chars
diff --git a/test/results/default/tls_malicious_sha1.pcapng.out b/test/results/default/tls_malicious_sha1.pcapng.out
index a722362ce..638627278 100644
--- a/test/results/default/tls_malicious_sha1.pcapng.out
+++ b/test/results/default/tls_malicious_sha1.pcapng.out
@@ -1,5 +1,5 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702228308364885}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1702228308364885}
 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1702228308364885,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308364885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308364885,"pkt":"ILAB4IZiNObXAhsnht1gBp8UACgGQCABCwcKPcESlyb2Q6g4sMQqABRQQAIEFAAAAAAAACATnWYBu84tckQAAAAAoAL\/KH9nAAACBAWMBAIICukUG0AAAAAAAQMDBw=="}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1702228308364885,"flow_dst_last_pkt_time":1702228308367897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1702228308367897,"pkt":"NObXAhsnILAB4IZiht1gDMV9ACgGeioAFFBAAgQUAAAAAAAAIBMgAQsHCj3BEpcm9kOoOLDEAbudZrVQLe3OLXJFoBL\/\/4e2AAACBATEBAIICnEgCajpFBtAAQMDCA=="}
@@ -10,7 +10,7 @@
 01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308374788,"flow_dst_last_pkt_time":1702228308398326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1702228308398326,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","tls": {"version":"TLSv1.2","ja3":"00bcd759cb8ad485fdbf1e7a0c5b94b4","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_67c11e811542","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2"}}}
 01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308398348,"flow_dst_last_pkt_time":1702228308398561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":4628,"midstream":0,"thread_ts_usec":1702228308398561,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.prbtest.dev","tls": {"version":"TLSv1.2","server_names":"www.prbtest.dev","ja3":"00bcd759cb8ad485fdbf1e7a0c5b94b4","ja3s":"e2bc06b738d7e5d2b0cec5d2196b1d80","ja4":"t12d2808h2_d943125447b4_67c11e811542","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1D4","subjectDN":"CN=www.prbtest.dev","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"0D:DB:34:F8:75:63:2C:7E:1E:C0:9D:75:82:7F:82:D2:33:6D:FE:B6"}}}
 01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1702228308364885,"flow_src_last_pkt_time":1702228308484038,"flow_dst_last_pkt_time":1702228308437375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":4762,"midstream":0,"thread_ts_usec":1702228308484038,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:9726:f643:a838:b0c4","dst_ip":"2a00:1450:4002:414::2013","src_port":40294,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1702228308484038}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_malicious_sha1.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":5296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1702228308484038}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 22/22
 ~~ skipped flows.............: 0
@@ -19,10 +19,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509747 bytes
-~~ total memory freed........: 5509747 bytes
+~~ total memory allocated....: 5509771 bytes
+~~ total memory freed........: 5509771 bytes
 ~~ total allocations/frees...: 85891/85891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 582 chars
+~~ json message min len.......: 580 chars
 ~~ json message max len.......: 1503 chars
-~~ json message avg len.......: 1023 chars
+~~ json message avg len.......: 1022 chars
diff --git a/test/results/default/tls_missing_ch_frag.pcap.out b/test/results/default/tls_missing_ch_frag.pcap.out
index 386ea5da7..bbcb8ab96 100644
--- a/test/results/default/tls_missing_ch_frag.pcap.out
+++ b/test/results/default/tls_missing_ch_frag.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626252471399786}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626252471399786}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626252471399786,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626252471399786,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAA8hHQAAH0G5JMKCgoBwKgAAQG7gScvWJhthsBAKqAS\/\/9QwwAAAgQFtAQCCApDaqR2wYhnewEDAwg="}
 01943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1090,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1090,"pkt_l4_len":1056,"thread_ts_usec":1626252471549953,"pkt":"WPmHGpl1ZIeIEyz\/CABFAAQ0\/b1AADMGcVLAqAABCgoKAYEnAbuGwEAqL1iYboAYAKxR2gAAAQEICsGIaBBDaqR2FgMBBdwBAAXYAwNEa2hVTZJgASBSwfkI66LYxvlq75ZhdUSD3hgV+1QPOSD\/YaaV0OXvSK6c4cW3cThct7voag1kyNOqp2BHGtTdrgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAVviooAAAAAACwAKgAAJ3IxLS0tc24tNWY1bnhndmg1by1oanVsLmdvb2dsZXZpZGVvLmNvbQAXAAD\/AQABAAAKAAwACvr6QTgAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwTBBL\/6+gABAEE4BJJN2na6uqPHrTPCb\/ILC4h5b3iKIpiqhO312LpjPLgWI86KCmdcCFKYTA3q3tYncymKC7UeIblB55L9t0UFbXqgEn\/fqdxSz6ckZsrtMqwRqfX2cel2WxfY\/aCfW\/vDYB9cWgIbMVWFo2botYfIlYMs0+p+iPkUjoVrNGSCC2VFWOOl1kkUQlsLOGuuFrivum9yxjiZNtHxmAMLLE0umqwruzOY3v9MhI11X9Rs2e4pdwrusuWg+crjjLJLuNx2PDVhjGTRlSvKZIDkgs584qrnA4lK+6TMLkjjfdVqz8YlHU\/ukhF\/OkMR4STHU0TtP9j6fb5+IBTm4M3T7+aKBDgbO5Hlh5+C8KkuBZGMPCbCyyKyiMwmwYV6w4Z7FsEw4szZms4D1vNzCTtzmDX1iFlrRZ39HnHTOWGlFhOSpWxQ1alyFepq0amj5qrD5lEvsid4WL9YWPA6iEH+lS2HeVFxxX6+jjMoxiIobXnjSbihlEeJcjau9qW1HFM5Cf5OK6fgE+qsckMrRD+YBi7IR3FZyn50e4A3B8EUBjnUVb1WOvGXtljlHpAsp7E+9dpaG79UnFS1oz42rTBAf+hfswwdjp6OUNAy3mW\/mKgdG2DJUB1G6xGuCdDkvCiNAMuiSu0sn+24wJf35y13AA5Q3yi6BouVJ3zsl70B8HaknCCcr6p2NTZO9CpEW2h85dbOzpy6RvfWJDYrSXlz7xTgBc3xb9NFXoe92VswvO\/t9Y\/euwUjjOCHegKSVZeTWzbyQet6U0oOGhLjzN1lccJPGSSiHgjhQeZsHB4JeDMe8JqFXFLLBAU5aZJ7DOpRoMquil1EUV0AwlN2ufTfLnLEVoThaC8bUobosvXMg7TyMFtHlSBIAfIvnjqMWiuXTg416E50S3\/9\/mUZYnOfu30kw0DWTkH7rVL7FRcnryKmnk26KijDapfaBn3tczZ6CkMEklqww1oSSqMFwGKANYj9ia0u9A467OwvDTGpp9NQuw4Dpr2\/LPsZcQ=="}
@@ -8,7 +8,7 @@
 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1626252471561460,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561460,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoEAAH0G3SIKCgoBwKgAAQG7gScvWJ3ahsBGC4AQARQdlwAAAQEICkNqpRfBiGgQLjUyE6mzLz+vWovIaoDU7c1aSmNZ7ckkGpcjHq+Zs6kWfD0Do8FrM4cLVV8PUqsQI0Gn956PKHQW3yAdxqD9JQczlAn8Q3x9QAEJNGr6flpe6S5CaTqM6FoDp\/dLFlwLBTeiibV6ZJvrJtn5X9\/fewzJTdwBjRiQ9PuN69skL1uu7AWFSGSpHWPd3wTy7jq83fttcU15jnhv1jWjYbX0myHuvDb9jMe6+t4tjxxTHB7fn14x5ShHvXoHCPL3b9ekqDP9txy0NMOzkk1iGhLGy0TMLhDepafRYgXDNUQA0jq+FeMFM1mI9qRuolZcxYCl6magHjI6Yzk8NbBzxvlq2i\/l01oDXmOyETOneNxaDpMEA5ULsGYeHjbnoH6+WNaIwrChoggZmXW998QtH2VnhTbpB+a+vTVY347dyVc+wBODPa\/qj7KH3Igi0b9PKWOWrCUGUEz25BBGlbeFm5e2jQG2FBbXSf4sGvR\/7Em2tVplLwJdfED3AJRds7xxCFa1aE2FFjVkpRR3deYTSedcPAHD8Ot1pKHb+2OtoxaLpzEd2LvaWfH+APj9rXPwnppF+rxzzG+FbFSONBmzqeyJjdMUXkkDq8iSkg4SWVPPCj4UX8A69WGYd1LAnTyax6GQQy5D142NsvpAhAid2vKYgBgSl5KIgvEaWfqHzqOfVn7XxiT+luD3e5TsozVOb09kvcfIjgXRaRc7J8R4VWrtwQw3S0UmJgfJ7voaPb1bk8PjJyTvaOsyR4460u3IgpLvelLz4J7gDf0ouy\/+rWmbVihg6yzCS0nXHITykyGI1I1+GMpZRgBl5Kf5vC8qfgfEqfJ8E62nCkXp4iszrdKiXiGGejfE6CkCBduKfTFyV5t35wYVxGNJF3OIC6o+pVn+jgGZelAqlQcIyAmBD9pYpaKBGo2W\/a9XbKJuBNLxvghTm0KLJQjHmHYcT0r5wtryOVlb8d4ygj9G88V6orvZcTrzxu3uo53ZrzFCTQK1Tbma70xIH9gTOoxU4rfphwXW7DPcMYC2wVEPRxQZicL8pZxw8rEuNcNLP\/jcOxWreWsaMcExdlsgoIwQJjlqIeO2yw5MerYsKb+koSWLz32E9iubBIvzdnqCcj4yUD2+NSwphRb\/j8FJXJ6Yjli4wusIoQQKVEpY3WpyUbmUUOlXYgSirH6oFhCApF1KZ4ZjoISl7g7j\/QF\/\/eNL7F9EsM92sCop2padW0b\/CxdNSBHjgQT9rqU\/5Wrv4s194NQQA6XLN8E5BjUUbhwT8XZRFqaFTlUPVdEvjpMyPB2fX3HY0XlTfpBjHYjJ7N9ypazmAf3\/2SltbgI9AL2J+QyCGUmM7btpWTPvRIU77ZXPeHuwdVJ66YN4q3JH7DYkCupd5rzFWDNCpYcp+7hLBtJxBC7ixKVCwCb5A3JDWy3kFXKvmU+PufQMPBY64EwXmheRdAeMiDBoTyT5NB0rzH36BPawUCiBp6ngUgeVwF4wp5NYWCTxvSu1n9xn6dNScFch3F9270gfEVIyPT8PLMXJHqedWWabErPWAiqpWUVODVDKK8td5QsQxTuRDDeiXDHxFSbkqSbZwzXfJRW+XNgLCizmMLLRgyxq1mTlPgy11\/vV6sU\/uuh\/OQT2S3xjKJrV+BUAnbSb18NrNROH64cnLN+D\/DT5QPWo6DPRmKiRLvay1Q78D3C6kP4y+NAdpTYaJm8ae5zHb8sa0+1Fq7AFDmxBGSuNEUM7gY0yPQEtz2NCtO+iJ7nVT5lTYudViuJaeAPp4iUOCpzTa8y7pYq7Mw7IM+rqKtWFbBHy5RlgnUEqDvAjcF3j\/FYtWQlRS\/7c50Vh8UE2DTYqu7OeV7w="}
 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1626252471561481,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561481,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoIAAH0G3SEKCgoBwKgAAQG7gScvWKNGhsBGC4AQARRbywAAAQEICkNqpRfBiGgQRaOfchYHfhkEuC+plydgQpXSK9I6ZkSYOkCsdCiCnDmK0WwRx57RrGKWw2KHjtIVlQ\/4zQUTZ5jfEvt97SYQbBDdcLHULbKkEbNedv3iYxXxjT+nCb4IXSchmmTSGQECdaqDj5h79oc4CjRX\/4cATKK\/qcxeRESDvN6tq3yxkZYFG8+N+Arf0e\/wdmZBZBZybFhkJwA\/1YpmFd320ieTDe92z9NUz1culXvp8lPlRhI3RMm\/xmjaed+arMpZO7rY+Q\/e3rg3FOXdr0T5xYxZnEHs2LSXEcqagca0DH5kvLPZ7UYRtU0SHlh2LFXa470iU8qQ+AIYwMcgNxkz9RLy8QUDp1NeYj6a7DuAONGUN6TjhdSeskZ51YNna8nHRAfWO\/mNpfS+fo7ECjkbzuxyraKe99lMQV9SDZQSRzHb9McaufyEQmf4owwlZ5ixKuhXkdZEsOJBs9rjtcIQ56qOizQeKcMkHVPYGK2r0GnHeE5VJcCycgsuOezT+QCvbrZLaPU5crNcY0vQ5LTY4UrKbLbJQiAI2W+HrDdtGMGfnXdDxWf2dNLWxoosntoLuYzhD0zo4\/89xh2MaQv8ukMhBYzyGHApxJK2zPP28UJk59XiR5t5cNI6wE1ypz+3zeT6VMImVsQKr8mX5UwbJV5NR1wGD9YJUZTKzP3mKVx4NYSn04DAkTg5GS8G6RwmfYpFfwy52S8UIekf8KlDMFGZY\/hsNIvYUzjlrg5eHINAovTJIoprQsDi2Zcb8itOX2ZlAx0U7VQjske86xyrNL29NGkEJGvaiSdOkC1fN\/0hC5xMVZdqWGs1ctl8immhsx\/5pvHB1w+TN4i5\/vIkBleKBuZR1yTfNVS7eKSVoFSOjabkOQSmnxPkGnedUoV5zGaqP2gSNB5XulklcOGO\/6dgcaY7lb1vaWcc2wk5nKOrUEhEkZDUD43AqlncBiSPTOEERBRHqSY79rkfpxoOtKjTAkJoq2Ln2Ne9eKQ+lgHk4Kkz8hSc\/G20klTxnYyyxuJcukthpO\/CGQJiVi9C1tgng0rG7jx8jRFW07oxmOa7ceSS6N\/asgsYbGLaItsqhe4b94MNOvL8INUmpNWpBrSe447hATYea4nYdlWcB17QV+yS3NrVygWvyUUSh+uO0U3cR9+yvO\/AP\/1lnnNllCAViXXp4NFqVL2r+R7nkQ25+zCvkBM\/OIed8bOoGQ6f70gTGCmk2W5mej\/dFwnjNrqC43Iv18QXnnBKqoyRosrvYj4PSraBWlHocnugHlhdlsCR7LikvWPQtGVjayQshq8l2Ez2JGK\/xOjNB28ZMqaOlWlhodgcZVXFvmABgrO6QGSsRcJ9OIpjO\/u0qn519WG6O2bkfZkMKq6GnDN\/eUUkQx6w2ESTIaKLjMwYBri89DYsubD9cmBW4cZVwnbUl4ECYN9pQbGDnoPvLHOOPbvTNVEtQuGH\/CbBqBzlwqwdtGEQHMRPb2c8UHaiESvtSCQeA\/NjnUZYIT5BJfO9rFiZoBXosTLyObfmZK1gLb4qd7fClq1zNt1vxijHgbjY3hncITIKuBNHa+HW0FK07V5bn6lqfG75pOsFo84vaWxlDkuQ4yF+svLcRACkRbeKse+1R63Y9mPfiCvBMUWZBxLBIX3lb8u3WScx0AmC99+EgId8\/QNZydqfBAiFrq5dMWyyfZgXuqhgEziEwhi926d1FttgIxGE1D34kr1iqzPxKFcIi55Zmeq6q8zEfMhrDhRVIRwO6P+QhYDuvXKAjfjWVnB66R\/zLie\/R4yV74PcgieI+Jd0B3DlvlUEEFOrmVJxi6RGdSpjig66uZCI+Ahxx0JlkB8j1V3DaaR1rXc="}
 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471614928,"flow_dst_last_pkt_time":1626252471774171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1957,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":6121,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1626252471774171,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1626252471774171}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1626252471774171}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -17,9 +17,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510220 bytes
-~~ total memory freed........: 5510220 bytes
-~~ total allocations/frees...: 85878/85878
+~~ total memory allocated....: 5510257 bytes
+~~ total memory freed........: 5510257 bytes
+~~ total allocations/frees...: 85879/85879
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 572 chars
 ~~ json message max len.......: 2446 chars
diff --git a/test/results/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/default/tls_multiple_synack_different_seq.pcapng.out
index b4b7fc95a..cfa2c1ff6 100644
--- a/test/results/default/tls_multiple_synack_different_seq.pcapng.out
+++ b/test/results/default/tls_multiple_synack_different_seq.pcapng.out
@@ -1,5 +1,5 @@
-00592{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054241336766}
+00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054241336766}
 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054241336766,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054241336766,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054243383123,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054243383123,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"}
@@ -10,7 +10,7 @@
 01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t00d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 02053{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","ja4":"t00d1515h2_8daaf6152771_de4a06bb82e3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76"}}}
 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054270712778}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054270712778}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518031 bytes
-~~ total memory freed........: 5518031 bytes
+~~ total memory allocated....: 5518055 bytes
+~~ total memory freed........: 5518055 bytes
 ~~ total allocations/frees...: 85893/85893
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 575 chars
diff --git a/test/results/default/tls_port_80.pcapng.out b/test/results/default/tls_port_80.pcapng.out
index 5598fa708..3bd78f327 100644
--- a/test/results/default/tls_port_80.pcapng.out
+++ b/test/results/default/tls_port_80.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744619257945}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744619257945}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744619257945,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619257945,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619383792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619383792,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"}
@@ -9,7 +9,7 @@
 01477{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744630475192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744633780253,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 01539{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","ja4":"t12d550500_168bb377f8c8_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}}
 01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1618744633908597}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1618744633908597}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 13/13
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5502559 bytes
-~~ total memory freed........: 5502559 bytes
+~~ total memory allocated....: 5502583 bytes
+~~ total memory freed........: 5502583 bytes
 ~~ total allocations/frees...: 85880/85880
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/tls_torrent.pcapng.out b/test/results/default/tls_torrent.pcapng.out
index 6c9dc593c..fe71e7539 100644
--- a/test/results/default/tls_torrent.pcapng.out
+++ b/test/results/default/tls_torrent.pcapng.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054407415018}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054407415018}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054407415018,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407415018,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407427808,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"}
@@ -10,7 +10,7 @@
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1639054407574962,"pkt":"AAAAAAAAAAcAAh9nCABFAAWguhUAAOMGQ44KCgoBwKgAAQG75dqEHFNtEe7pu1AQAAUYcAAATOdWegB3AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfCYcl7YAAAQDAEgwRgIhAK4QNflwf2+HmIqhCL9XiHr\/3hZ4rrGkhnfWeFejDXyxAiEAkt4xpF+LNjEYvkL7B3tjWsbNVXyTtKH9fOJGtd3NG3swDQYJKoZIhvcNAQELBQADggEBAIFf2lmzR3Mwx1K7jh2VeoyiVGSWAcezryvzzvuJkFttEXNY9uQ6fzVJ1GQwHY8Sgk4RebBUmLhxeHVBfbL4oklNJVitp3p0rJlVE66ss2RvgGq+BLxu8QkuSBvws6zi5r1mCJHh6DlGGb\/l8FXxnxlRL9iztFjmEDreL\/juCdzrKe4yoFY9OwFK0hDfG6NY5eXFxMDAvqJ3aHoK2c+0FO1kROazovg3o3Sb0vhbjlT\/Mvxcygcek7IjdtKQTqXGaT3UdrQTZZmrCaHWPIvNhYuEuIcPApBXT31DgdD5bjzjBMZ76wnMcGd1Wcajuonylorrq+jtjuunrrK1xqwO5vMABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08="}
 01655{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","tls": {"version":"TLSv1.2","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","ja4":"t12d860600_e18388e7f3a3_a1e935682795","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}}}
 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054407576647}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054407576647}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5514758 bytes
-~~ total memory freed........: 5514758 bytes
+~~ total memory allocated....: 5514782 bytes
+~~ total memory freed........: 5514782 bytes
 ~~ total allocations/frees...: 85877/85877
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out
index a0b270cab..a2f66950b 100644
--- a/test/results/default/tls_unidirectional.pcap.out
+++ b/test/results/default/tls_unidirectional.pcap.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575}
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848567575,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1639053848567575,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAAPBpQAAA0Bm8SjvobvAqMSBgUbDFuUzeA1SLoaN2gEv\/\/alkAAAIEBVAEAggK1TA3SQAvLkoBAwMI"}
 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqFAAA0BmmhjvobvAqMSBgUbDFuUzeA1iLoaYSAEAEF8lAAAAEBCArVMDfpAC8u7BYDAwA\/AgAAOwMDYbH6GObXMcPZc0\/u\/07ySDL99AAM65vqRE9XTkdSRAEAwCsAABMAFwAA\/wEAAQAACwACAQAAIwAAFgMDGMULABjBABi+AA21MIINsTCCDJmgAwIBAgIRAL6SfJeXpnf+CgAAAAEZUYgwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjExMTAxMDIxOTUyWhcNMjIwMTI0MDIxOTUxWjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLbBeX0LU3pUWH+9THnnoTQpPglvYMsDQRme2L8rmDF7QEHRFBON4Z6Ol4rL30ubSFYN6X86eKdFg2N4IKsQ0Vo4ILkjCCC44wDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFB918eNtsRAgQAykLBR6lPrqjLfUMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJQgYDVR0RBIIJOTCCCTWCDCouZ29vZ2xlLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIPZ29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1jbi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2VjbmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMuY26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFtcHByb2plY3Qub3JnLmNughMqLmFtcHByb2o="}
@@ -8,7 +8,7 @@
 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqHAAA0BmmfjvobvAqMSBgUbDFuUzeLXiLoaYSAEAEFo1kAAAEBCArVMDfpAC8u7HVyY2hpbi5jb22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF82YK70QAABAMARjBEAiARmGVm7JB3\/oaiBObGX7ROVBBSBRLYITFiTlEAkfPyHgIgcCqtTtRkXEWtBLRMdlLCyCYM1mcHiE111yE3Oz\/NZIAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq\/L8cP5tRwAAAXzZgruvAAAEAwBIMEYCIQCdEWa\/V20J9qsoD+RWkg98YsZ+GN7Iw02KvnAz9ok\/BQIhAIUpxYOKIJBQapnn340xxt3\/h79Jm5lUc5BI1s6PP4IAMA0GCSqGSIb3DQEBCwUAA4IBAQABqQYCPziQTB9R2Rgn5Q8W9muFuMiL4KxImQgWyMFIzShVMs4tIvcdbxGCTlA9XAgmyeDKzU2kf\/bc7nhWpWCLIA45f8+E9bVyHr\/X4mri7FiDHK2XCXO0FRC3eZdepiGSobgPjXlY3Fe7j7+iCnir3opglZmCSKGSUlJMiRAr0AeCNtNEpLzqKc1rUyIpSe7ExrIITKl54o\/8ETyKOlT61jBq4Mbjhmtn0bsrRvaJfV9SOBCa+HlHt+j\/OMqIRm0JNViqmtqAn3eHET3kepM8j2LM3MNs6rMYC9GX6t\/kdQ9LuBdtLk5Beg1yxxPZQicDwEvmo\/KKC8OFwyRb+wekAAWaMIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl\/ejLa6T\/belaI+KZ9hzpkgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsXlOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu\/t\/bgRQIh4JZCF8\/ZK2VWNAcmBA2o\/X3KLu\/qSHw3TT8An4Pf73WELnlXXPxXbhqW\/\/yMmqaZviXZf5YsBvcRKgKAgOtjGDxQSYflispfGStZloE="}
 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqIAAA0BmmejvobvAqMSBgUbDFuUzeQoiLoaYSAEAEFW90AAAEBCArVMDfpAC8u7ACg+1HbyncLC8mWT+9wScdcbSD9mbS04soud\/0t3Au2axMMjBkrF5aYufCL9qAnu7bjjVGPva7Hm7GJnQIDAQABo4IBgDCCAXwwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSKdH+vhc3ulc09nNDiRhTzcTUdJzAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO\/wiRNxPjBoBggrBgEFBQcBAQRcMFowJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5nb29nL2d0c3IxMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHNyMS5kZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5wa2kuZ29vZy9ndHNyMS9ndHNyMS5jcmwwVwYDVR0gBFAwTjA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAgEAiX2sIFwMPL6aqFeVG7Su+qulcnG0NpX930ARA0zCRhS7FCSr8FBxItutxG5\/z\/Fqb8iDG9jOiV+HbIe4qQyjm6FilJOV31uuZhkLApae\/LXnEGk+estGSV9G4UGx15hNZTQAgBo\/T59sf0kAgVNBpJIhgoIa8aNEWypQEhNNwVM280IIr1T6jndTG2Q4JxcJvVjJG3w5LVvzztTtl9sUA78JUyQfwgwEeZgm8mHxU1L9QowbZis\/FaG7\/\/ab44GaAQZxiTUoJN3hvesZLeFIyz1Zg1G0dMadfMaxhluvzDTE08zUgRGVAKH0EiIB+rSDca+Mt4xzJKw3U8IAkD8R\/lztNpQQO70pruLHOmI7bGPZgL9ZcaxjJ7lMF6Da9nMVvyrej\/OlbDKBMwPQhlFxmTS6k41dtVFY97KT6AH2Wb5xm\/1NKM7PbccW3PfR1kabp8pr6XcP\/aC2GyODHRAa2QkAhOBE06J1I7M0hvYgsKReEB3gUkYAnbEPHyFwUfWa3Qb8VfQrDjN3w0tCwvF3E\/xzgJTrH7s3P84CKmawcx0ypTJsMrCO4MQj\/1t9TWVwrCubPc7b4G2OMoC+lp+SY7yXu1259OFxXirk7wMisYplOo\/Ak2XUhc0PD1uDWRZHFi2cJDrIgKYmFIWb9jebrG\/5xcMGUfPif8WxELpR9N0ABWYwggViMIIESqADAgECAhB3vQ1s2zb5GuohD8TwWNMNMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMjAwNjE5MDAwMDQyWhcNMjgwMTI4MDAwMDQyWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf\/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKY="}
 03816{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727919,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn","notafter":"2022-01-24 02:19:51","ja3":"","ja3s":"84aaf6d03fc8c5bfb56d1d188735b268","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=*.google.com","fingerprint":"02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1"}}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"}
@@ -18,7 +18,7 @@
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549200840,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549200840,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6pAAEAGlovAqAGAw7WusLyEAbsbAqjK\/y9VRoAQAeU7+gAAAQEICjj2GeyczD4e"}
 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090558366747,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090607951443,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5674972 bytes
-~~ total memory freed........: 5674972 bytes
+~~ total memory allocated....: 5675012 bytes
+~~ total memory freed........: 5675012 bytes
 ~~ total allocations/frees...: 86045/86045
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 558 chars
diff --git a/test/results/default/tls_verylong_certificate.pcap.out b/test/results/default/tls_verylong_certificate.pcap.out
index b53408a60..364b6253b 100644
--- a/test/results/default/tls_verylong_certificate.pcap.out
+++ b/test/results/default/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03976{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 562 chars
diff --git a/test/results/default/toca-boca.pcap.out b/test/results/default/toca-boca.pcap.out
index eccd9129b..385b0a9ae 100644
--- a/test/results/default/toca-boca.pcap.out
+++ b/test/results/default/toca-boca.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648999646082000}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648999646082000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1648999646082000,"pkt":"eJS0JASgYDjgxTWgCABFAABUT6gAAD8RuzzAqAJkW8dR4cP9E78AQBEY\/\/8AAQAAAAQitua6Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -7,12 +7,12 @@
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646116000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1648999646128000,"pkt":"eJS0JASgYDjgxTWgCABFAABxT6sAAD8RuxzAqAJkW8dR4cP9E78AXV\/iu8gAAgAAADIitua6Af8ABAAAABQAAAAAAAAAAH370YUGAAEEAAAANQAAAAHzAAEIHkEGAwBmMzYxNWExNy02MDg0LTQwYzUtYmZkNS0yZmZiYTRkMQ=="}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1648999646161000,"pkt":"YDjgxTWgeJS0JASgCABFAABLMqoAADsR3ENbx1HhwKgCZBO\/w\/0AN2KSAAAAAn370bQitua6AQAAAAAAABQAAAAAAAAAAQAAADIGAAEAAAAADwAAAAHzAQA="}
 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648999646194000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1648999646194000,"pkt":"eJS0JASgYDjgxTWgCABFAAC7T7gAAD8RusXAqAJkW8dR4cP9E78Ap6eQu8gAAwAAAHQitua6AQAABAAAABQAAAAAAAAAAX370bQGAAEEAAAAcwAAAALzBgABAUNgHwPphFRWEeG7K1su8dh7ceJAIgMbYEW8\/IlaIVUMHV0pUYGkvKEUCp0YWnRyweSVzbsPVZeP3OdC\/CCq\/oATU+qSsKMyrHnO8SqUZVPoXQLHChtZdlXOpTLON959iRFoDP8BBAAAAAwAAAAC"}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1649338791869000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1649338791869000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649338791869000,"pkt":"eJS0JASgYDjgxTWgCABFAABUquwAAD8RF0nAqAJkXCaaMaQmE78AQOkN\/\/8AAQAAAA0lI+N2Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999647452000,"flow_dst_last_pkt_time":1648999648493000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":991,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1649339413371000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1649339413371000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649339413371000,"pkt":"eJS0JASgYDjgxTWgCABFAABUVGwAAD8RbcnAqAJkXCaaMdj4E78AQKGB\/\/8AAQAAAA8HHhQ0Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -24,7 +24,7 @@
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1649339424328000,"pkt":"YDjgxTWgeJS0JASgCABFAABojnsAAHkR+aVcJpoxwKgCZBO\/gGMAVCBGAAAAAhCV6uVoVFlOAf8AAAAAABQAAAAAAAAAAQAAABAD\/wEAAAAALAAAAAA0zASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="}
 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1649357329801000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1649357329801000}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1649357329801000,"pkt":"eJS0JASgYDjgxTWgCABFAABxId0AAD8R6VDAqAJkW8dRe9bHE78AXZvqAZ0AAgAAADR76ExLAf8AAAAAABQAAAAAAAAAAIrS+jcGAAEEAAAANQAAAAHzAAEIHkEEAQA4MjYyMDUzMS04NzM3LTQ4MjQtOGZkMi1hNGQyOWUyNA=="}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -52,13 +52,13 @@
 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1649357796478000,"pkt":"eJS0JASgYDjgxTWgCABFAAC76dUAAD8RIQ7AqAJkW8dRe5FiE78Ap9\/gQYIAAwAAEKFwWW0qAQAAAAAAABQAAAAAAAAAAYraGScGAAEEAAAAcwAAAALzBgABAUNgqO2TCWkNPwQmb\/To5eafmHwk2M3jcXw+syR8\/2ZkLpAnxsjBo9NJIRg3niLIEBe1BKRcjcw9VsSC9Wp8xiV3ZwLnTCAQMR7QxRv8JFOFvJff26sic0VghOwZl+0g5UdBDP8BBAAAAAwAAAAC"}
 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1649358122834000}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1649358122834000}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649358122834000,"pkt":"YDjgxTWgeJS0JASgCABFAACyLPAAADsR4fxbx1F7wKgCZBO\/gh8AnmVJAAAAAorfFD0zMIisAQAAAAAAABQAAAAAAAAAAgAAAG4GAAEAAAAAdgAAAALzBwAAAAgBAUNg8vSS5O+J\/XjOQQuCE\/Kz82hilWidCgaS8LTWICvsbjJnfEWbmMIZg+HqoUshflWYbYRWr5V8d81p2Yo8Hq57m1zea2a8m\/5YufPz7tt8hhSQ3WPzZMeBz21Wv8GmKuYQ"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1649360879587000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1649360879587000}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649360879587000,"pkt":"YDjgxTWgeJS0JASgCABFAACykLMAADsRfjlbx1F7wKgCZBO\/nWIAnpDwAAAAAosJJVgh87CXAQAAAAAAABQAAAAAAAAAAgAAAn4GAAEAAAAAdgAAAALzBwAAAAgBAUNgLNWb5SaCJAocJvmSqainbl+Oa4DJn3IT4qVSI8qFj6X5DLzbYJpCJ8LrRJdeJ7QpAQUlDLFkzmCIsWSJViCx2U\/siT702DkXpm6dZLrYzkK0dSx2ekQBCbW\/YHJC1uBB"}
 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -70,7 +70,7 @@
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649361166006000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8JwkAAD8R5FnAqAJkW8dRe94gE78AKB4+Pk0AAQAADyI7JuZnAQAAAAAAABQAAAAAAAAAA4sNhA4="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649411629031000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649411629031000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649411629031000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d50AAD8Rk8XAqAJkW8dRe8WoE78AKHeQB0IAAQAAAiMEvRHkAQAAAAAAABQAAAAAAAAAA44Pjyk="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -88,18 +88,18 @@
 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_usec":1649411857970000,"pkt":"YDjgxTWgeJS0JASgCABFAAHhCAgAADsRBbZbx1F7wKgCZBO\/kS8Bza5qAAAAAo4TDaEsoxytBwAAAAAAACAAAAACAAAAAfME4gPjDRYC5Q03COQN3wMGAAEAAAABmQAAAAPzA+YAAAgC3x7dB4ADNjVOQzAyZGNzN0NUenlXakNnbnRIZGQ4Uzc2NXZZeXdsTy9qM3pYcW9OdGpvRkozdTlGZHFjeUVpeksvdktmMy9IdldhSkwySW9EdW9Ia0VPSE1sYkQ2aHlPVlBGZkpSaEtxUnRuZUVYNUdGZ0NMRkF1WGl1ai9FdHd2RWFRdURVM3dUZXY3WTFCZ0pqL0tHaHhVdnBDWHpLWkFIb3ZVdkVZNDk0dmFMQSswNlJrUHBXNnVJNU9JYzZSaU5ZODhuK0RtYTRtdm11bGZQakZzQWxCNlE2WlZWZGpoWnJOV1NQcjlaL0ROR2VaUlRFNEc4aEFJZDRrRVl4ZWExZE1UU2Y0cHhmL3RibndmcVdvQ2JWNmhsbE5nSkt3akF0REkxQUV3cmZVeUdxLytxaUc3S2RWVXpDRndMSDVUdWRCRU1vak5XTjlNM0RsV0FHZnBtaW14T1g1S2pmWWw2WkhLV3RKRmhuNUM4dmN6dXZWTTdJZENXeXZzWWl3Umhuam9O"}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1649756653649000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1649756653649000}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649756653649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8JawAADsR6bdbx1F6wKgCZBO\/hscAKBKXAAAAAa\/cVZosVa4ZAQAAAAAAABQAAAAAAAAABAAAATQ="}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01061{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1649949002676000}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1649949002676000}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649949002676000,"pkt":"YDjgxTWgeJS0JASgCABFAATMcx8AADsRl01bx1HhwKgCZBO\/xKEEuJV9AAAAAbaSYs0pd\/HxCAABAAAABKQAAAAFAAAABQAAAAsAAAAAAAAtKgAAAADzBOYB3hXbAQcgYnVzY28gYW1pZ29zIHNveSBwb2xpY2lhIGZyYW5jZXMVBwcCc3QG8KfG20BqSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBwU0OTExMhUHBwJzdAYOLbLdRgoyQQP9HAP8AwoHAm1kAwEHAm1wAxkHAnN2IgP\/AwoHB1NoZXJsb24VBwcCc3QGcT0Kp+h8QkED\/RwD\/AMKBwJtZAMBBwJtcAMFBwJzdiID\/wMKBxNnYXRvcyBnYW1lXzEwOjUzOjMyFQcHAnN0BjeJQaB7OklBA\/0cA\/wDCgcCbWQDAQcCbXADDwcCc3YDAQP\/AwoHCTEwMDAwNDAwMBUHBwJzdAbjpZt0D0BJQQP9HAP8AwoHAm1kAwEHAm1wAwcHAnN2IgP\/AwoHCeaIkeeahOWPkRUHBwJzdAaWQ4v8vMVJQQP9HAP8AwYHAm1kAwEHAm1wAxQHAnN2IgP\/AwYHEHB2cCBoYXJkZWNvcvCfkoAVBwcCc3QG\/tR42XVFSUED\/RwD\/AMJBwJtZAMBBwJtcAMPBwJzdiID\/wMKBwU0MzY4MhUHBwJzdAbn+6nx3kJJQQP9HAP8AwoHAm1kAwEHAm1wAxwHAnN2IgP\/AwoHBGJvdDMVBwcCc3QGAAAAkNDkSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBw4gZ2FtZV8wMjozNTo0MxUHBwJzdAYzMzNDUqhJQQP9HAP8AwoHAm1kAwEHAm1wIgcCc3YDAQP\/AwoHCkdUQSBWIGxpZmUVBwcCc3QGqvHS3eg1SUED\/RwD\/AMKBwJtZAMBBwJtcAMBBwJzdiID\/wMKBxPRg9GDMSBnYW1lXzA2OjE0OjIwFQcHAnN0BrByaKHFz0ZBA\/0cA\/wDCgcCbWQDAQcCbXADCwcCc3YDAQP\/AwoHBTY1MjIwFQcHAnN0BolBYKUCYEdBA\/0cA\/wDCgcCbWQDAQcCbXAiBwJzdiID\/wMKBwU4MTU0OBUHBwJzdAbfT433oXoxQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHDiBnYW1lXzA0OjMwOjQxFQcHAnN0BqabxBDRRUlBA\/0cA\/wDCgcCbWQDAQcCbXADHQcCc3YDAQP\/AwoHBTI4NjQ1FQcHAnN0Bi2ynf8p6kpBA\/0cA\/wDCgcCbWQDAQcCbXADFQcCc3YiA\/8DCgcFMTMxNjUVBwcCc3QGvHSTeDIhQ0ED\/RwD\/AMKBwJtZAMBBwJtcAMVBwJzdiID\/wMKBwU0NDg2OBUHBwJzdAYZBFbuLowxQQP9HAP8AwoHAm1kAwEHAm1wAw0HAnN2IgP\/AwoHCWphamFqYWphahUHBwJzdAYbL90E6kNDQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHBDcxNjAVBwcCc3QGj8L16LZhMkED\/RwD\/AMKBwJtZCIHAm1wAxsHAnN2IgP\/AwoHBuWSjOW5sxUHBwJzdAacxCBQ\/Po0QQP9HAP8AwoHAm1kAwIHAm1wAwMHAnN2"}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1649959918209000}
+00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1649959918209000}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649959918209000,"pkt":"YDjgxTWgeJS0JASgCABFAATMlmcAADsRdGxbx1F6wKgCZBO\/3lgEuGJXAAAAAbv54rwVf+7RCAABAAAABKQAAAAFAAAABQAAAB4AAAAAAACDaAAAAADzBOYAAd5oAfRzAAkyNTY1ODIyODNoAAhi\/W8BcwACTFZzAARNYWxscwACQ0x5AARpAAAAAgAAAAMAAAAEAAAABXMAAkNUcwABQWL8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTM2MDA2OTEyNWgABGL\/YgpzAAJMVnMABlNjaG9vbGL9bwFi\/GIHcwAKMjExMDU4MjkwNGgACGL9bwFzAAJMVnMABlNjaG9vbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAGRGlncmVmYvxiB3MAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5OTY4MzY0MmgACGL9bwFzAAJMVnMABE1hbGxzAAJDTHkAAWkAAAAFcwACQ1RzAAFRYvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAkxNTUyMTI1OTdoAAhi\/W8BcwACTFZzAAdGYWN0b3J5cwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAjZgdin2LHYs2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTc2NjI2NTIyN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAARCYW5pYvxiCXMAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5MTc3MDA5N2gACGL9bwFzAAJMVnMABk9mZmljZXMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAEWmFza2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzU4NjQ3NzY4aAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwADY2F0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzMzNTE4NjcyaAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAFVmlyZ2li\/GIKcwACQ1BzAABzAAJDR28BYv9iCnMACTg0ODM1MzYzN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAdnaXltZXJ0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzQ5OTgwOTQ2aAAIYv1vAXMAAkxWcwAGU2Nob29scwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAZ2dnZ2dnZi\/GIJcwACQ1BzAABzAAJDR28BYv9iCnMACjE1ODg5MTA3NDVoAAhi\/W8BcwACTFZzAAZTY2hvb2xzAAJDTHkABmkAAAAAAAAAAQAAAAIAAAADAAAABAAAAAVzAAJDVHMABjExMjIzM2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzY2Njk2NjY0aAAE"}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -107,7 +107,7 @@
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":77,"packets-processed":76,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1650009948783000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":77,"packets-processed":76,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1650009948783000}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1650009948783000,"pkt":"YDjgxTWgeJS0JASgCABFAATMx5YAADsRQtZbx1HhwKgCZBO\/qI8EuNNNAAAAAbo0YlQBhGKwCAABAAAABKQAAAAIAAAABQAAAAgAAAADAAAj7AAADYwDAgcCbXAiBwJzdiID\/wMKBwU1NDI1ORUHBwJzdAb0\/dQYS1k2QQP9HAP8AwEHAm1kIgcCbXADDQcCc3YiA\/8DAgdI0LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtSBnYW1lXzEwOjI3OjAxFQcHAnN0BnsUrmeuBTZBA\/0cA\/wDAQcCbWQDAQcCbXADHgcCc3YDAQP\/AwoHCEdhbWU4NjgzFQcHAnN0BvLSTULOBjZBA\/0cA\/wDAQcCbWQDAgcCbXADIAcCc3YiA\/8DAQcIR2FtZTIxMjkVBwcCc3QG8tJNsnClS0ED\/RwD\/AMBBwJtZAMCBwJtcAMWBwJzdiID\/wMBBwNvcmEVBwcCc3QG+n5qXFaeS0ED\/RwD\/AMHBwJtZAMCBwJtcAMgBwJzdiID\/wMKBwhHYW1lNTA4NBUHBwJzdAakcD2aTKZLQQP9HAP8AwEHAm1kAwIHAm1wAxUHAnN2IgP\/AwEHCEdhbWU2ODM3FQcHAnN0BlpkO2+BpEtBA\/0cA\/wDAQcCbWQDAgcCbXADGwcCc3YiA\/8DAQcIR2FtZTc1MDIVBwcCc3QGxSCwkiDnREED\/RwD\/AMBBwJtZAMCBwJtcAMZBwJzdiID\/wMBBwhHYW1lODMzNRUHBwJzdAamm8TQnahLQQP9HAP8AwEHAm1kAwIHAm1wIgcCc3YiA\/8DAQcIR2FtZTg5MjYVBwcCc3QGtvP9xMypS0ED\/RwD\/AMBBwJtZAMCBwJtcAMeBwJzdiID\/wMBBwRtZW1lFQcHAnN0Bq5H4YrzN0lBA\/0cA\/wDAgcCbWQDAgcCbXADHgcCc3YiA\/8DAgcIR2FtZTMxMjUVBwcCc3QGHVpkG0xbNkED\/RwD\/AMBBwJtZAMCBwJtcAMdBwJzdiID\/wMBBwhHYW1lNDQxMxUHBwJzdAYzMzMT7lo2QQP9HAP8AwEHAm1kAwIHAm1wAw4HAnN2IgP\/AwEHAzAwMBUHBwJzdAb+1Hi5oeZEQQP9HAP8AwIHAm1kAwIHAm1wAx4HAnN2IgP\/AwIHCEdhbWUyMDU4FQcHAnN0Bilcj7LI5kRBA\/0cA\/wDAQcCbWQDAgcCbXADBwcCc3YiA\/8DAQcIR2FtZTQ2OTYVBwcCc3QGoBovvVRbNkED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMBBwUyMzQzMBUHBwJzdAZWDi2CBeZEQQP9HAP8AwEHAm1kAwIHAm1wAxsHAnN2IgP\/AwoHCEdhbWU3NDUzFQcHAnN0BhkEVo6EOUlBA\/0cA\/wDAQcCbWQDAgcCbXADDQcCc3YiA\/8DAQcFNjA4NDIVBwcCc3QGuB6Fq9mpS0ED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMKBwRPa3VsFQcHAnN0BkSLbMc\/WzZBA\/0cA\/wDAwcCbWQDAQcCbXADFAcCc3YiA\/8DCgcIR2FtZTQzODYVBwcCc3QGYhBYacWlS0ED\/RwD\/AMBBwJtZAMCBwJtcAMV"}
 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
@@ -115,7 +115,7 @@
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1650009948783000}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1650009948783000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 77/77
 ~~ skipped flows.............: 0
@@ -124,8 +124,8 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5543646 bytes
-~~ total memory freed........: 5543646 bytes
+~~ total memory allocated....: 5543990 bytes
+~~ total memory freed........: 5543990 bytes
 ~~ total allocations/frees...: 86157/86157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/tor.pcap.out b/test/results/default/tor.pcap.out
index cb2da0821..c1d49dfc7 100644
--- a/test/results/default/tor.pcap.out
+++ b/test/results/default/tor.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383821660212806}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383821660212806}
 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821660212806,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806}
 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821662212866,"packet_id":2,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866}
@@ -153,7 +153,7 @@
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822232938483,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":495,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":156,"global_ts_usec":1383822262211943}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":495,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":156,"global_ts_usec":1383822262211943}
 02335{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01328{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
@@ -163,7 +163,7 @@
 01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":23,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821726553851,"flow_dst_last_pkt_time":1383821727479587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5770,"flow_dst_tot_l4_payload_len":8096,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131785827,"flow_dst_last_pkt_time":1383822131929382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1654,"flow_dst_tot_l4_payload_len":2534,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":514,"packets-processed":349,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1383822276211998}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":514,"packets-processed":349,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1383822276211998}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 514/349
 ~~ skipped flows.............: 0
@@ -172,8 +172,8 @@
 ~~ total active/idle flows...: 11/11
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5558884 bytes
-~~ total memory freed........: 5558884 bytes
+~~ total memory allocated....: 5559068 bytes
+~~ total memory freed........: 5559068 bytes
 ~~ total allocations/frees...: 86354/86354
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 293 chars
diff --git a/test/results/default/tplink_shp.pcap.out b/test/results/default/tplink_shp.pcap.out
index 0587b2582..3862dc793 100644
--- a/test/results/default/tplink_shp.pcap.out
+++ b/test/results/default/tplink_shp.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671480246580620}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671480246580620}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480246580620,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="}
 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -129,7 +129,7 @@
 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480773884477,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480820817294,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480829271720,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":81,"packets-processed":80,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1671480846725682}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":81,"packets-processed":80,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1671480846725682}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480852858303,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480798218993,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480855668852,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -210,7 +210,7 @@
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481373980200,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481420854606,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481429280552,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1671481446878800}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1671481446878800}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481452994794,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481398291656,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481455655666,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -291,7 +291,7 @@
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481974156304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482020847120,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482029297368,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1671482047021959}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1671482047021959}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482053161546,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481998330813,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482055666013,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -311,7 +311,7 @@
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671482058418105,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":251,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":314,"global_ts_usec":1671482115665844}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":251,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":314,"global_ts_usec":1671482115665844}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 251/251
 ~~ skipped flows.............: 0
@@ -320,10 +320,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5520232 bytes
-~~ total memory freed........: 5520232 bytes
+~~ total memory allocated....: 5520368 bytes
+~~ total memory freed........: 5520368 bytes
 ~~ total allocations/frees...: 86180/86180
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2290 chars
 ~~ json message avg len.......: 1429 chars
diff --git a/test/results/default/trickbot.pcap.out b/test/results/default/trickbot.pcap.out
index 8bbbbb509..f6c96f531 100644
--- a/test/results/default/trickbot.pcap.out
+++ b/test/results/default/trickbot.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609266107551500}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609266107551500}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609266107551500,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1609266107551500,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107797175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1609266107797175,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="}
@@ -10,7 +10,7 @@
 01623{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107797702,"flow_dst_last_pkt_time":1609266108728827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1358,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1358,"midstream":0,"thread_ts_usec":1609266108728827,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196","http": {"url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 10"}}}
 02530{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266109737227,"flow_dst_last_pkt_time":1609266110219915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":27187,"midstream":0,"thread_ts_usec":1609266110219915,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":156585.2,"max":931328,"stddev":258444.3,"var":66793451520.0,"ent":3.3,"data": [245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14]},"pktlen": {"min":40,"avg":930.0,"max":1500,"stddev":662.5,"var":438885.5,"ent":4.5,"data": [52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194]},"bins": {"c_to_s": [7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1],"entropies": [4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01335{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266115947454,"flow_dst_last_pkt_time":1609266115947521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":56713,"midstream":0,"thread_ts_usec":1609266115947521,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1609266115947521}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1609266115947521}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 74/74
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500360 bytes
-~~ total memory freed........: 5500360 bytes
+~~ total memory allocated....: 5500384 bytes
+~~ total memory freed........: 5500384 bytes
 ~~ total allocations/frees...: 85942/85942
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 532 chars
diff --git a/test/results/default/tumblr.pcap.out b/test/results/default/tumblr.pcap.out
index 9a951a4ba..87ec9fb82 100644
--- a/test/results/default/tumblr.pcap.out
+++ b/test/results/default/tumblr.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605292102219041}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605292102219041}
 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102219041,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292102219041,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="}
 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292102602965,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102602965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -326,7 +326,7 @@
 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":755,"packets-processed":755,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":329,"global_ts_usec":1605292122899206}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":755,"packets-processed":755,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":329,"global_ts_usec":1605292122899206}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 755/755
 ~~ skipped flows.............: 0
@@ -335,10 +335,10 @@
 ~~ total active/idle flows...: 47/47
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6147443 bytes
-~~ total memory freed........: 6147443 bytes
+~~ total memory allocated....: 6148203 bytes
+~~ total memory freed........: 6148203 bytes
 ~~ total allocations/frees...: 87254/87254
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 568 chars
+~~ json message min len.......: 566 chars
 ~~ json message max len.......: 2269 chars
-~~ json message avg len.......: 1418 chars
+~~ json message avg len.......: 1417 chars
diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out
index 05d02be41..e95858482 100644
--- a/test/results/default/tunnelbear.pcap.out
+++ b/test/results/default/tunnelbear.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655734524312623}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655734524312623}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524312623,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524312623,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319931,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"}
@@ -190,7 +190,7 @@
 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776901504,"flow_dst_last_pkt_time":1655734776891156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776971287,"flow_dst_last_pkt_time":1655734776963310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1655734778245353}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1655734778245353}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 421/421
 ~~ skipped flows.............: 0
@@ -199,8 +199,8 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5674748 bytes
-~~ total memory freed........: 5674748 bytes
+~~ total memory allocated....: 5675092 bytes
+~~ total memory freed........: 5675092 bytes
 ~~ total allocations/frees...: 86622/86622
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 534 chars
diff --git a/test/results/default/tuya_lp.pcap.out b/test/results/default/tuya_lp.pcap.out
index 8fd922e1e..6504843bc 100644
--- a/test/results/default/tuya_lp.pcap.out
+++ b/test/results/default/tuya_lp.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671220121927386}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671220121927386}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220121927386,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTsAAP8RUnvAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
@@ -104,7 +104,7 @@
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220155060818,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220154967079,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220157322347,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1671220158572989}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1671220158572989}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 98/98
 ~~ skipped flows.............: 0
@@ -113,10 +113,10 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5526515 bytes
-~~ total memory freed........: 5526515 bytes
+~~ total memory allocated....: 5526731 bytes
+~~ total memory freed........: 5526731 bytes
 ~~ total allocations/frees...: 86077/86077
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 985 chars
-~~ json message avg len.......: 776 chars
+~~ json message avg len.......: 775 chars
diff --git a/test/results/default/ubntac2.pcap.out b/test/results/default/ubntac2.pcap.out
index 6f45b4094..2e1cc604c 100644
--- a/test/results/default/ubntac2.pcap.out
+++ b/test/results/default/ubntac2.pcap.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486943433175002}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486943433175002}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1486943433175002,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="}
 00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}}
@@ -34,7 +34,7 @@
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943443357445,"flow_src_last_pkt_time":1486943443357445,"flow_dst_last_pkt_time":1486943443357445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943504301123,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943453510239,"flow_src_last_pkt_time":1486943453510239,"flow_dst_last_pkt_time":1486943453510239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1486943504301123}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1486943504301123}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
 ~~ skipped flows.............: 0
@@ -43,10 +43,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5513185 bytes
-~~ total memory freed........: 5513185 bytes
+~~ total memory allocated....: 5513321 bytes
+~~ total memory freed........: 5513321 bytes
 ~~ total allocations/frees...: 85937/85937
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 989 chars
-~~ json message avg len.......: 778 chars
+~~ json message avg len.......: 777 chars
diff --git a/test/results/default/uftp_v4_v5.pcap.out b/test/results/default/uftp_v4_v5.pcap.out
index aeadc49bb..33583e4ac 100644
--- a/test/results/default/uftp_v4_v5.pcap.out
+++ b/test/results/default/uftp_v4_v5.pcap.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470520349359079}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470520349359079}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1470520349359079,"pkt":"AQBeBAQB4uTeDjcKCABFAABEKQoAAAERnJkKAAAB5gQEAZE1BBQAMPRHQAEAAAoAAAGW9MMEAJ0AAAEGABQAAAUUV6ZcHQAFelHmBAQB5gUFOA=="}
 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520349359079,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520349359079,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
@@ -15,7 +15,7 @@
 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1470520360296546,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360296546,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ0AAAERCsoKAAAB5gUFOJE1BBQFNPqDQAkAFwoAAAGW9MMEAGwYAAkCAAEAAAABdXwNPP7MjoQG3As8\/JQ6fO4EAWTHhAs8AAD+NPJE\/8j6ZAPcyYQCzP0U+6QofP7s6wTRhAWc3YQCrP+I7AT+FAHsBpz8JAdc9USmhAAIfXz\/TP6MFPzyxBz8+eT+vPvkAOTlBP10voQBBDp83YSChDB8toRJfAm8LnwDnJaE6gT\/8AIM\/4jpBP2UEvxZfP6cvoTjBA\/8BhxdfAJMAewR\/PAEroS2hAOcYXwCzAIsvoS6hEl8ANTtBADEAswBBI6EKnz5pP2024T\/PPlkBdzxRPsk+ySahCZ8\/wwACJKEAOQCzPREAMRdfADkHPz65P00CDz9VBv8\/5DrBNuEBVzbhP+QnoQACAB4Nnw8fDJ8WXzThAPcAez0RPy0BBwW\/KKEAwzNhNmE80T6ZPPEACi+hAHM4QT89P9s\/4j55ACU6gQCLPFE\/6j\/qL6EpoQsfP508cTjBP\/wAIT+VP98+uT81Fl8YXwAeP\/IAwzzRAk8Acz9tMuE\/8BxfP10BhzDhP1UdXz6JAScHvwCzOkEAmz8ZAAw\/CQCjNmEADD\/0E18AcwAcP3UvoT3RDh88cRtfN2E\/owLvAGM\/4gACBf8AEDdhA\/8+iTPhAk8JHwCzKaEAEj+nBj8\/4j1RBH8\/yzsBN+EAKT\/LPzUFfz\/+ABARXwQ\/A\/84gQAAA28C7z+7P\/o0YQACNeEz4QJPDx8hoT4RBT8AywC7A68\/wwCrAIMG\/zlBP4Uz4QAlBH8+6T0xIaE\/lQBZL6E8kRFfI6EPHz8lAUcdXwAQAcc+EQCjAA4w4QsfOkECjzFhCJ8\/qzHhP+4\/8jsBOkE\/uz5ZABwVXzZhOkE\/6j99AAwAiwB7P+gZXwBROYEyYTmBMeEAFhVfGV8AMTyxAB4AQQ2fOYEBxwU\/HV8bXyehP88Auwa\/P9sAiwAxE18+2TxRAEU\/8ge\/ABo90RtfP+gw4QFnAMMQXwJvAAo+qT89G18A0zwxALMzYQBrPZE\/9gLPP6MGvzxRP\/4y4S6hP+g\/lQB7OgEA2z+3Ch8\/TQufOUEAcwwfAIsAUT3xPvk\/6gX\/DB8noR5fOIE\/0z+jH18A5ymhAVcAMQCrOUEBxz\/2P+wdXzxxKaEBdwC7P30bXxZfP\/gF\/yKhIaEEfz65JqEBtwDnP7MaXz91KqEAFDsBN+E98TxRP10ALT\/qP+g\/xzoBGV8xYQOPANMAGABdAAo8cRpfPlkxYTZhBv8Hfz\/TAs834T0xMeE4QT75A886wT\/HAF0JnwG3Dh8\/uwEXA08AAgS\/PNEAqwPPAEk6gT\/qP\/o\/xzdhPok\/9gACPik\/9gA9LKEkoQAILqE\/PQG3Pok5gQwfOUEFPz9NJaE9UQFnP\/YOnwAeACUADgLvDR8BlwBBANscXz\/DEF8\/LQA5PwkAEgyfP+QDzz91P00AAgT\/PzU9cT7ZBT87AQCbABg\/xwLPOME04TDhP+4\/PQW\/AQcqoQZ\/AHMHPz2xDJ8CbwBBFl8AJSuhL6E90QAGN+Ey4QDLAAABBzuBPfEyYT9dDp8+2S2hPwkCDwFnOEE6gT\/fADkFPwBrBT8y4SehAIMCTz9NAAo34QufBf8\/8DDhF18AFCChAEE7wQX\/A48Cbz+NP+4\/XSOhP30moTwBAA4Acz+zAEk\/ywyfBT8\/dSKhH18AAD75Ag8\/nRFfA88A2yahP0UABjnBPskCbxNfAXc3YQAYG18IHz65A88InwJvP5UKnz+3AUcAHD\/2P+wLnzLhA=="}
 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1470520360306726,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1470520360306726,"pkt":"AQBeBQU44uTeDjcKCABFAAVItJ4AAAERCskKAAAB5gUFOJE1BBQFNPqDQAkAGAoAAAGW9MMEAGwYAAkCAAEAAAACWXwkfAAogoQIPP+YwYT8JLKEAFj+dP8s2YT9NB789kS6hACk\/TQE3DJ8ADDwBPok\/vwG3P+YANT4RAFE\/vwLvOME++SChNmE0YTzxAFk9ETyROkE2YTrBEl86gQC7Br8AGC2hPwkACAW\/AOcqoT\/6AB4CDwKvPHEvoQ6fAFE\/bQX\/P+o\/rz1RH188MTnBAZcNHwufPTE7wQFnKKEeXxJfAAA+KQBVOgEFvxxfAe8\/2wG3PDENHz\/yAGM++QW\/OMEG\/wAGAAwAORZfJqEBRzZhP+Q2YRpfP+Y\/4htfP\/Y\/6D99LKEAAgAAMWE9UQmfBP8ADCmhE180YTyRPtkACD\/XDZ8AFDDhABoAMQCbP88BBz\/TP789kQGHEF814QApOkExYT\/qAEEuoT+VEV8GfwF3OIE\/7gBZNGE9MSKhAFkZXz\/XP40DLx9fFF8+SS2hPFEACABjAAo6QTzRA\/8AmwA5P0UPnz9FAE0AAD\/+Bv8ADgBJPzUB7wAeIaEdXzyxIKE\/8iihP6cWXwLvP50w4TzRAA4Asz2xBz8w4TqBP3U\/yz+VCB8+eT91P7MDDyehARcFfz+nDB80YQufAdcALQR\/IKE++QAQPxkAmz\/qNuEE\/yOhPmk8URZfHF8KnzFhC58roQa\/P9c\/qzBhPkk\/VQAcP\/w\/6gMvPJEAww0fPjkKnwBFKKEE\/z\/PJ6EBlz8JP4U\/owCbAF0\/fTFhAB4FfwCLL6ECjz91PRENnwAYBH8AAABJN+ECbz+VAAoYXyOhAHsACgufE1880R1fG18CTz3RPbEPHwGXDp8F\/z8tAIs04T+nCZ8BZwC7AVctoT91MOEAXT\/qAFUPHwEHDJ8AFBZfDZ8\/lQd\/Ch8A0wBVAAQGPzvBAg85QQAIAZcCjxJfPdE\/owBBAAIA9wFXOYE5gQBrMuE\/dT\/bP00\/VQLvABw9ESKhAEE88QP\/BD8EPyyhA28+OT6JAEkCrwAEPHEkoRZfABQ14QAlFV8ASQFnPfEAgz+jPbEDbz\/DP7MALQBjP40ADD\/sAMs\/6j9VAGsHPwC7OQEloQOPNOE\/8D9VIKE8cT4pBX8moSqhPlkGvx5fAe8dXzHhPjk\/swIvAPcE\/z+dP3Uz4TFhPmk\/jQLvP8888TBhP\/IADj3xDp8BBy6hMWEAHADLP509MT\/sP3UE\/wCLAAA24QMPMeEWXzqBP\/QFPwAAK6EBpzxRAB4HPwFXP7sA5wmfMGEDzwGXAFk+WTPhAE0UXxpfP40wYQP\/P\/ow4RtfAA4\/nTmBBn8\/fQAABT8ADgAxABQkoQc\/NGEANQGHDJ8\/1z2RIqE80QAaAIs14T\/8BL8\/jTRhHF8BNzFhF18RXwIvPfEAFACjAu8cXwBdEl8BdwE3KqENnyuhPyU04T\/iMOE6QRNfCJ85ATFhIKEABjnBAYcAYxlfAWcfXwE3P0U6ATyRAi8AwzmBAFUASQufARcAiwAQPzUASRVfACUkoQEXPzUioR1fDx8+eQA9PskAAgAtP\/gJHyuhMOE8AQBRP9MAVT+zAScAqyChBP84QQBzCh8AAj3xLaE\/7AQ\/CJ8\/+D\/PAs85gQW\/OUEdXzkBASc+qT+zAHM9MQC7MWEAEgufIKE+ER9fAHsaXz\/qMeE\/uwAxJaEBlwCLMWEw4T7ZAAA3YT+nA88Jnz+vJaEAHj3xAC0\/nQOPCB8TXz8lDJ8OHyOhMmEVXz91P\/4BhzkBBv8wYT4pA88+EQAYJ6E\/6h1fA=="}
 02230{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520360591846,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39804,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470520360591846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2611,"avg":11683.5,"max":34161,"stddev":5575.8,"var":31089772.0,"ent":4.8,"data": [30115,34161,2611,10180,10550,10594,10828,10246,10558,10557,10556,10583,10563,10535,10559,10563,10563,10560,10561,10563,10560,10566,10563,10559,10562,10561,10562,10568,10569,10551,10560]},"pktlen": {"min":52,"avg":1271.9,"max":1352,"stddev":310.4,"var":96320.5,"ent":4.9,"data": [52,88,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352,1352]},"bins": {"c_to_s": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.032077789,4.387442589,6.264836311,6.324838638,6.289998055,6.323163033,6.229429245,6.406879425,6.267192841,6.205362320,6.298496723,6.241475582,6.138225555,6.329536438,6.287923336,6.323319435,6.333083630,6.235994816,6.309918404,6.324777603,6.341393471,6.331569195,6.304657459,6.334339142,6.321240425,6.300824165,6.315955162,6.324560642,6.260947227,6.319898605,6.235000610,6.290291309]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1587654931600405}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":284620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1587654931600405}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587654931600405,"pkt":"AQBeBAQBAAwp5FM7CABFAgBEsg8AAAERWzDAqAG65gQEAZJRBBQAMIVjUAEAAMCoAboCEajFAJ0AAAEGABQCAAUUAAWj9rg5P77mBAQB5gUFWA=="}
 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654931600405,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654931600405,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
@@ -26,7 +26,7 @@
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1470520349359079,"flow_src_last_pkt_time":1470520360229659,"flow_dst_last_pkt_time":1470520349359079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.4.4.1","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":0,"flow_first_seen":1470520360229659,"flow_src_last_pkt_time":1470520362577967,"flow_dst_last_pkt_time":1470520360229659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"230.5.5.56","src_port":37173,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1587654931600405,"flow_src_last_pkt_time":1587654933667144,"flow_dst_last_pkt_time":1587654931600405,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587654933667144,"l3_proto":"ip4","src_ip":"192.168.1.186","dst_ip":"230.4.4.1","src_port":37457,"dst_port":1044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UFTP","proto_id":"373","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1587654933667144}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/uftp_v4_v5.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":285420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1587654933667144}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 260/260
 ~~ skipped flows.............: 0
@@ -35,8 +35,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509773 bytes
-~~ total memory freed........: 5509773 bytes
+~~ total memory allocated....: 5509829 bytes
+~~ total memory freed........: 5509829 bytes
 ~~ total allocations/frees...: 86139/86139
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out
index 23c3211e9..39aa41570 100644
--- a/test/results/default/ultrasurf.pcap.out
+++ b/test/results/default/ultrasurf.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656652731609846}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656652731609846}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 04044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"}
 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
@@ -29,7 +29,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":333,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1656652832876498}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":333,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1656652832876498}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 333/333
 ~~ skipped flows.............: 0
@@ -38,8 +38,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5536925 bytes
-~~ total memory freed........: 5536925 bytes
+~~ total memory allocated....: 5536981 bytes
+~~ total memory freed........: 5536981 bytes
 ~~ total allocations/frees...: 86229/86229
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 558 chars
diff --git a/test/results/default/umas.pcap.out b/test/results/default/umas.pcap.out
index d01bd5aa7..1e9bc94ee 100644
--- a/test/results/default/umas.pcap.out
+++ b/test/results/default/umas.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1427906557268207}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1427906557268207}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1427906557268207,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557268207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1427906557268207,"pkt":"AABUFPJPPJcOkVSrCABFAAA0BEhAAIAGAADAqD9kwKg\/\/R4mAfZGhPwKAAAAAIAC+vAA2QAAAgQFtAEDAwABAQQC"}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1427906557268207,"flow_dst_last_pkt_time":1427906557269147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":28,"thread_ts_usec":1427906557269147,"pkt":"PJcOkVSrAABUFPJPCABFAAAwA8UAAEAGdlHAqD\/9wKg\/ZAH2HiaDEM+9RoT8C3ASEAC94gAAAgQFtAEDAwABAQ=="}
@@ -9,7 +9,7 @@
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1427906557270030,"flow_dst_last_pkt_time":1427906557270934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1427906557270934,"pkt":"PJcOkVSrAABUFPJPCABFAAAoA8YAAEAGdljAqD\/9wKg\/ZAH2HiaDEM++RoT8FVAQD\/3pnwAAAAAAAAAAr4V9rA=="}
 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906557351115,"flow_dst_last_pkt_time":1427906557356975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":1681,"midstream":0,"thread_ts_usec":1427906557356975,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":804,"avg":5537.9,"max":7349,"stddev":1780.8,"var":3171216.5,"ent":4.9,"data": [940,1019,804,1787,4681,6040,6956,6823,7337,7349,5705,5982,6152,6208,5897,5633,6112,6363,7173,6903,5759,5817,5975,5922,6032,6032,6059,6067,5931,5946,6272]},"pktlen": {"min":40,"avg":114.8,"max":301,"stddev":89.3,"var":7972.7,"ent":4.6,"data": [52,50,40,50,50,96,51,63,300,300,51,97,51,159,50,116,51,63,301,301,50,116,50,116,59,153,59,209,59,153,59,299]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,3,3,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.246296406,4.708757401,4.521928310,4.311788559,4.583464622,4.516215324,4.273243427,4.058829784,1.425814629,1.414997816,4.327260494,4.809130192,4.337956429,2.794489384,4.322699070,3.938342094,4.248828888,4.110339642,7.800658226,7.811439037,4.362698555,3.921101093,4.362698555,3.944849730,4.149783134,3.941774607,4.248089790,3.106703520,4.183681011,2.442554474,4.214191437,2.672472954]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":97,"flow_first_seen":1427906557268207,"flow_src_last_pkt_time":1427906558034821,"flow_dst_last_pkt_time":1427906558034788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":16862,"midstream":0,"thread_ts_usec":1427906558034821,"l3_proto":"ip4","src_ip":"192.168.63.100","dst_ip":"192.168.63.253","src_port":7718,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus.UMAS","proto_id":"44.364","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
-00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":191,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1427906558034821}
+00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/umas.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":191,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":18650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1427906558034821}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 191/191
 ~~ skipped flows.............: 0
@@ -18,8 +18,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5503512 bytes
-~~ total memory freed........: 5503512 bytes
+~~ total memory allocated....: 5503536 bytes
+~~ total memory freed........: 5503536 bytes
 ~~ total allocations/frees...: 86051/86051
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/upnp.pcap.out b/test/results/default/upnp.pcap.out
index a5ece1675..f3140ce9c 100644
--- a/test/results/default/upnp.pcap.out
+++ b/test/results/default/upnp.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1541515314826314}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1541515314826314}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_usec":1541515314826314,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -16,7 +16,7 @@
 01389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1541515317470215,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1541515317470215,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtoAAAERvoLAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515320458778,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314827161,"flow_src_last_pkt_time":1541515321472909,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1541515321472909}
+00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1541515321472909}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -25,10 +25,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500495 bytes
-~~ total memory freed........: 5500495 bytes
+~~ total memory allocated....: 5500535 bytes
+~~ total memory freed........: 5500535 bytes
 ~~ total allocations/frees...: 85883/85883
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 566 chars
+~~ json message min len.......: 564 chars
 ~~ json message max len.......: 1419 chars
-~~ json message avg len.......: 991 chars
+~~ json message avg len.......: 990 chars
diff --git a/test/results/default/viber.pcap.out b/test/results/default/viber.pcap.out
index 3fd15a71d..ec403a3ee 100644
--- a/test/results/default/viber.pcap.out
+++ b/test/results/default/viber.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -166,7 +166,7 @@
 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network"}}
 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":22,"total-detection-updates":19,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":169,"global_ts_usec":1648952182644000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":22,"total-detection-updates":19,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":169,"global_ts_usec":1648952182644000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="}
@@ -204,7 +204,7 @@
 00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":19,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1648954023554000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":19,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1648954023554000}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="}
@@ -212,14 +212,14 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"}
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":19,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":215,"global_ts_usec":1648968035683000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":19,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":215,"global_ts_usec":1648968035683000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"}
 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1648968035683000}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1648968035683000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 451/447
 ~~ skipped flows.............: 0
@@ -228,8 +228,8 @@
 ~~ total active/idle flows...: 29/29
 ~~ total timeout flows.......: 4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5731733 bytes
-~~ total memory freed........: 5731733 bytes
+~~ total memory allocated....: 5732205 bytes
+~~ total memory freed........: 5732205 bytes
 ~~ total allocations/frees...: 86674/86674
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out
index 635a578a6..c12b351d7 100644
--- a/test/results/default/vk.pcapng.out
+++ b/test/results/default/vk.pcapng.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675334160555793}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675334160555793}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1675334160555793,"pkt":"dNqIE5X\/CI6QkAulCABFAABYkT1AAEAGDU7AqAH5V\/CBg4RwAbulKVT5c9gL4IAYAfUCFQAAAQEIColQoiPg\/q3hFwMDAB8CiHoHbb46sk3wEVp76KY8pTJ63EhTj6jLGV9BFA03"}
 00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -81,7 +81,7 @@
 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":706,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334178414776,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38528,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334171438126,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":909,"packets-processed":909,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675334178414776}
+00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":909,"packets-processed":909,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675334178414776}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 909/909
 ~~ skipped flows.............: 0
@@ -90,8 +90,8 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5564642 bytes
-~~ total memory freed........: 5564642 bytes
+~~ total memory allocated....: 5564810 bytes
+~~ total memory freed........: 5564810 bytes
 ~~ total allocations/frees...: 86892/86892
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/vnc.pcap.out b/test/results/default/vnc.pcap.out
index 64b45f3a9..aeb579cf0 100644
--- a/test/results/default/vnc.pcap.out
+++ b/test/results/default/vnc.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1476111264364066}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1476111264364066}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111264364066,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364066,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364590,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"}
@@ -18,7 +18,7 @@
 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111287358990,"flow_dst_last_pkt_time":1476111287224950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111287358990,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":53542.1,"max":538844,"stddev":125065.9,"var":15641482240.0,"ent":3.0,"data": [107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724]},"pktlen": {"min":40,"avg":56.8,"max":75,"stddev":12.6,"var":158.0,"ent":5.0,"data": [52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67]},"bins": {"c_to_s": [13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":684,"flow_dst_packets_processed":324,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111290613528,"flow_dst_last_pkt_time":1476111290394024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":17754,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2485,"flow_dst_packets_processed":1058,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111280884547,"flow_dst_last_pkt_time":1476111280846496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":64000,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1476111290613528}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1476111290613528}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4551/4551
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5636240 bytes
-~~ total memory freed........: 5636240 bytes
+~~ total memory allocated....: 5636280 bytes
+~~ total memory freed........: 5636280 bytes
 ~~ total allocations/frees...: 90426/90426
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 533 chars
diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out
index ac3852516..3a6d9d0fa 100644
--- a/test/results/default/vrrp3.pcapng.out
+++ b/test/results/default/vrrp3.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589370606456815}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589370606456815}
 00731{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="}
 00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -12,7 +12,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="}
 00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1589370680701452}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1589370680701452}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -21,10 +21,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500379 bytes
-~~ total memory freed........: 5500379 bytes
+~~ total memory allocated....: 5500419 bytes
+~~ total memory freed........: 5500419 bytes
 ~~ total allocations/frees...: 85879/85879
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 926 chars
-~~ json message avg len.......: 744 chars
+~~ json message avg len.......: 743 chars
diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out
index 916bbd34d..81989db7e 100644
--- a/test/results/default/vxlan.pcap.out
+++ b/test/results/default/vxlan.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639650442645225}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639650442645225}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"}
 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -60,7 +60,7 @@
 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650443097493,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5058,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1639650443276366}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1639650443276366}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 127/127
 ~~ skipped flows.............: 0
@@ -69,10 +69,10 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5519032 bytes
-~~ total memory freed........: 5519032 bytes
+~~ total memory allocated....: 5519184 bytes
+~~ total memory freed........: 5519184 bytes
 ~~ total allocations/frees...: 86075/86075
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 567 chars
+~~ json message min len.......: 565 chars
 ~~ json message max len.......: 2500 chars
-~~ json message avg len.......: 1532 chars
+~~ json message avg len.......: 1531 chars
diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out
index ca95646c8..6a0164485 100644
--- a/test/results/default/wa_video.pcap.out
+++ b/test/results/default/wa_video.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455764448302}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455764448302}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
@@ -66,12 +66,15 @@
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781352254,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="}
 01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781879070,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="}
+01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781879070,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782059394,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="}
+01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455782059394,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782574285,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782574285,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782679175,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782679175,"pkt":"xiwDYGpkkLkxKPrKCABFAABINRkAAEAR7qjAqAIMW\/w4M9G4f4EANKRJAAEAGCESpEL4j9YAEpPJGTu3VCAACAAUGXORRrB48FGvPcJutSVccHGlcxM="}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783193737,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783193737,"pkt":"xiwDYGpkkLkxKPrKCABFAABIsaMAAEARttHAqAIMATxOQNG46GMANHtxAAEAGCESpEIVyYRJkvEHQDbjhQYACAAUZX4tAsQf0pHGsCjjkogdi3Laxls="}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783298322,"pkt":"xiwDYGpkkLkxKPrKCABFAABIAp0AAEARISXAqAIMW\/w4M9G4f4EANIWbAAEAGCESpEK7pDhewrPJPGinrSwACAAUDjWxbcggz7kXknMp3MU9Yvs9ftw="}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783331681,"pkt":"kLkxKPrKxiwDYGpkCABFAABIi6YAADERpxtb\/DgzwKgCDH+B0bgANIC7AAEAGCESpELmDdRM\/MC6WEQIBDAACAAUFJ5Jo0QxW+Y3GOxMikLa0AFDz2E="}
+01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455783331681,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 02354{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":6,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783672290,"flow_dst_last_pkt_time":1561455783683909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":15240,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1561455783683909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":150054.5,"max":1979427,"stddev":383224.6,"var":146861080576.0,"ent":2.7,"data": [707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189]},"pktlen": {"min":72,"avg":523.5,"max":1146,"stddev":432.0,"var":186635.8,"ent":4.5,"data": [72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210]},"bins": {"c_to_s": [0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783829036,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783829036,"pkt":"xiwDYGpkkLkxKPrKCABFAABICZUAAEARXuDAqAIMATxOQNG46GMANOSYAAEAGCESpELddkAJ1F+LPT0EgzwACAAUXmgJtoJkdYveryQNIL+PUoNUtYY="}
 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455791449110,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -93,19 +96,19 @@
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455770313920,"flow_src_last_pkt_time":1561455779337361,"flow_dst_last_pkt_time":1561455770313920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455772049243,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455792270823,"flow_dst_last_pkt_time":1561455769812753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455792270570,"flow_dst_last_pkt_time":1561455769823739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792273279,"flow_src_last_pkt_time":1561455795276739,"flow_dst_last_pkt_time":1561455792273279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449786,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455792270694,"flow_dst_last_pkt_time":1561455769817420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":347,"flow_dst_packets_processed":146,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455792270349,"flow_dst_last_pkt_time":1561455789410471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1139,"flow_dst_max_l4_payload_len":1053,"flow_src_tot_l4_payload_len":209223,"flow_dst_tot_l4_payload_len":18746,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":35,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455784398894,"flow_dst_last_pkt_time":1561455784357701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":1098,"flow_src_tot_l4_payload_len":45824,"flow_dst_tot_l4_payload_len":21351,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+01069{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":781,"packets-processed":781,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_usec":1561455795283003}
+01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":781,"packets-processed":781,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1561455795283003}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 781/781
 ~~ skipped flows.............: 0
@@ -114,9 +117,9 @@
 ~~ total active/idle flows...: 14/14
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5550878 bytes
-~~ total memory freed........: 5550878 bytes
-~~ total allocations/frees...: 86784/86784
+~~ total memory allocated....: 5551179 bytes
+~~ total memory freed........: 5551179 bytes
+~~ total allocations/frees...: 86787/86787
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
 ~~ json message max len.......: 2441 chars
diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out
index b67e13af2..33d56a3d3 100644
--- a/test/results/default/wa_voice.pcap.out
+++ b/test/results/default/wa_voice.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
 01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -147,6 +147,7 @@
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="}
 01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="}
+01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731073692,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
 02227{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -155,8 +156,10 @@
 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="}
+01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455731699179,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="}
+01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455732298035,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="}
 02376{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1561455733543524,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455733543524,"pkt":"xiwDYGpkkLkxKPrKCABFAABIhgkAAEAR4mvAqAIMATxOQNwI+xoANNyjAAEAGCESpEKaqxAMcXf5HhivnksACAAUXrUv35eEVCK3ZPufCanP8gSQnE8="}
@@ -202,7 +205,7 @@
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455741419902,"flow_dst_last_pkt_time":1561455719244228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455716020462,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
@@ -214,7 +217,7 @@
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455741419546,"flow_dst_last_pkt_time":1561455719248009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":28,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455741419206,"flow_dst_last_pkt_time":1561455740537152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1467,"flow_dst_tot_l4_payload_len":2492,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":18,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1561455743434771}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":21,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1561455743434771}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 736/734
 ~~ skipped flows.............: 0
@@ -223,9 +226,9 @@
 ~~ total active/idle flows...: 28/28
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5592251 bytes
-~~ total memory freed........: 5592251 bytes
-~~ total allocations/frees...: 86897/86897
+~~ total memory allocated....: 5592763 bytes
+~~ total memory freed........: 5592763 bytes
+~~ total allocations/frees...: 86899/86899
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 524 chars
 ~~ json message max len.......: 2501 chars
diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out
index 9f41a1369..476146a72 100644
--- a/test/results/default/waze.pcap.out
+++ b/test/results/default/waze.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587866603221,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587866603221,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1435587867103902,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587867103902,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
@@ -55,7 +55,7 @@
 01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1435587870163940,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587870163940,"pkt":"ABoRAAACABoRAAABCABFAABNMsRAAEAGQsMKECWdriXnUaUQFGaA18okWhY9doAYAVcm3gAAAQEICgAIbJ1BJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
-01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587867781306,"flow_dst_last_pkt_time":1435587871459664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587871459664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net","http": {"url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}}
+01236{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587867781306,"flow_dst_last_pkt_time":1435587871459664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587871459664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net","http": {"url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871656080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871656080,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871656080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587871656080,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871657385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871657385,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"}
@@ -122,7 +122,7 @@
 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1435587872706282,"pkt":"ABoRAAACABoRAAABCABFAAC+Y6tAAEAGsfMKCAABNubjrLHyAFAC8Q5A\/Q7xwVAY\/\/8YIAAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL2xhbmcuY29uZj9ydHNlcnZlci1pZD0xNSBIVFRQLzEuMA0KSG9zdDogY3Jlcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDE4IEp1biAyMDE1IDEyOjA2OjEyIEdNVA0K"}
 01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872706282,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872706630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872706630,"pkt":"ABoRAAACABoRAAABCABFAAAodM1AABAG0Wc25uOsCggAAQBQsfL9DvHBAvEO1lAQ\/\/\/YXgAA"}
-02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873023451,"flow_dst_last_pkt_time":1435587873023894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587873023894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2041,"avg":339878.5,"max":3680611,"stddev":884676.9,"var":782653259776.0,"ent":2.8,"data": [3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477]},"pktlen": {"min":40,"avg":1952.7,"max":11819,"stddev":3090.5,"var":9551440.0,"ent":3.5,"data": [60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+02364{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873023451,"flow_dst_last_pkt_time":1435587873023894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587873023894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2041,"avg":339878.5,"max":3680611,"stddev":884676.9,"var":782653259776.0,"ent":2.8,"data": [3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477]},"pktlen": {"min":40,"avg":1952.7,"max":11819,"stddev":3090.5,"var":9551440.0,"ent":3.5,"data": [60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174]},"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 02430{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587873119875,"flow_dst_last_pkt_time":1435587873120117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5461,"flow_src_tot_l4_payload_len":3221,"flow_dst_tot_l4_payload_len":13199,"midstream":0,"thread_ts_usec":1435587873120117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":169,"avg":289408.8,"max":1658841,"stddev":505049.6,"var":255075106816.0,"ent":3.3,"data": [1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061]},"pktlen": {"min":40,"avg":553.8,"max":5501,"stddev":1270.8,"var":1615041.0,"ent":3.0,"data": [60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40]},"bins": {"c_to_s": [5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
 01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
@@ -269,7 +269,7 @@
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880583014,"flow_dst_last_pkt_time":1435587880577703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00944{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880583990,"flow_src_last_pkt_time":1435587880590039,"flow_dst_last_pkt_time":1435587880587342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00767{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880583990,"flow_src_last_pkt_time":1435587880590039,"flow_dst_last_pkt_time":1435587880587342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01091{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873026877,"flow_dst_last_pkt_time":1435587873026338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
+01110{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873026877,"flow_dst_last_pkt_time":1435587873026338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880577937,"flow_src_last_pkt_time":1435587880583141,"flow_dst_last_pkt_time":1435587880578520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880577937,"flow_src_last_pkt_time":1435587880583141,"flow_dst_last_pkt_time":1435587880578520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00914{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880589106,"flow_src_last_pkt_time":1435587880590669,"flow_dst_last_pkt_time":1435587880589665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -279,7 +279,7 @@
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00864{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":282,"global_ts_usec":1435587907392933}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":282,"global_ts_usec":1435587907392933}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 597/597
 ~~ skipped flows.............: 0
@@ -288,8 +288,8 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5877220 bytes
-~~ total memory freed........: 5877220 bytes
+~~ total memory allocated....: 5877759 bytes
+~~ total memory freed........: 5877759 bytes
 ~~ total allocations/frees...: 86954/86954
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/webdav.pcap.out b/test/results/default/webdav.pcap.out
index 35791a60d..dd18afa5a 100644
--- a/test/results/default/webdav.pcap.out
+++ b/test/results/default/webdav.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1677169246853624}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1677169246853624}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246853624,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246853624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1677169246853624,"pkt":"AAHH9haIEACQor51CABFAAA0mWtAAIAGUOEKGAi9aJyVBsXcAFDgPQjbAAAAAIAC+vC0YgAAAgQFtAEDAwgBAQQC"}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1677169246853624,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1677169246873589,"pkt":"EACQor51AAHH9haICABFAAAs0NgAAIAGWXxonJUGChgIvQBQxdy+mZKp4D0I3GAS+vCMJAAAAgQFtA=="}
@@ -8,7 +8,7 @@
 01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246873589,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1677169246874184,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"104.156.149.6","http": {"url":"104.156.149.6\/webdav","code":0,"content_type":"","user_agent":"Microsoft-WebDAV-MiniRedir\/10.0.19045"}}}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1677169246874184,"flow_dst_last_pkt_time":1677169246874364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1677169246874364,"pkt":"EACQor51AAHH9haICABFAAAo0NkAAIAGWX9onJUGChgIvQBQxdy+mZKq4D0JhFAQ+vCjOQAA"}
 01124{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1677169246853624,"flow_src_last_pkt_time":1677169251921472,"flow_dst_last_pkt_time":1677169251921740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":169,"flow_dst_max_l4_payload_len":1053,"flow_src_tot_l4_payload_len":337,"flow_dst_tot_l4_payload_len":1633,"midstream":0,"thread_ts_usec":1677169251921740,"l3_proto":"ip4","src_ip":"10.24.8.189","dst_ip":"104.156.149.6","src_port":50652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebDAV","proto_id":"7.376","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1677169251921740}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/webdav.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1677169251921740}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498496 bytes
-~~ total memory freed........: 5498496 bytes
+~~ total memory allocated....: 5498520 bytes
+~~ total memory freed........: 5498520 bytes
 ~~ total allocations/frees...: 85879/85879
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
diff --git a/test/results/default/webex.pcap.out b/test/results/default/webex.pcap.out
index e8ea6e475..e40e4e45a 100644
--- a/test/results/default/webex.pcap.out
+++ b/test/results/default/webex.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"}
@@ -497,7 +497,7 @@
 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570640346348,"flow_dst_last_pkt_time":1444570639263789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01075{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570652359038,"flow_dst_last_pkt_time":1444570652361105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01204{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570673280105,"flow_dst_last_pkt_time":1444570673246494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":500,"global_ts_usec":1444570742172121}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":500,"global_ts_usec":1444570742172121}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1110/1110
 ~~ skipped flows.............: 0
@@ -506,8 +506,8 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6029687 bytes
-~~ total memory freed........: 6029687 bytes
+~~ total memory allocated....: 6030607 bytes
+~~ total memory freed........: 6030607 bytes
 ~~ total allocations/frees...: 87930/87930
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
diff --git a/test/results/default/websocket.pcap.out b/test/results/default/websocket.pcap.out
index f03c5111a..1e93f37db 100644
--- a/test/results/default/websocket.pcap.out
+++ b/test/results/default/websocket.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1475155931028697}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1475155931028697}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1475155931028697,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="}
 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
@@ -8,7 +8,7 @@
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1475155946903705,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1475156008638608,"pkt":"AAwpij2nAFBWwAAICABFAAA9BeZAAEAGXPzAqCsBwKgrh8c3MDnJ1LFpPIpUtFAYP+K7sAAAgY+3zv1X36uRO9juijLVvZI03KuJ"}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1475156008657690,"pkt":"AFBWwAAIAAwpij2nCABFAABf27ZAAEAGhwnAqCuHwKgrATA5xzc8ilS0ydSxflAYAO0H8wAAgTUyMTozNDo1MyAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IGhlbGxvIHdlYnNvY2tldA=="}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":39,"midstream":1,"thread_ts_usec":1475156008657690,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1475156008657690}
+00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1475156008657690}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500166 bytes
-~~ total memory freed........: 5500166 bytes
+~~ total memory allocated....: 5500190 bytes
+~~ total memory freed........: 5500190 bytes
 ~~ total allocations/frees...: 85866/85866
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 556 chars
diff --git a/test/results/default/wechat.pcap.out b/test/results/default/wechat.pcap.out
index 3214f027f..c8fc2d5ec 100644
--- a/test/results/default/wechat.pcap.out
+++ b/test/results/default/wechat.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492167337792745}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492167337792745}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":604,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167337792745,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1492167337792745,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167337792797,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"}
@@ -283,7 +283,7 @@
 02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1492167454818522,"flow_src_last_pkt_time":1492167456832685,"flow_dst_last_pkt_time":1492167456833193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":3068,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":21943,"midstream":0,"thread_ts_usec":1492167456833193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":485,"avg":129962.4,"max":646724,"stddev":181880.5,"var":33080510464.0,"ent":3.5,"data": [360844,360859,1106,320164,2049,321124,836,835,489,485,2516,331784,329811,339551,757,339771,547,4542,5088,2482,2487,1143,1132,271360,646724,757,376133,549,914,1456,539]},"pktlen": {"min":52,"avg":817.6,"max":3120,"stddev":861.6,"var":742326.2,"ent":4.2,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480]},"bins": {"c_to_s": [11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1],"entropies": [4.726680756,5.220871925,5.014835358,5.858064651,5.079967022,6.831523418,5.053297043,7.519194603,5.025067329,7.301003456,5.025067329,6.369594574,5.816505909,7.860216618,7.880475521,7.853042603,5.063529015,7.867065430,7.870931625,5.025067806,7.935112953,5.025067806,7.943042755,4.986606121,7.835324287,7.881664753,7.863303185,5.017560005,7.863364220,7.864516258,5.132945061,7.866506577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 02215{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1492167454457964,"flow_src_last_pkt_time":1492167457755437,"flow_dst_last_pkt_time":1492167457756747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1688,"flow_src_tot_l4_payload_len":6267,"flow_dst_tot_l4_payload_len":9439,"midstream":0,"thread_ts_usec":1492167457756747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":383,"avg":212782.5,"max":951677,"stddev":233185.6,"var":54375542784.0,"ent":4.0,"data": [378875,378978,383,354036,2419,355982,2806,2818,1046,367448,367322,4404,365806,31144,394889,3196,367851,55930,2766,420112,17934,846,381296,34840,434328,543113,951677,371599,549,523,1340]},"pktlen": {"min":52,"avg":543.3,"max":1740,"stddev":599.1,"var":358890.2,"ent":4.1,"data": [60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1],"entropies": [4.714098930,5.162375927,5.053297043,5.901997566,5.094483376,6.795276642,5.014835358,7.609866619,4.988526344,6.379345417,6.050486088,7.830496788,7.398893356,5.094483852,7.075847626,7.833686829,7.562863827,5.130220413,7.881128788,6.984771252,5.025067329,7.832070827,7.381729126,5.056022167,7.076413155,5.025067806,7.815702915,7.858382225,5.063529015,7.880737305,5.063529015,7.870216846]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167422991183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167468008215,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNFAAEAGqhrAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT22vQAAAQEICgAxKkAyc0s1"}
-00927{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167353998138,"flow_dst_last_pkt_time":1492167353687334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167478295735,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01045{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167353998138,"flow_dst_last_pkt_time":1492167353687334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167478295735,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167353998138,"flow_dst_last_pkt_time":1492167353687334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167478295735,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00924{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1492167353687522,"flow_src_last_pkt_time":1492167354015579,"flow_dst_last_pkt_time":1492167354015537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167478295735,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00778{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1492167353687522,"flow_src_last_pkt_time":1492167354015579,"flow_dst_last_pkt_time":1492167354015537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167478295735,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -646,7 +646,7 @@
 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167851203580,"flow_src_last_pkt_time":1492167851203580,"flow_dst_last_pkt_time":1492167851203580,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167765155968,"flow_src_last_pkt_time":1492167765155968,"flow_dst_last_pkt_time":1492167765432548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":349,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167849769805,"flow_src_last_pkt_time":1492167851204799,"flow_dst_last_pkt_time":1492167849769805,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":649,"global_ts_usec":1492171154216266}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":61,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":649,"global_ts_usec":1492171154216266}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_usec":1492171154216266,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -885,7 +885,7 @@
 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104237,"flow_src_last_pkt_time":1492171267294579,"flow_dst_last_pkt_time":1492171168104237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":69,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":888,"global_ts_usec":1492171291761740}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":69,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":888,"global_ts_usec":1492171291761740}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1672/1672
 ~~ skipped flows.............: 0
@@ -894,9 +894,9 @@
 ~~ total active/idle flows...: 109/109
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6239032 bytes
-~~ total memory freed........: 6239032 bytes
-~~ total allocations/frees...: 89347/89347
+~~ total memory allocated....: 6240797 bytes
+~~ total memory freed........: 6240797 bytes
+~~ total allocations/frees...: 89348/89348
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
 ~~ json message max len.......: 2373 chars
diff --git a/test/results/default/weibo.pcap.out b/test/results/default/weibo.pcap.out
index cd77c8ed0..ccc03c89b 100644
--- a/test/results/default/weibo.pcap.out
+++ b/test/results/default/weibo.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1463089067804779}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1463089067804779}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089067804779,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1463089067804779,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="}
 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1463089067804822,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1463089067804822,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="}
@@ -249,7 +249,7 @@
 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537924,"flow_src_last_pkt_time":1463089073537924,"flow_dst_last_pkt_time":1463089073537924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073289058,"flow_src_last_pkt_time":1463089073289058,"flow_dst_last_pkt_time":1463089073763925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00979{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
+01097{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089070841932,"flow_src_last_pkt_time":1463089071547268,"flow_dst_last_pkt_time":1463089071891757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":635,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":635,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089070841976,"flow_src_last_pkt_time":1463089071198637,"flow_dst_last_pkt_time":1463089071198585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
@@ -258,13 +258,13 @@
 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089071008468,"flow_src_last_pkt_time":1463089071348686,"flow_dst_last_pkt_time":1463089071348610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00980{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
+01098{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":39,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072438109,"flow_dst_last_pkt_time":1463089072438075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":31448,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
 01196{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073287324,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073760507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":115,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
-00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":267,"global_ts_usec":1463089073893914}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":267,"global_ts_usec":1463089073893914}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 498/498
 ~~ skipped flows.............: 0
@@ -273,9 +273,9 @@
 ~~ total active/idle flows...: 44/44
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5610141 bytes
-~~ total memory freed........: 5610141 bytes
-~~ total allocations/frees...: 86895/86895
+~~ total memory allocated....: 5610879 bytes
+~~ total memory freed........: 5610879 bytes
+~~ total allocations/frees...: 86897/86897
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
 ~~ json message max len.......: 2215 chars
diff --git a/test/results/default/whatsapp.pcap.out b/test/results/default/whatsapp.pcap.out
index 3784e6f7f..587d932a2 100644
--- a/test/results/default/whatsapp.pcap.out
+++ b/test/results/default/whatsapp.pcap.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655030801747000}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655030801747000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655030801747000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655030801776000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030801776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"}
@@ -7,7 +7,7 @@
 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655030801890000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQAB1AAD8GARHAqAJkszzDMa8EFGbkDT9TTyfQe4AYAKyJ+wAAAQEICsVqmnU2ROZ3AAAECAkIAldBBQIAAQ4SiwIKIDj7+pXlvAgmViwpUlFGYvO7\/yYma2eom\/G2OTNSuB9CEjDDX+ArZolS0PQnuB247fnbmCRsbrfgMrMGVJKMEE0t2\/JRP8Web3dbO7XmVIhSAMUatAGDAKIxOIhCtS95+1nqKJyrSC2PmyXih4qhdJJJio4iS3y2E7TtcgDKuHyZ\/UvYMWM1fN9zY73yjAQyazTEx2GF7o2qsRZh+ii4dJBC1jpfEIfBRkuogNaLxnCXPsblfV1VotCn1Pe51mjYXnk7cnPMyVrGE9EczxjQfevJacaaYgo8HcbO\/l9KLqGgkMzIQe5860q0eu8zygvB+CnrGia9AmXhxwG9DXMaMKJhPVwRBswrmz0="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801890000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655030802021000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030802021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AB5AAD8GAizAqAJkszzDMa8EFGbkDUBvTyfQtIAQAKy3MAAAAQEICsVqmvg2ROb6"}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655031983762000}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655031983762000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655031983762000,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655031983762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655031983762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655031983792000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655031983792000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"}
@@ -22,7 +22,7 @@
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655032257115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/\/WVAAD8GBNnAqAJkszzDMaUgFGax9BltNUwtP4AYAVcS1AAAAQEICkZl\/WKo3wJ9AAAECAkIAldBBQI="}
 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032257115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655032257144000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655032257144000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6\/WZAAD8GA93AqAJkszzDMaUgFGax9Bl4NUwtP4AYAVeyGgAAAQEICkZl\/X+o3wKaAAEDEoACCiAZZWNRxkRzymWLkvWv1TnfFzp\/HkwlWZjEklDe99VAfhIwme3J57adounR96qJXaoGJ9\/P\/qwfwkKChs9JuHY8Xv1MEqhXwWeQFybfIOgJQA\/aGqkBC5bxG\/SW8DPfHniUt1jbZ2dRLdxurPEJvB\/Or4kxrapciCjPoSjKvgXme6PN\/oOHzq0gKZq9SGSx6FhHIihHWnH8eK0VSUc53EWTGnhN\/30gQHZh9un0MZ0+ia7xXgMk385gTrfAQvxkkWPB7B4ett3W7NEuQnJkmSj1NTGse5fecHmRPAfc6h2TEgsk+0mvyE6X9Ilvw4d9UKzTB5jTpCZ3DqZZbwdPng=="}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1655032857220000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1655032857220000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857220000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655032857220000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655032857250000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032857250000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"}
@@ -30,7 +30,7 @@
 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655032857857000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFwIJAAD8GQLbAqAJkszzDMaXEFGbLQu4tkG\/w9oAYAVdjHAAAAQEICkZvKAfXThwIAAAECAkIAldBBQIAAQMSgAIKIK1KJx1PnKk1pL6t1MbgR11TASauAEZZazQ8SNc\/svphEjD1vsMAWwdxY7rp\/NBRE9fSJSDyQi2+YPf8MDFZb9yUAo8hEfqWNj2VoAZlwbyUx7UaqQG3zFrlHQDyS4ZUUK3HVSlPbCD0Wgk3Ie2BeEz\/OeAu15sD6W1uI3uFpQv1KsNJoxw5uFL0w0Bf3eU0e0j49oXwcNam2mnkVU9nxM8q4z6rlcyPmMv7rJ1Ofv1AYGAKVUn75C3mXm3ER4vAezfKAKZaBPXqtk9FYf8ZZEhUBMSwluTw1l4fXnb52oHkYSgIZir3UMauZ9RA5GDs1Tvk37bRwa3Xi+YrHTKb"}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655032858009000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032858009000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wINAAD8GQcbAqAJkszzDMaXEFGbLQu8+kG\/xL4AQAVfioQAAAQEICkZvKJ\/XThyh"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655033482376000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655033482376000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655033482376000,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033482376000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655033482376000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655033482414000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033482414000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"}
@@ -52,7 +52,7 @@
 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655033850680000,"pkt":"eJS0JASgYDjgxTWgCABFAAFW8OZAAD8GEEHAqAJkszzDMZ0MFGa\/1NfHoiLOPYAYAIDqqQAAAQEICjc9xrppw+BLAAAECAsICVdBBQIAARQSkQIKIIWiVZcpSaSpS0wa6A1pLwk8Zk1\/z9qJ1T6f4Z\/2lZVXEjDQa\/Mzv1Xbe6yEXg1RMK7xAVWS5\/gg0yRaYkQ\/jmAXm8ZLLIy2AJqWxAZXLpRaD1QaugF+sjMVYJRs7OSYVpKL05qk8NYHnUetCeAnd6JfcTDEz+ZetSOCyq08mxgiwl8Af\/7SbFLFgX2H8i8LiJr0ImpshHYvlAL+KzUXxI7jj2H41W4vlUGdwN6mhJKreWveUBLOkSgxvVZcNAq4rxdBzulcV262lISooGtBZtHXy9rzLxZq0hu6\/gqiUgRR1zMURpouCFSl2EsY6RluLOlw2t8mrRqh8qCUrKg6h4K23MHuam9NZfZMLtWpZOw="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033850680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655033850885000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033850885000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08OdAAD8GEWLAqAJkszzDMZ0MFGa\/1NjpoiLOdoAQAIA39AAAAQEICjc9x41pw+F1"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1655034332550000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1655034332550000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332550000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655034332550000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655034332580000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"}
@@ -60,7 +60,7 @@
 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655034332681000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQs35AAD8GTa\/AqAJkszzDMbNsFGaY2PgMLoO694AYAKyIQwAAAQEICsWJbnVxU7A5AAAECAkIAldBBQIAAQ4SiwIKIKHufl5sXussMAhh0p2\/ov1K8qbgZUmwKi9OWg6ykiwzEjA0l5XOlCDi1Vokb77mNfeOWPrLzKrl4cBvJSnz6b6OpllKXqNELvV9TjDMNg9m2NsatAGEAtqJL0uvfBOEv9jC9l6jTRNc\/NKsEOvisYVSReExtAE04Pzl+dAtiLjrZ6MqtBqeDLLi4SlEeeSkOLjMHl\/ISCl0Dm\/xeIkCziwQn25As52c8XcuNRHVxMJak4sKuuCm4KKx09ssdIeVR2SXPMdDxTXZpZZTV92cShnAxFetZFuoG2g6Jlthv1eik9as3VMscANTNS4dKc0FH1iioHEVa9f2dyF04y5o88Mw6CjlmL7HByE="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655034332808000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332808000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s39AAD8GTsrAqAJkszzDMbNsFGaY2PkoLoO7MIAQAKyihAAAAQEICsWJbvRxU7C4"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1655036863658000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1655036863658000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655036863658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655036863694000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"}
@@ -68,7 +68,7 @@
 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655036863823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWVVBAAD8Gq9fAqAJkszzDMZ\/6FGZJAAaTQBkrQIAYAIAw3wAAAQEICjdq81mm3M5rAAAECAsICVdBBQIAARQSkQIKIAI3u8Y0o0ZFT\/OtJzcX3UaQ\/IWQGdbv0wEMHTK1l6woEjDMb3ve3Vlqa1zLSyWsq7HX19F5FqxgNDPVPZovnbkaWWTiEYUfyj9dhIYbLUbhjpoaugEYt5e54yUK0Dz2mXgmLjkLbqfw43funUzgI06KJeAdOTz48asdCtBqKsa57JzlcA8hKYLsAYAMXhENhJAMeKh+7iZsKK6QLl2OW+eCsVwf0sdlSSfzN0BeoIQW9Wt0qe8vcVYbW8VUzvTywUdhc5Eibzu+tOU31RbI\/1Q822GOha0izKT6E5UicKg7VroJrRkc6v4BGSSjH+7x5dR4DHzXhQPdVB2E0D9ObRCPXt2S8u\/UAiy1f3hsiJw="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655036863976000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VVFAAD8GrPjAqAJkszzDMZ\/6FGZJAAe1QBkreYAQAIAq0wAAAQEICjdq8\/Km3M8N"}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1655037784969000}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1655037784969000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037784969000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655037784969000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655037785024000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655037785024000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"}
@@ -83,7 +83,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655037943383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7ZINAAD8Gnc\/AqAJkszzDIb+CFGZJeEXBlbThyYAYAKzl3AAAAQEIClkJjtmTiu6cAAAECAkIBQ=="}
 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037943383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1655037943384000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655037943384000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIRAAD8GndHAqAJkszzDIb+CFGZJeEXIlbThyYAYAKybpQAAAQEIClkJjtmTiu6cV0EFAg=="}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1655038737650000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1655038737650000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038737650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655038737650000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655038737824000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038737824000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"}
@@ -92,7 +92,7 @@
 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738036000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738036000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655038738226000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038738226000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+j5AAD8GCAvAqAJkszzDMaFIFGaFGhGt4E9fP4AQAIAL\/wAAAQEICjeBPsPxtjzD"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030802079000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738381000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1655041569928000}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1655041569928000}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041569928000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655041569928000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655041569964000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655041569964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"}
@@ -106,7 +106,7 @@
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033851037000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257332000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032858052000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1655042688447000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1655042688447000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042688447000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655042688447000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655042688525000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655042688525000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"}
@@ -115,7 +115,7 @@
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042689683000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042689683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655042689901000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1655042689901000,"pkt":"eJS0JASgYDjgxTWgCABFAAA3k4RAAD8GbsLAqAJkszzDMaNQFGac146BikooJoAYAIALawAAAQEICje3QFiKYYVaAAEU"}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332854000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042690163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1655043596112000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1655043596112000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043596112000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655043596145000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043596145000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"}
@@ -123,7 +123,7 @@
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655043596146000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7sP9AAD8GUVPAqAJkszzDIZJqFGboXByPxoplnYAYAKxwrAAAAQEICgS3\/BOyfC6vAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596146000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655043596147000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655043596147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sQBAAD8GUVXAqAJkszzDIZJqFGboXByWxoplnYAYAKwmdAAAAQEICgS3\/BSyfC6vV0EFAg=="}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1655044288744000}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1655044288744000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288744000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044288744000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1655044288776000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044288776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"}
@@ -131,7 +131,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655044288777000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7RkBAAD8GvBLAqAJkszzDIZLOFGbS4v1DXwbxEoAYAKwsgwAAAQEICgTCjadrpjiAAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288777000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655044288780000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655044288780000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4RkFAAD8GvBTAqAJkszzDIZLOFGbS4v1KXwbxEoAYAKziSgAAAQEICgTCjahrpjiAV0EFAg=="}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1655044965142000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1655044965142000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965142000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044965142000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655044965172000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965172000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"}
@@ -140,7 +140,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965221000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965221000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655044965369000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965369000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AuFAAD8G\/2jAqAJkszzDMbK6FGZec+VHZebbbYAQAVdW7QAAAQEICkb6CG+VR7Qd"}
 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036864020000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":143,"global_ts_usec":1655045751925000}
+00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":143,"global_ts_usec":1655045751925000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045751925000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655045751925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1655045751957000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045751957000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"}
@@ -150,7 +150,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655045752137000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045752137000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toNAAD8GS8bAqAJkszzDMbMAFGajVEmCoOKxPIAQAVeUmAAAAQEICkb+ZOP0vQBX"}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943539000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037785423000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1655049443230000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1655049443230000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443230000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655049443230000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655049443263000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443263000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"}
@@ -160,7 +160,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655049443533000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KClAAD8G2iDAqAJkszzDMbVGFGZeo\/7smmmBW4AQAVfTLgAAAQEICkchxBdHYNMh"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738381000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041570363000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":163,"global_ts_usec":1655050704430000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":163,"global_ts_usec":1655050704430000}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655050704430000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655050704430000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655050704485000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655050704485000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"}
@@ -177,7 +177,7 @@
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051220512000,"flow_src_last_pkt_time":1655051220578000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220578000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655051220580000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051220580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVRAAD8GVQHAqAJkszzDIbGeFGYTOuP28T6CsoAYAKzQiQAAAQEICgUsUt67e8sgV0EFAg=="}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596381000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220729000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1655051492307000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1655051492307000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655051492307000,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051492307000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655051492307000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655051492339000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655051492339000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"}
@@ -193,7 +193,7 @@
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794037000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794037000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1655051794039000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051794039000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OxFAAD8Gx0TAqAJkszzDIbIiFGatOxW\/\/J8dd4AYAKy6IgAAAQEICgU1Eu0r+T5\/V0EFAg=="}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288931000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1655052148615000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1655052148615000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052148615000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052148615000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1655052148658000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052148658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"}
@@ -209,7 +209,7 @@
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438654000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1655052438655000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655052438655000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq9AAD8Gb6bAqAJkszzDIbPaFGZdYrgzyEw0oYAYAKzY6QAAAQEICgU+6PTmsVfEV0EFAg=="}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965409000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438807000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":212,"global_ts_usec":1655052853504000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":212,"global_ts_usec":1655052853504000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052853504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1655052853586000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853586000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"}
@@ -217,7 +217,7 @@
 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655052853647000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWWWVAAD8Gp8LAqAJkszzDMajGFGY2dfJp9PmkqoAYAIC\/dgAAAQEICjf7tWxHlNveAAAECAsICVdBBQIAARQSkQIKIA3YWjJeBPhhoYOLdXhImll2N3KB40xe5nXzVGKqi8lQEjB05YuN1sXT57G3SBCHnJEdXNBkV371\/xsNWC+B2W2c9R3PBaYxYkKqi91RPjTM0AAaugEXP+3uWGvoVm871kn2wjtmhgKuIJkNizNK\/9coL6rphC9vh6dV2jEyqfOFbZgWf8o\/EQFKWMBHIh7wJxYJvwjapQxRD1filQ5M12e0QPKj6ordybKIELcsCt7hErPy6sAkIPGcz3XyhYz\/Lb7ROlM7yct5Zfi3MPdNu9Wu4\/cE+HnYCNJgp1xz6RWgg5HS126k8knfuWBZUdlK+HGAXOiiBP94NYsZKb1yA+Td5aUETEJNN76KzEDIwLE="}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853647000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1655052853815000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853815000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWZAAD8GqOPAqAJkszzDMajGFGY2dfOL9Pmk44AQAICplQAAAQEICjf7thRHlNx9"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1655053633670000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1655053633670000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633670000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655053633670000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1655053633701000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633701000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"}
@@ -226,7 +226,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633738000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633738000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1655053633894000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633894000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVxAAD8GaO3AqAJkszzDMajeFGZP5tOHk8uM2YAQAIDGYQAAAQEICjf8DBOqRoaz"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045752178000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1655054457330000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1655054457330000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655054457330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1655054457362000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655054457362000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"}
@@ -234,7 +234,7 @@
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7VnNAAD8Gq9\/AqAJkszzDIbWEFGa\/Bme0dx424oAYAKyABgAAAQEICgVTMiyQiUPSAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457365000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnRAAD8Gq+HAqAJkszzDIbWEFGa\/Bme7dx424oAYAKw1zgAAAQEICgVTMi2QiUPSV0EFAg=="}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1655056441533000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1655056441533000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441533000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655056441533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1655056441563000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655056441563000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"}
@@ -242,7 +242,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7SQVAAD8GuU3AqAJkszzDIbkAFGYVt3H2m+tfO4AYAKzcHwAAAQEICgVxePGucNFZAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441565000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQZAAD8GuU\/AqAJkszzDIbkAFGYVt3H9m+tfO4AYAKyR5wAAAQEICgVxePKucNFZV0EFAg=="}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_usec":1655059510580000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_usec":1655059510580000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655059510580000,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510580000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655059510580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1655059510610000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655059510610000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"}
@@ -255,7 +255,7 @@
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794206000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443593000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704962000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1655060495977000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1655060495977000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060495977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655060495977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1655060496008000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655060496008000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"}
@@ -266,7 +266,7 @@
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148966000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853872000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438807000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1655061657436000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1655061657436000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061657436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655061657436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1655061657568000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061657568000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"}
@@ -282,7 +282,7 @@
 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655061873368000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKrKVAAD8GTrnAqAJkHw1dNr\/IFGZDXSW7fPQug4AYAIAPIwAAAQEICiQe2Mk8ThxmAAAECAsIDFdBBQIAAQgShQIKIOtKWvwh5\/ppyWV2\/78chw3eIBPlsh8jrfmHIruLZFUBEjC8WKWRQo+Toueq8YzobY4B8yj8PYgyc5mZhB9VKcjqzcB8IoQ1aRkf5QNWNURnuAcargE6xFUNq2D4uR+PXdAcvbjNXFB5HDx1ZVwyvCTiNXVhCL6BhskFeQ\/B2Nx6pN9cBoWD9XwKx9sQ\/HDlQBa7N83O5tyYcWmNAZ9ncVm1XLv2ZOlh1AA4iL2jTKOdgiv3hRlObMCcpNmk43fS1h8PPV9yFeoFc+Gfn40oM54oUWEVIUaJmiVnzB0xDdMDFSfDPeextxbIqFwAo0oeVBPt\/dZa4kxfLjr6sam3BkXtoCE="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061873368000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1655061873760000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061873760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKZAAD8GT87AqAJkHw1dNr\/IFGZDXSbRfPQuvIAQAID0DgAAAQEICiQe2lA8Th4U"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":285,"global_ts_usec":1655062569330000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":285,"global_ts_usec":1655062569330000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655062569330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1655062569374000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569374000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"}
@@ -291,7 +291,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569427000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1655062569631000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569631000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZpAAD8G0K\/AqAJkszzDMavKFGbYH6AuMQLb8YAQAIC23AAAAQEICjgjLgwTN8cM"}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457533000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569674000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1655063661893000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1655063661893000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661893000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655063661893000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1655063661925000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655063661925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"}
@@ -299,7 +299,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655063661927000,"pkt":"eJS0JASgYDjgxTWgCABFAAA76pxAAD8GF7bAqAJkszzDIaAeFGY4VRBrHmH5pIAYAKx3EgAAAQEICgXTDVv1t5VEAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661927000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1655063661932000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655063661932000,"pkt":"eJS0JASgYDjgxTWgCABFAAA46p1AAD8GF7jAqAJkszzDIaAeFGY4VRByHmH5pIAYAKws1wAAAQEICgXTDV\/1t5VEV0EFAg=="}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":302,"global_ts_usec":1655064434682000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":302,"global_ts_usec":1655064434682000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655064434682000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1655064434714000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"}
@@ -308,7 +308,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434792000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434792000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1655064434967000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434967000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5NAAD8GmrbAqAJkszzDMbDqFGZ3oU1+ZjrHEYAQAKzoaQAAAQEICsa39XSqpjWd"}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441715000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064435041000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":311,"global_ts_usec":1655065264797000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":311,"global_ts_usec":1655065264797000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065264797000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065264797000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1655065264828000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065264828000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"}
@@ -316,7 +316,7 @@
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655065265128000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/tthAAD8GS2bAqAJkszzDMclYFGbchY4HukzwuYAYAVc4UgAAAQEICkf\/T3LK+ltbAAAECAkIAldBBQI="}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065265128000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1655065265158000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655065265158000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6ttlAAD8GSmrAqAJkszzDMclYFGbchY4SukzwuYAYAVdbewAAAQEICkf\/T5DK+lt5AAEDEoACCiDyxnqELyO9DiOmj4gPsgZm81Sa79ftPFhljmr6qd1oQRIwPThdAFhj1B8I6QIvLX+j77uZklWR949rKuYWFBAMzbAuiseHDvS\/rZsok+lxvjUTGqkBsBREb\/7qCModtRpyj2H2YRH1M5ApgLzF7ttqBftUW3wdYyrLJuoEonja\/7H4LpxRuY+gcYnHQGtxrAaPdQEncGi6Fk6waqXV3d2Zg4ZB5+6FPI97xoGCuvCea81xyBWQqQijjE9PkudLXzutMO28tR6YGthlDu\/\/9D0TWhgA6hCecNjNt2dwbiW\/Kz1bV72uX\/ixxRHupAn2SMzdRJZRySzwM0s4RUGpjA=="}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_usec":1655065885451000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_usec":1655065885451000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885451000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065885451000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1655065885484000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"}
@@ -331,7 +331,7 @@
 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFghRAAD8GfyTAqAJkszzDMcoMFGZjsgDNIofjooAYAVe7cwAAAQEICkgIdo+T2De6AAAECAkIAldBBQIAAQMSgAIKIGY3KWvn5J6GZpS11PnywxLfIHHXDvcK7V62IsunAMEDEjADq3ZZlzgjaZEqlCz6O08aSPjXHdQ0IuiHcCaxzQveaZZMxvOrsWM5F7XCzC96RfsaqQGd81nmQhfDXeVMMDOoaD0Mgro6ELu5D0o9ieeCZCxmbzoxR3\/0Ndq1VZ0SdnBJJzqydQm98nXNDwEK0L2+hugBWxHMNDGEHMZjb2pDknP978ZhmTmGaO1i6twTH1OWKZNtvyC6EvqH52quDrZGzGV4HfLpNGMi9QWTbCtOzGI9sDclk3GlCbjtQiwuR\/6h2b9ZEypfpXelvdwljtC7gAj9v8XNTwoIW\/R7"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghVAAD8GgDTAqAJkszzDMcoMFGZjsgHeIofj24AQAVdmEgAAAQEICkgIdzST2Dhe"}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":334,"global_ts_usec":1655067574156000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":334,"global_ts_usec":1655067574156000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655067574156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655067574156000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1655067574187000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655067574187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"}
@@ -348,7 +348,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072120000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072120000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1655068072276000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068072276000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0tAAD8Ggv7AqAJkszzDMcu4FGbUWpKBCrZXSYAQAVd6sgAAAQEICkgqJNyouQJ\/"}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060496256000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":351,"global_ts_usec":1655068204945000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":351,"global_ts_usec":1655068204945000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068204945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655068204945000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1655068204976000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068204976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"}
@@ -363,7 +363,7 @@
 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655068672682000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFf7ZAAD8GgYLAqAJkszzDMcxGFGbT7keADNw8XIAYAVehngAAAQEICkgzTjPXLOIKAAAECAkIAldBBQIAAQMSgAIKIDTcgksnXRnebbwmEuP9yUM\/1VSf4uQ1RouMKF0wgxIMEjDa551egy9lP6Mucm2Ek37zsxPaQNIuZdlwglvM7Ytx\/e\/0R7Hg0Cxszw\/udO9P+ywaqQFAJTfp0KeYzwP5Pp2S\/FItGxL0ldUZvokSzO91CpfFFmo1bQGwmlLrmfIQd0nrsAxpua75td5KHth\/zvTo8QNnFP2+4zM8kAPUilZu6WgbaJyBs002FLq+y9i+ZBrz8i1XeheToEo3s5FsZkg+ZXnMqQdYF3uhDmsLzyoSu1QZNNflxKN+d2Q9g5a8QiVKOvvBqrmJnIWY8dUBesFIclYgR9PjxVB8M+Dh"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068672682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1655068672825000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068672825000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7dAAD8GgpLAqAJkszzDMcxGFGbT7kiRDNw8lYAQAVekkQAAAQEICkgzTsLXLOKZ"}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":366,"global_ts_usec":1655069476999000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":366,"global_ts_usec":1655069476999000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069476999000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655069476999000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1655069477033000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477033000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"}
@@ -373,7 +373,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1655069477208000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0tAAD8GQw7AqAJkszzDIaL6FGZl3HLcvQquXYAQAKy60QAAAQEICgX5tP4ysJir"}
 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873914000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657966000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":376,"global_ts_usec":1655071168997000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":376,"global_ts_usec":1655071168997000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655071168997000,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071168997000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655071168997000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1655071169028000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071169028000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"}
@@ -397,7 +397,7 @@
 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655071204870000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFpTFAAD8GbTbAqAJkHw1GMti0FGbC7URUktIbLIAYAVehCAAAAQEICpXhmHfVew4yAAAECAkIAldBBQIAAQMSgAIKIMbXMYxfoYkD5uM34AbTFmSF9c2ZsAJyUzuaseKfJmIFEjAXEG2A5EfAZg6UlPBuMtMJJKAJT8gydNa5jpvKH90uzjr5LMC\/040NXR\/W3njCrMsaqQFSGe3aY2dBEaAQ3stGpVcWbKKtk4lzLmY8GArNOt\/RBEztMz\/hQ3kJcymnjCbJHmMnazpuUL7GvLdfvpsygQKvMSNl0py\/U+76puYv1+op3fPZuCmPiO+ruxnr4GlVsYBr2TgzB7BDaidsEhkz2D0D6dVePn1xxMVdny6QIrYH1yF\/ZIWkgNBfOJda5dxU1rZB\/veq5rmWOQmOyg95qD1XFbzv0fbSPCRt"}
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655071204543000,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071204870000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1655071205707000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071205707000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pTJAAD8GbkbAqAJkHw1GMti0FGbC7UVlktIbZYAQAVeSqQAAAQEICpXhm7zVew+y"}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_usec":1655073402411000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_usec":1655073402411000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402411000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655073402411000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1655073402445000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655073402445000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"}
@@ -409,7 +409,7 @@
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265368000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1655074111508000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1655074111508000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074111508000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655074111508000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1655074111556000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074111556000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"}
@@ -431,7 +431,7 @@
 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655074681541000,"pkt":"eJS0JASgYDjgxTWgCABFAAFF1rlAAD8GKn\/AqAJkszzDMeNWFGYDhPIY+mPdyoAYAVc8EAAAAQEICkiO\/lDslGphAAAECAkIAldBBQIAAQMSgAIKIONURYOzj5yFvitPyR1HlvZLz09wP1MKDXCGkntEHmUvEjCKWDm8Di8PELTWn1odPuYtpyyU06Gop72zRsjsSLbPffjhK\/lnsN1jYnZu6Oxd\/ysaqQH2fWZCzpkathuNxNe2o891SYzt+fHmwNCOOayFx52MuNgH\/6lBAtCikLFZnJ+Q7b2fxit4hePoiVFtWTOWcwOPkLzeesGAWy5rmf9nmAlD1SUcWLqPTfL7n3Dlp34MQEWG3E1vWJy3jDC63Wq1LUdyerPkcja3pXFI72YGGR1xdH\/biDZZ3k3eGIz8i6CDkPQiKXU9alyM0\/qxxUtX\/hQqzil2ObNwVoEU"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074681541000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1655074681699000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074681699000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rpAAD8GK4\/AqAJkszzDMeNWFGYDhPMp+mPeA4AQAVfWCAAAAQEICkiO\/u3slGr\/"}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":434,"global_ts_usec":1655075014427000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":434,"global_ts_usec":1655075014427000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075014427000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1655075014457000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075014457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"}
@@ -440,7 +440,7 @@
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014459000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1655075014461000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075014461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA44ZFAAD8GIMTAqAJkszzDIacsFGb7al7G4\/2+D4AYAKyTegAAAQEICgYqt14s76qTV0EFAg=="}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574418000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":443,"global_ts_usec":1655075686356000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":443,"global_ts_usec":1655075686356000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075686356000,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686356000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075686356000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1655075686389000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075686389000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"}
@@ -450,7 +450,7 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1655075686392000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075686392000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv9AAD8Gv1bAqAJkszzDIaiQFGbxmYdWWdXXDoAYAKzfVAAAAQEICgY0+BluVC2VV0EFAg=="}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068205140000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072357000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":453,"global_ts_usec":1655078415178000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":453,"global_ts_usec":1655078415178000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078415178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655078415178000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1655078415208000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078415208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"}
@@ -474,7 +474,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078418150000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06u5AAD8GF1vAqAJkszzDMbYGFGbAe09aKCJ2ZYAQAIBysQAAAQEICjg3\/F+LqpEF"}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069477452000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672866000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1655079015860000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1655079015860000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079015860000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655079015860000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1655079015890000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655079015890000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"}
@@ -492,7 +492,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655079242760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA71X5AAD8GLNTAqAJkszzDIbBKFGYSKeei9mtN3YAYAKy21AAAAQEICgZrPCN7C7NTAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079242760000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1655079242764000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655079242764000,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X9AAD8GLNbAqAJkszzDIbBKFGYSKeep9mtN3YAYAKxsmQAAAQEICgZrPCd7C7NTV0EFAg=="}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":495,"global_ts_usec":1655085444940000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":495,"global_ts_usec":1655085444940000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085444940000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655085444940000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1655085444971000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655085444971000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"}
@@ -506,7 +506,7 @@
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111844000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681757000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402833000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":509,"global_ts_usec":1655089030478000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":509,"global_ts_usec":1655089030478000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655089030478000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1655089030510000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655089030510000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"}
@@ -519,7 +519,7 @@
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242898000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655078417966000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078417966000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655078418150000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":522,"global_ts_usec":1655090233457000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":522,"global_ts_usec":1655090233457000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233457000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655090233457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1655090233489000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233489000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"}
@@ -527,7 +527,7 @@
 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655090233603000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLYMhAAD8GoGrAqAJkszzDMbfuFGYjjxw6tsj\/nIAYAKz7xQAAAQEICse\/Hs2H9x+GAAAECAsICFdBBQIAAQkShgIKICL7PW3574TmjsxPc4PYUXbgLIRzLkSpjJUfuyP8EXoDEjA0da9FQiqfAjoDY1tgcac3k4SJDhZNONhNsG1AZJ\/17mrPMmmgD6MKyeBp3wpknAIarwGwqVXGYklD4UfBqBVJD9VnQBIilSLyYkgW3toqqTTHVSDoC6so2E3kEfo0wq++wjBSsFcLfr2IxsnMq4cQxzqBe++jQFco3BYlyDRDLgZUbb3v6DLKAs1w6wmVY6RASK1s5i8C5yY++EYNwiRIiZ3NII1bO2RyKk+UsW+nC04+8RSYt2Tz4DlvaaiYNIvCFVL8G7tCaAQcQ3YI55VUM58sZvBsx4nTgWfg94upnXSA"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1655090233759000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233759000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMlAAD8GoYDAqAJkszzDMbfuFGYjjx1Rtsj\/1YAQAKzpgAAAAQEICse\/H2mH9yAi"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":530,"global_ts_usec":1655091294583000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":530,"global_ts_usec":1655091294583000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294583000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655091294583000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1655091294836000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091294836000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"}
@@ -535,7 +535,7 @@
 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655091294939000,"pkt":"eJS0JASgYDjgxTWgCABFAAFK\/sJAAD8GAnHAqAJkszzDMcAeFGacobJJhNtvm4AYAIDmTwAAAQEICnGJiDYM9sCzAAAECAsIDFdBBQIAAQgShQIKIA4Pg8SPfXudDGrgRbkYSf\/nv1vxylfpNaOYoMHWS2kZEjDPRReg0qr7n7oGXz7TcUJSphq9mywRyfMmZmWOBNOCY3vXOosliHPK2OoOP1MV0WQargFIBGi0484zpCr8IUSfMcE7LQgkmNYpS1HBR2jdlWgnSdJAxUWfuDQ9UoK+rLfd7DCXAOKIs7E4dlxpvP3Yty0Mf\/tNV6cW1LRpBjZL0gpc6cRIhq8uF2fmp\/3AuGRGjfheB9M3vEdgAqxiyaevcQzvCXQCbY9Xm9Q7CjXiF8fXBRLkbx4OZpsRSIyEI14JpKzhHJegbZVz8XMCb9ubAsE7B9+xWOY56isNa4CLSt0="}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294939000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1655091295131000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091295131000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sNAAD8GA4bAqAJkszzDMcAeFGacobNfhNtwDYAQAIBaGAAAAQEICnGJiQoM9sGx"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":538,"global_ts_usec":1655096063383000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":538,"global_ts_usec":1655096063383000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655096063383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1655096063418000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063418000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"}
@@ -544,7 +544,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063459000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063826000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GtAAD8GMd7AqAJkszzDMcBQFGYzpQT3MmkxB4AQAIAf4AAAAQEICnGM2qjAwp8n"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085445318000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063826000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":547,"global_ts_usec":1655097851208000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":547,"global_ts_usec":1655097851208000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851208000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655097851208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1655097851243000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"}
@@ -554,7 +554,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1655097851776000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVZAAD8GfPPAqAJkszzDMbj2FGbdMgmJ2gcbuIAQAIDFJwAAAQEICjg\/zAinyyGv"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233805000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030857000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1655099328045000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1655099328045000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328045000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655099328045000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1655099328158000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328158000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"}
@@ -563,7 +563,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328197000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328197000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1655099328567000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/5AAD8G0kvAqAJkszzDMcBWFGYVxjkZ2SNc+YAQAIBa0gAAAQEICnGNqCqIgeX9"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091295192000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":322,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328610000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":566,"global_ts_usec":1655100445438000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":566,"global_ts_usec":1655100445438000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445438000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655100445438000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1655100445526000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445526000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"}
@@ -571,7 +571,7 @@
 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655100445594000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKdbZAAD8Gi33AqAJkszzDMcBiFGbUEWBL1mTBCIAYAIBMJAAAAQEICnGOFNmsjGg5AAAECAsIDFdBBQIAAQgShQIKIHj+X\/9Fl\/4t1nk3tiDKlT2kCmgsMRIwrZqTx6jmPT0wEjAbPfaNCrf9+apgcMO2IjeLYErAu\/\/B7qzkdN2M0urQtQq0nmg6ZWW8ONDvTa1W1bMargFs2lWSZuN3XOx4hK\/+JMknJ2b6UgVpwGRlgoGot2ojnzKHp4LvYYPcs4PZgwJlxhuVjwSQwxt3iTkBD9JnQY\/M0ilvugt0xw03w1z4Nvbd31IUUKOp8DEX6CtyXzHRASFRFA432Munimlz+4XjTslMU2Q9ILfOt6D\/pcSRIR4pgWhoyM7Z1C26lg3TOGQfeuCXYRmGERlEAdurxaMet+fwCPKGh6ZkxYGCHtLcVkA="}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445594000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1655100445964000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbdAAD8GjJLAqAJkszzDMcBiFGbUEWFh1mTBQYAQAID9iwAAAQEICnGOFkqsjGjv"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1655101503188000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1655101503188000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655101503188000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1655101503221000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503221000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"}
@@ -579,7 +579,7 @@
 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655101503267000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLuEpAAD8GSOjAqAJkszzDMbjAFGZ59kNpF+8VdoAYAKxbNQAAAQEICsfsCnmDiTh8AAAECAsICFdBBQIAAQkShgIKIAZUmmLyHPfKQnosmA\/ZcvDvtXLg5S93ZMd+AgnOfFhzEjC20yIdEGkkBO6fPumrM10uER2PxE\/aLgIDquC87Lo\/vd\/Ly30Pa4DV2T+sKc37c64arwF\/a\/pIAVsGbEtZMyNoRQ++yeOpqeyHKF7CDAXlxe4CgrVxOuIUu7w4afuQCnv8BdE\/4MwTakO9saxnL9D93QKRObRQuca3Pma3Nz6bE4LY9nL0IgPDFWsUg+ZoBKQEPYz3g9rPhkchNH38VUtSBcZ05C2RJnlzczoSyCQaiV76W1aC2\/vQ87D4Ir2wOBQ7pwJNFzn9+GHYSnHJugHvlZFLss3jeHakn0n3aw9hXuXN"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503267000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1655101503428000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEtAAD8GSf7AqAJkszzDMbjAFGZ59kSAF+8V6IAQAKzzcAAAAQEICsfsCxuDiTkg"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1655104186658000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1655104186658000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655104186658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1655104186714000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104186714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"}
@@ -588,7 +588,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186938000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186938000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1655104187147000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104187147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z91AAD8GMmzAqAJkszzDMbscFGbxjZD6kjD8rYAQAIBSSAAAAQEICjhaiabAS4dE"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104187274000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":591,"global_ts_usec":1655105188559000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":591,"global_ts_usec":1655105188559000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105188559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105188559000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1655105188592000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105188592000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"}
@@ -604,7 +604,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756007000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756007000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1655105756193000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105756193000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kA1AAD8GcjzAqAJkszzDMcEUFGaXC5ee7mWk64AQAIBipAAAAQEICjhyeqEzIlxy"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851805000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756270000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":607,"global_ts_usec":1655105790019000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":607,"global_ts_usec":1655105790019000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790019000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105790019000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1655105790049000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790049000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"}
@@ -612,7 +612,7 @@
 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655105790086000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLDWNAAD8G88\/AqAJkszzDMboSFGb46AYXXUqYTIAYAKwCvAAAAQEICsgArL9sf3kEAAAECAsICFdBBQIAAQkShgIKIKhBdjc2VPy8DR5rvHtno\/OCv0FzCxecldwoE0c0L4JHEjAk9D\/ZsxpIppNjRmSJJg3UjEzOPx84Wd7QQQQPBFbbHeahXxiBBwcGREcwaPBMXpIarwHexXT4AoY347kTk+5GKG\/TMtP1A3stxDLHBOYWDncAtU3x4qMUkZrLR7K+dUgdVZlOsTgRWO2CUaAluzf0j2Fzb7R+5hlR39l1\/ZaRg7f8jzTNBB7KEyhhlyVGvUUb9D2IbA+kci9HDk1Awcp6+eNy41CccaN6zt8m2Upix9rgC1aKZXJtjWqo6o8qfwZgqjycUVKJgFBByrw2KpKm9Ui19xk9NXKRclBEEjkbd5Nb"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1655105790243000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWRAAD8G9OXAqAJkszzDMboSFGb46AcuXUqYhYAQAKwcvAAAAQEICsgArVtsf3mf"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1655108001441000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1655108001441000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108001441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108001441000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1655108001604000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108001604000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"}
@@ -636,7 +636,7 @@
 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655108453728000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLGEFAAD8G6PHAqAJkszzDMbp6FGaSP+CHCev7oYAYAKw4MQAAAQEICsgJ8ShJX8CRAAAECAsICFdBBQIAAQkShgIKIL4GNcYClGlnFtJLkAUkKwU0YIGOT1ari6I5ZZVmYZwEEjBM3cfaRk3NmpoqvEvIf\/plMcusmIxjZe+WNB5b3H9ZpAhyJr2ElSPTLvDTfBGDNXoarwFChKWOq45ClrR\/bKwxPt5WVALJ3p7gHJ3PeE5+4BSmqLvkqcXJSeBPukO\/3KeOa2xctKFPg8UQqu5430KrKc2rc8yz2wDaJbuHmUsqifuZOrOa9d7do8CB3NpqbcaBbwJO6IF+is8R53KmqzFzfirW+0az\/B2tEXxK9xumCMYP0Ea1nVt3bNSdFMCLUA3jls00aVfrTWWQ76aWPps6NeLEiNQre2sG18sdjW5i+Svf"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108453728000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1655108453883000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108453883000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GEJAAD8G6gfAqAJkszzDMbp6FGaSP+GeCev72oAQAKwvuQAAAQEICsgJ8cJJX8Es"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":639,"global_ts_usec":1655108977493000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":639,"global_ts_usec":1655108977493000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977493000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108977493000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1655108977535000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108977535000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"}
@@ -645,7 +645,7 @@
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977793000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977793000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1655108978003000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108978003000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FD5AAD8G7gvAqAJkszzDMZIcFGYxkZiRFO3mGoAQAIAcXwAAAQEICjiGvh\/Zk+R8"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503710000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108978075000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":648,"global_ts_usec":1655109656108000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":648,"global_ts_usec":1655109656108000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656108000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655109656108000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1655109656138000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656138000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"}
@@ -653,7 +653,7 @@
 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655109656174000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLkRRAAD8GcB7AqAJkszzDMbqgFGZw+MTjqcWd3IAYAKyltAAAAQEICsgNk6wgPV2jAAAECAsICFdBBQIAAQkShgIKIEJnBc1C4LBUWYfVbR0MBs9Vedh2qDkdgnthFMah69sKEjBbeqUlhFEGlyZlGLbvtxNl\/jG22mlNm7QBJQkWKNjzIn\/01On7w2ne\/8HGawLaqpkarwEicy2ftvBeqkkjE79mspVBiH7RCSjPWzB6FmmUK5adnY4tSCupr4L8zEulLShlb42L2ygwAJWPT\/rKs0UFx7KndVJpDEadUP6eTjbAebv+s3CAz8N0PgdAKd4fdxZKDAmXjLytK+7C\/GlCD7+MjsRV\/YR1nCCWemBWD39Ghixh3pdU1PeBRsTMgwSjnxYX6cAr\/SyebNkgj3aPLvg9zeigfUqchhJ5kTR0D9TdtI\/M"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656174000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656661000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRVAAD8GcTTAqAJkszzDMbqgFGZw+MX6qcWeFYAQAKwTEAAAAQEICsgNlMggPV6e"}
-00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":656,"global_ts_usec":1655110961423000}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":656,"global_ts_usec":1655110961423000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655110961423000,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655110961423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655110961423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1655110961452000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655110961452000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"}
@@ -668,7 +668,7 @@
 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655111269298000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFEa5AAD8G74rAqAJkszzDMZMqFGZD+lK+LP1J\/oAYAVfosgAAAQEICkpzeEH1Cal8AAAECAkIAldBBQIAAQMSgAIKIP05yfQLJ1k4YN75b0bGs4Ylgfmfi\/IFvLiPro6jlGQtEjCmbiVahf1VncWlfaTW+\/WbaSRS6QjS2Nsx9o5oyyNwCpGWS5inFdgz\/63J5F44t2MaqQE4ehodUlmNxZZkAWB\/iaJy2eF3safRoUpltQuob\/02ypH9\/ICdJd2p2TWDHcxzcX66mvMqGSN7Wb7mMYyTgz4r47n2GtS2axys7Ye7ZeiVO3xW7+KyiB\/rYsIxQGuPcE4aCqDM4RDuTwrDeCdFnZSRZRWwcY+eNMdvHg+NXYk3ucRHAxE2dnxF6LET0mzlPVCJrUd+kcZ1qwDG6+QiSEpHfASwoatuph7m"}
 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111268965000,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111269298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1655111269446000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111269446000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ea9AAD8G8JrAqAJkszzDMZMqFGZD+lPPLP1KN4AQAVci+gAAAQEICkpzeNX1CaoQ"}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":671,"global_ts_usec":1655111789393000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":671,"global_ts_usec":1655111789393000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111789393000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655111789393000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1655111789426000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111789426000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"}
@@ -698,7 +698,7 @@
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7nT5AAD8GZRTAqAJkszzDIbXwFGY7fhdvAsizuoAYAKwsNgAAAQEICgaMpcv4l4WbAAAECAkIBQ=="}
 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111980926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT9AAD8GZRbAqAJkszzDIbXwFGY7fhd2AsizuoAYAKzh\/QAAAQEICgaMpcz4l4WbV0EFAg=="}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1655113084330000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1655113084330000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655113084330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1655113084383000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655113084383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"}
@@ -707,7 +707,7 @@
 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084612000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084612000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1655113084695000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655113084695000,"pkt":"eJS0JASgYDjgxTWgCABFAAFL1O1AAD8GLEXAqAJkszzDMZVaFGZIDGKnqtuzMYAYAICmWQAAAQEICji1Ittj8s28AAEUEpECCiDQISpTuXT+fM1sVkgw9WSLhrRW\/MBiu5786BpIyh5jNBIwxj9Q9UJOznhSMHnK6hbgij+Wn2mU2B0vnbqpx84LX7F2R0vRlMyngyZbJGEpS6eJGroBDO+WJEaCNNBpJpkKqD5ipZMWusBkF0O4ja17SAtzM8tcqpQHA1Ryn4IXnff6jdyTgrVnQ9p0q0zO8Z2L7OrR\/VxGLNyah9h+Dts\/xWbiwFwGdkGxB86jTRrNuzzS5ZqpLR8z+aMqtTHgeMMHJ8NjzeY1grhJv2Jkud6\/sCK3wgpP8qkvIm\/N9uMKCMUrETtZtKz7NH9R2gQC5GKMOSMAzJLwfMCDS3Dqwe3W3A2iV7eapzM+FP+FTQbd"}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188835000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":710,"global_ts_usec":1655114622076000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":710,"global_ts_usec":1655114622076000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655114622076000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1655114622106000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655114622106000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"}
@@ -717,7 +717,7 @@
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1655114622115000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655114622115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3ZAAD8G7t\/AqAJkszzDIbi0FGYRoZAXgQqHroAYAKygqAAAAQEICgaqYV98b+OpV0EFAg=="}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756270000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790289000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":720,"global_ts_usec":1655116217773000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":720,"global_ts_usec":1655116217773000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116217773000,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116217773000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116217773000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1655116217805000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116217805000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"}
@@ -728,7 +728,7 @@
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001999000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108385462000,"flow_src_last_pkt_time":1655108385787000,"flow_dst_last_pkt_time":1655108385462000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453928000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":731,"global_ts_usec":1655116940904000}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":731,"global_ts_usec":1655116940904000}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116940904000,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116940904000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116940904000,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_src_last_pkt_time":1655116940935000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116940935000,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"}
@@ -748,7 +748,7 @@
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655111826253000,"flow_src_last_pkt_time":1655111826511000,"flow_dst_last_pkt_time":1655111826253000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084909000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":751,"global_ts_usec":1655116941291000}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":751,"global_ts_usec":1655116941291000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 679/679
 ~~ skipped flows.............: 0
@@ -757,8 +757,8 @@
 ~~ total active/idle flows...: 86/86
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5878412 bytes
-~~ total memory freed........: 5878412 bytes
+~~ total memory allocated....: 5879796 bytes
+~~ total memory freed........: 5879796 bytes
 ~~ total allocations/frees...: 87560/87560
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 546 chars
diff --git a/test/results/default/whatsapp_login_call.pcap.out b/test/results/default/whatsapp_login_call.pcap.out
index b2a1e45c7..d4f5e87de 100644
--- a/test/results/default/whatsapp_login_call.pcap.out
+++ b/test/results/default/whatsapp_login_call.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582222253233}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582222253233}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582222253233,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582222253233,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"}
 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432582222267722,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1432582222267722,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="}
@@ -215,12 +215,14 @@
 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258815685,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="}
 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582258825375,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"}
+01097{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1432582258825375,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258881819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258881819,"pkt":"APS5Jrv0xiwDYGpkCABFAABIE\/gAAC8RqMJb\/bBBwKgCBCSAyT4ANMrWAAEAGCESpEKeaboEfgZsasdwHloACAAUqRSMFuqpInS4y87I6AOf8O\/PSC8="}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1432582258885754,"flow_dst_last_pkt_time":1432582258881819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258885754,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI60MAAEARv7bAqAIEW\/2wQck+JIAANLSRAQEAGCESpEKeaboEfgZsasdwHloACAAURgJjd0i0VDTJJrV76xTQyOSNOaY="}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259254832,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582259254832,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1432582259886962,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259886962,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1432582260514270,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582260514270,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+cUAAEARYPLAqAIEAcJav8k+65gANJE\/AAEAGCESpEJlzPg4GxgzVtPAczQACAAUByzPknXSQgU3SCNOJEjP0trCKUQ="}
-02382{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582260754649,"flow_dst_last_pkt_time":1432582260775626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":3471,"flow_dst_tot_l4_payload_len":2001,"midstream":0,"thread_ts_usec":1432582260775626,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":131289.3,"max":352421,"stddev":70223.6,"var":4931354624.0,"ent":4.7,"data": [85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877]},"pktlen": {"min":50,"avg":199.0,"max":337,"stddev":98.8,"var":9763.6,"ent":4.8,"data": [72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291]},"bins": {"c_to_s": [1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+02375{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582260754649,"flow_dst_last_pkt_time":1432582260775626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":3471,"flow_dst_tot_l4_payload_len":2001,"midstream":0,"thread_ts_usec":1432582260775626,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":131289.3,"max":352421,"stddev":70223.6,"var":4931354624.0,"ent":4.7,"data": [85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877]},"pktlen": {"min":50,"avg":199.0,"max":337,"stddev":98.8,"var":9763.6,"ent":4.8,"data": [72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291]},"bins": {"c_to_s": [1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1432582261145565,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582261145565,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIYAcAAEAR+rDAqAIEAcJav8k+65gANF9sAAEAGCESpEJrlvABy0sjWqgqRUMACAAUZ+Ym0GC+WjRbPeLsPQxQ+KfJET0="}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1432582267969615,"flow_dst_last_pkt_time":1432582238888265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582267969615,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaQoIAAEAR8UnAqAIEHw1kDsk+DZYAho8WCAAAaiESpEIAAHUQ+ENDH9BeI3pAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1432582267970545,"flow_dst_last_pkt_time":1432582239035335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582267970545,"pkt":"xiwDYGpkAPS5Jrv0CABFwACadjsAAEAR227AqAIEHw1GMMk+DZYAhobECAAAaiESpEIAACUBlIyWX5N55xVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
@@ -353,6 +355,7 @@
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303616302,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIgjEAAEARKMnAqAIEW\/2wQc46JcEANMh1AAEAGCESpEIsOC9qKgcRQkh47WsACAAU2ZdPl1kHfCpml7O+IRdvILydfEM="}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303694711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303694711,"pkt":"APS5Jrv0xiwDYGpkCABFAABIBlkAAC8RtmFb\/bBBwKgCBCXBzjoANK7MAQEAGCESpEIsOC9qKgcRQkh47WsACAAUfDHrJU+Q0hLT1ujVdOoJkJQ5oh0="}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303831637,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303831637,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1432582304464260,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582304464260,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIRQUAAEARFbPAqAIEAcJav846yg8ANIW7AAEAGCESpEIZoNpuKgJFUxs+kVcACAAURUHG5kUyySWGpYslvS2cuO+ddv8="}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1432582305100006,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582305100006,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+yoAAEARX43AqAIEAcJav846yg8ANESCAAEAGCESpEKHi4QAVEzkfV5fTxcACAAUSe5EBzgFfmq12TvpmvAMFQPSazU="}
 02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582305119064,"flow_dst_last_pkt_time":1432582305008654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":1888,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1432582305119064,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":40,"avg":113763.5,"max":307394,"stddev":86013.0,"var":7398240768.0,"ent":4.5,"data": [304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436]},"pktlen": {"min":54,"avg":141.0,"max":306,"stddev":58.8,"var":3453.3,"ent":4.9,"data": [72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]},"bins": {"c_to_s": [1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -365,9 +368,9 @@
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310666615,"flow_dst_last_pkt_time":1432582296551704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310666615,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4soAAEARtB7AqAIErfxyAc46DZYAhpkTCAAAaiESpEIAAPckPngMfZVuqj5AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310667258,"flow_dst_last_pkt_time":1432582296465530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310667258,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaDrsAAEARLu\/AqAIEHw1aMM46DZYAhtw8CAAAaiESpEIAAEIAbV8qcywo32NAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310667847,"flow_dst_last_pkt_time":1432582296517176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310667847,"pkt":"xiwDYGpkAPS5Jrv0CABFwACacW8AAEAR3DrAqAIEHw1KMM46DZYAhrcnCAAAaiESpEIAAMYoECn4BPzbT0FAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01141{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582267983119,"flow_src_last_pkt_time":1432582311138615,"flow_dst_last_pkt_time":1432582267983119,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01136{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582324191957,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIJmQAAEARzfDAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582331561251,"flow_src_last_pkt_time":1432582331561251,"flow_dst_last_pkt_time":1432582331561251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582331561251,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1432582331561251,"flow_dst_last_pkt_time":1432582331561251,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582331561251,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"}
@@ -433,11 +436,11 @@
 01001{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582310665524,"flow_dst_last_pkt_time":1432582296567432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01147{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432582246280217,"flow_src_last_pkt_time":1432582336425202,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
-01136{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1432582247125660,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01141{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582267983119,"flow_src_last_pkt_time":1432582311138615,"flow_dst_last_pkt_time":1432582267983119,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01136{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582271840128,"flow_src_last_pkt_time":1432582331780851,"flow_dst_last_pkt_time":1432582271840128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3000,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582223191773,"flow_dst_last_pkt_time":1432582223190009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":340,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582249235256,"flow_src_last_pkt_time":1432582249292701,"flow_dst_last_pkt_time":1432582249291378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -463,11 +466,11 @@
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432582246280217,"flow_src_last_pkt_time":1432582336425202,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806157,"flow_src_last_pkt_time":1432582285047789,"flow_dst_last_pkt_time":1432582284806157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":80,"flow_first_seen":1432582227643274,"flow_src_last_pkt_time":1432582361929399,"flow_dst_last_pkt_time":1432582361879794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":688,"flow_src_tot_l4_payload_len":8099,"flow_dst_tot_l4_payload_len":4875,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582353694076,"flow_dst_last_pkt_time":1432582353955055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":234,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":468,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806066,"flow_src_last_pkt_time":1432582285047655,"flow_dst_last_pkt_time":1432582284806066,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1432582247125660,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
-01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SRTP.WhatsAppCall","proto_id":"338.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582227526441,"flow_src_last_pkt_time":1432582227526441,"flow_dst_last_pkt_time":1432582227594651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582260448775,"flow_dst_last_pkt_time":1432582260403082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":8646,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582267974507,"flow_dst_last_pkt_time":1432582258924995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":316,"flow_src_tot_l4_payload_len":1837,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
@@ -487,10 +490,10 @@
 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284805992,"flow_src_last_pkt_time":1432582285047820,"flow_dst_last_pkt_time":1432582284805992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":24,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582264928868,"flow_dst_last_pkt_time":1432582264924464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":10180,"flow_dst_tot_l4_payload_len":5304,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
 01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}}
-00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":42,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":493,"global_ts_usec":1432582361929399}
+00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":45,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":496,"global_ts_usec":1432582361929399}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1253/1251
 ~~ skipped flows.............: 0
@@ -499,9 +502,9 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5691042 bytes
-~~ total memory freed........: 5691042 bytes
-~~ total allocations/frees...: 87758/87758
+~~ total memory allocated....: 5692018 bytes
+~~ total memory freed........: 5692018 bytes
+~~ total allocations/frees...: 87760/87760
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
 ~~ json message max len.......: 2513 chars
diff --git a/test/results/default/whatsapp_login_chat.pcap.out b/test/results/default/whatsapp_login_chat.pcap.out
index 6ab72563e..414b0e25e 100644
--- a/test/results/default/whatsapp_login_chat.pcap.out
+++ b/test/results/default/whatsapp_login_chat.pcap.out
@@ -1,5 +1,5 @@
-00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582377898864}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582377898864}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582377898864,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
@@ -58,7 +58,7 @@
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":20,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582385071316,"flow_dst_last_pkt_time":1432582385037978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":13821,"flow_dst_tot_l4_payload_len":5174,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1432582431565397}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1432582431565397}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 93/93
 ~~ skipped flows.............: 0
@@ -67,9 +67,9 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5526126 bytes
-~~ total memory freed........: 5526126 bytes
-~~ total allocations/frees...: 86041/86041
+~~ total memory allocated....: 5526291 bytes
+~~ total memory freed........: 5526291 bytes
+~~ total allocations/frees...: 86042/86042
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 542 chars
 ~~ json message max len.......: 2496 chars
diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out
index b4e5639ff..0d4e648ce 100644
--- a/test/results/default/whatsapp_voice_and_message.pcap.out
+++ b/test/results/default/whatsapp_voice_and_message.pcap.out
@@ -1,5 +1,5 @@
-00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820558921094}
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820558921094}
 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820558921094,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820558921094,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558982129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820558982129,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"}
@@ -123,7 +123,7 @@
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820691973004,"flow_dst_last_pkt_time":1432820691967480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":896,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1432820695137128}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1432820695137128}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 261/261
 ~~ skipped flows.............: 0
@@ -132,8 +132,8 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5541846 bytes
-~~ total memory freed........: 5541846 bytes
+~~ total memory allocated....: 5542062 bytes
+~~ total memory freed........: 5542062 bytes
 ~~ total allocations/frees...: 86258/86258
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/default/whatsappfiles.pcap.out b/test/results/default/whatsappfiles.pcap.out
index 21e1483ff..d5cc8c377 100644
--- a/test/results/default/whatsappfiles.pcap.out
+++ b/test/results/default/whatsappfiles.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1519924083411187}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1519924083411187}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083411187,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1519924083411187,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1519924083501147,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="}
@@ -21,7 +21,7 @@
 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240317078,"flow_dst_last_pkt_time":1519924240518900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":12875,"midstream":0,"thread_ts_usec":1519924240518900,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":19146.4,"max":107518,"stddev":30886.0,"var":953946176.0,"ent":3.3,"data": [56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201]},"pktlen": {"min":52,"avg":485.4,"max":1450,"stddev":599.2,"var":359069.1,"ent":4.0,"data": [64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450]},"bins": {"c_to_s": [6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":149,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924193366820,"flow_dst_last_pkt_time":1519924193429446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":178544,"flow_dst_tot_l4_payload_len":4980,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":178,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924247388841,"flow_dst_last_pkt_time":1519924247384385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":225649,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1519924247388841}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1519924247388841}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 620/620
 ~~ skipped flows.............: 0
@@ -30,8 +30,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5532772 bytes
-~~ total memory freed........: 5532772 bytes
+~~ total memory allocated....: 5532812 bytes
+~~ total memory freed........: 5532812 bytes
 ~~ total allocations/frees...: 86509/86509
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 551 chars
diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out
index 9838526fd..60196ef12 100644
--- a/test/results/default/whois.pcapng.out
+++ b/test/results/default/whois.pcapng.out
@@ -1,5 +1,5 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507397119066212}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507397119066212}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119066212,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1507397119066212,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1507397119183017,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"}
@@ -7,7 +7,7 @@
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1507397119183714,"pkt":"UlQAEjUCCAAnPqwxCABFAAA1fotAAEAGwO0KAAIPwAAvO6ycACuFe1kDAJdeAlAYchD7cQAAZXhhbXBsZS5jb20NCg=="}
 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1604305198454924}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1604305198454924}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
@@ -17,7 +17,7 @@
 01492{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
 01698{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}}}
 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623517268690274}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623517268690274}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="}
@@ -27,7 +27,7 @@
 01307{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1623517269021781}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1623517269021781}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 23/23
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5509232 bytes
-~~ total memory freed........: 5509232 bytes
+~~ total memory allocated....: 5509288 bytes
+~~ total memory freed........: 5509288 bytes
 ~~ total allocations/frees...: 85913/85913
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/windowsupdate_over_http.pcap.out b/test/results/default/windowsupdate_over_http.pcap.out
index 0ff89b067..4dd9707c0 100644
--- a/test/results/default/windowsupdate_over_http.pcap.out
+++ b/test/results/default/windowsupdate_over_http.pcap.out
@@ -1,4 +1,4 @@
-00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":94209879,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94209879,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":94209879,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zkVAAIAGQI8KAAIPl2NIfcKXAFAVLcI9AAAAAIAC+vDt3QAAAgQFtAEDAwgBAQQC"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":94216419,"pkt":"CAAn5uVZUlQAEjUCCABFAAAs7dwAAEAGoQCXY0h9CgACDwBQwpcBAsoBFS3CPmAS\/\/9G0AAAAgQFtA=="}
@@ -6,9 +6,9 @@
 01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"thread_ts_usec":94216792,"pkt":"UlQAEjUCCAAn5uVZCABFAAIHzk1AAIAGPrQKAAIPl2NIfcKXAFAVLcI+AQLKAlAY+vDefgAAR0VUIC9kYXRhLzA3ODNkZWRmYjYyZmE3MDkvbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZDFkMDYwYzAtN2VjZS00Yjk2LTk1NTgtNGJkMGYyMzI2MDQwP1AxPTE2NTIwODQ2ODMmUDI9NDA0JlAzPTImUDQ9R3RYbkRNdnNzYVRWWkUlMmJsaUdSTlpQZFRDR1pjZEszbHNmUWhCeWNHSTVvbjJkeVFLN21SemclMmZBUCUyZk91VlRlYnRmV1UlMmJmTCUyYlZwa1E5YndoTndVRFBBJTNkJTNkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQ6ICovKg0KUmFuZ2U6IGJ5dGVzPTQ5MjgzMDcyLTUwMzMxNjQ3DQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtRGVsaXZlcnktT3B0aW1pemF0aW9uLzEwLjANCk1TLUNWOiBTdUpZRnJZcjhVS1NoQ2c0Y09OZEx3LjAuMi43LjEuMS41DQpDb250ZW50LUxlbmd0aDogMA0KSG9zdDogMTUxLjk5LjcyLjEyNQ0KDQo="}
 01469{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94216792,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":0,"content_type":"","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":94216898,"pkt":"CAAn5uVZUlQAEjUCCABFAAAo7d0AAEAGoQOXY0h9CgACDwBQwpcBAsoCFS3EHVAQ\/\/9crgAA"}
-01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94225646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":94225646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}}
-01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":94227136}
+01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94225646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":94225646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}}
+01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
+00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":94227136}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -17,10 +17,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5499452 bytes
-~~ total memory freed........: 5499452 bytes
+~~ total memory allocated....: 5499479 bytes
+~~ total memory freed........: 5499479 bytes
 ~~ total allocations/frees...: 85896/85896
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 521 chars
-~~ json message max len.......: 1617 chars
-~~ json message avg len.......: 1051 chars
+~~ json message max len.......: 1636 chars
+~~ json message avg len.......: 1059 chars
diff --git a/test/results/default/wireguard.pcap.out b/test/results/default/wireguard.pcap.out
index 383dbded8..3bd1b7e74 100644
--- a/test/results/default/wireguard.pcap.out
+++ b/test/results/default/wireguard.pcap.out
@@ -1,5 +1,5 @@
-00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532126321356858}
+00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532126321356858}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0lLWDOjblv1r4CABFiACwAksAAEARY1YKCQABCgkAAqnGymwAnBTCAQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="}
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1532126321359376,"pkt":"Ojblv1r4ouY0lLWDCABFiAB4KjkAAEARO6AKCQACCgkAAcpsqcYAZBSKAgAAAAb0favYN9AwsY1VUL1AQqN6RoI6wI2x7GaDm8DKLWS8Fc2AIytmIy+uwkr4kY3hBg\/1yY6GXV818nIhTFJgEQ3Exh4yzdhUIQAAAAAAAAAAAAAAAAAAAAA="}
@@ -8,7 +8,7 @@
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1532126321359708,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126321359929,"pkt":"Ojblv1r4ouY0lLWDCABFAACcKjoAAEARPAMKCQACCgkAAcpsqcYAiBSuBAAAANg30DAAAAAAAAAAAG9PCA6fUmkbvpSFNfecE+1o8JFF1SPu2whyZfloCC9wc1cpJj7aYnx2g83AuAozVtlTbJ8OKHJ5e1yBcguguOpyM8bev58PvujxDsGJhbgkvzUPi4GA0Ipk5r6YEAiaw9E2PtXhKcoeBCXPfpSWVlk="}
 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532126322363971,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126322363971,"pkt":"ouY0lLWDOjblv1r4CABFAACcApAAAEARY60KCQABCgkAAqnGymwAiBSuBAAAAAb0fasBAAAAAAAAAHzNKCSiKfzNFoU7Hv+UasxWNazSNhCJwxaXBs4Pz2LNqySyHtibW+QDk8FpLPp6KYHljK6RU0il+fyDPap6kagbUeVbtzLq3DhtalfmJbCSy1upQ\/apOsaaBwHpnmAipi8Gbzy2IjKAkdrVnfE\/bjM="}
 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1532126461633953,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1563973554628757}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1563973554628757}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":800,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1563973554628757,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_usec":1563973554628757,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="}
 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1563973554628780,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"}
@@ -18,7 +18,7 @@
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1563973554711201,"flow_dst_last_pkt_time":1563973554642219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1563973554711201,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FcIAADURYrmLosCdwKgADspsjRQAaAbHBAAAAL5AaY1tAAAAAAAAAPpGK9K5H5VHV22UlCuzckhifHXG0mCPbNY7tJ3Ehp5q9DbTenVPM\/dETy5WTx4iR6yiQjK\/qZpSgBD1KbJ+XOoBt2B9Juw3RjALxSawFkyQ"}
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026333,"flow_dst_last_pkt_time":1563973563910592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4672,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1563973564026333}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1563973564026333}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 52/52
 ~~ skipped flows.............: 0
@@ -27,10 +27,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501653 bytes
-~~ total memory freed........: 5501653 bytes
-~~ total allocations/frees...: 85923/85923
+~~ total memory allocated....: 5501706 bytes
+~~ total memory freed........: 5501706 bytes
+~~ total allocations/frees...: 85924/85924
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 571 chars
+~~ json message min len.......: 569 chars
 ~~ json message max len.......: 1610 chars
-~~ json message avg len.......: 1089 chars
+~~ json message avg len.......: 1088 chars
diff --git a/test/results/default/wow.pcap.out b/test/results/default/wow.pcap.out
index 4c33ed988..ccc101937 100644
--- a/test/results/default/wow.pcap.out
+++ b/test/results/default/wow.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437858769436349}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437858769436349}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437858769436349,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769436349,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437858769437258,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769437258,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="}
@@ -29,7 +29,7 @@
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1437858849702632,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702632,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702756,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"}
 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849924849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":50,"midstream":0,"thread_ts_usec":1437858849924849,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1437859397750241}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1437859397750241}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437859397750241,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750241,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1437859397750308,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750308,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="}
@@ -42,7 +42,7 @@
 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859398404065,"flow_dst_last_pkt_time":1437859398661830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":93,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858780442418,"flow_dst_last_pkt_time":1437858780442307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858780577538,"flow_dst_last_pkt_time":1437858780577426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1437859398661830}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1437859398661830}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 95/95
 ~~ skipped flows.............: 0
@@ -51,8 +51,8 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5515919 bytes
-~~ total memory freed........: 5515919 bytes
+~~ total memory allocated....: 5516007 bytes
+~~ total memory freed........: 5516007 bytes
 ~~ total allocations/frees...: 86016/86016
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
diff --git a/test/results/default/xdmcp.pcap.out b/test/results/default/xdmcp.pcap.out
index 80aa7c00d..94cea2b9b 100644
--- a/test/results/default/xdmcp.pcap.out
+++ b/test/results/default/xdmcp.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1538467333581076}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1538467333581076}
 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_usec":1538467333581076,"pkt":"CAAngNsFUlQAEjUACABFAAAjIEIAAP8Rg4AKAQICCgECBO\/yALEAD\/cgAAEAAgABAAAAAAAAAAAAAAAA"}
 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
@@ -8,7 +8,7 @@
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1538467333586740,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1538467333731484,"pkt":"UlQAEjUACAAngNsFCABFAABQuVJAAEARaUMKAQIECgECAgCx7\/IAPBhVAAEACAAuDIAyAwAAAAAAEk1JVC1NQUdJQy1DT09LSUUtMQAQTPvoMVb5+UR+Qxed0+SWjg=="}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1538467334608643,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1538467334608643,"pkt":"CAAngNsFUlQAEjUACABFAAA5IEQAAP8Rg2gKAQICCgECBO\/yALEAJZG\/AAEACgAXDIAyAwAAAA9NSVQtdW5zcGVjaWZpZWQ="}
 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467336601228,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1538467336601228,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1538467336601228}
+00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1538467336601228}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498147 bytes
-~~ total memory freed........: 5498147 bytes
+~~ total memory allocated....: 5498171 bytes
+~~ total memory freed........: 5498171 bytes
 ~~ total allocations/frees...: 85866/85866
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 536 chars
diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out
index 8f1b10000..3b7614e21 100644
--- a/test/results/default/xiaomi.pcap.out
+++ b/test/results/default/xiaomi.pcap.out
@@ -1,9 +1,9 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054136437359}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054136437359}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="}
 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":""}}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1643625846975752}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1643625846975752}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625846975752,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625846975752,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="}
 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625847008745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1643625847008745,"pkt":"AAAAAAAAAAoAtbdgCABFAADsPqBAAEAGh1vAqPTbc6RK6LNQFGZzQUgnlJiQeoAYAKxOqAAAAQEIChFqVg7i0mMlwv4ABQAAAKwAAgAWAAAAjggAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA5UxoRVjEyLjUuMi4wLlJKV01JWE0iKmEtRDdBNUQ4QTlCNTM3NTI5Rjk2NkU0MjlEMDU4ODYyMDMyNEY2QzVFMigqMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS4zNS43Mzo1MjIyQhBhcl9FR18jdS1udS1sYXRuSgIYAFAebjssqA=="}
@@ -26,7 +26,7 @@
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858163146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643625858251774,"pkt":"AAAAAAAAAAUARa2GCABFFAB2BwBAAC0GT7dhJ3eswKhdOxRmySBqbHLjb20PkIAYADWSLgAAAQEIChVvdCQWrKzjwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjkyODQzNjUzNzESBGQzOGMaAggAIgB+7gui"}
 01830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1013,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1013,"pkt_l4_len":979,"thread_ts_usec":1643625858290111,"pkt":"AAAAAAAAAAUARa2GCABFAAPnXtVAAEAG4YTAqF07YSd3rMkgFGZvbQ+QamxzJYAYAVdAegAAAQEIChasrWIVb3Qkwv4ABQAAA6ePAlQXgwcDpjrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln6n2ECEvLfwgzevfD1u\/CWmlaUPaZueHN8B9ew4RhxHiqHdSsBkyR3\/8cXiDijQq6T8Ek7smY\/RX\/5leFfWyTeoTllIzIUkB55Pa1o+qg3e53JuNFDNQfWiRPHBesCrCXsbija8s1EZqinSwpndgCEBFquauEl0+Ragp0lMAm7RxiyEIiOyxii5gY6FbeEsulHj5K+xrSQspZJtPdEOSpF1rz3Gyo9NjcCfsHV9R4Qi2\/9SJtd09CAVq8p243RiYrBSFNXlnTx1d+gDkjIIWEnSHiWm6wI3RKFPkfupRRU42022iQm6gc+ln75Gn85HTw+NXyOi7hiRF7DRS7G7djKIAszOszTFHRkkpjyJOeBTxqe0\/cP7iVPR4k8S8Yt2IIyGHi9Ev4Zlb4gChCAaSmqzYYUrN1LvdTCbvsqCb4+X\/nhcnmWWblseOpPYxDs0BNszHZKDXWo+ranx19e5G\/9xXDFrAxfcMfNuriGBbbVAXe7462XSH\/+tpcjQk24myuI7hOvnD750dNp\/HrqJWAHUQZ74X6JknAabe7d8J0L2HrM9CKftKHNEwNVBo2W7hYmWR4sIdVm9PC1yhLua4+FQb6gD7CfCitUins9w35O879aJ6hQ6ifA72fy1CW8kYwHTRt1PYIpZxMYXrmTgEWSWA9qM82PLbe5eiXV7BJfNYZoJLzdYqhwGnnsmohpFVuKyUorBJD7vvuQD3SNaJCkOcjkonUC7w1Aoq\/LEleMvZMCV5xjp40ct2wu2xQKSVdZolpUZwqutt8Gf9sRoGhgdIPb9EK542l8\/A7tHHzrmc8IOcyiGpNJ\/EuwyWs7gFpgVLTXSPqTbe1qzkw0S2Y2nPo+6Ky42BpsyBzk4qUs6ydaYyDy4szOeNYiIojVSTrTxAv81CONJ2+ehjOWR8xPviE1S1QIXaYB4Gqs\/lZigZFQG\/oXglQxrWoVdulOJx7hBr6CvDnOH8iaYOEAE+dhE0\/fUwSxsmmO3nkoBZimUpkdwux5rIZFUx9dApAbOxa7+aCnM4QzRm98LOIHsLSXbGeit3y2PpoHyZPuSe4WpTir5GONnCdFxFykyAYWy1Q4zL\/K\/oFI9aozHoou7\/tqoKcgsNRo43pfiO7Jzlwy0YGnBZXXeyDs7q5ihlPt6rz9zQzrxMSuy3zrUgN1tIfI5+V1VE="}
 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1643625858384595,"pkt":"AAAAAAAAAAUARa2GCABFFACdBwFAAC4GTo9hJ3eswKhdOxRmySBqbHMlb20TQ4AYADRRBgAAAQEIChVvdKgWrK1iwv4ABQAAAF2PAlQXgwcA7DrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln4nmG0Vi+OwwzW+foz4TyXEsJXPSpg\/XoqwJuhd4u9kuYCJ6VJSia4DKX"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1649839944752000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1649839944752000}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944752000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944752000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MLBAAD8GlDbAqAJkA3+wSpNMFGaY8mRiAAAAAKAC\/\/+SoQAAAgQFtAQCCAodPXxCAAAAAAEDAwk="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944776000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPMGEOYDf7BKwKgCZBRmk0xMrReHmPJkY6ASaN+IpwAAAgQFrAQCCAr78kDrHT18QgEDAwg="}
@@ -37,7 +37,7 @@
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625847231770,"flow_dst_last_pkt_time":1643625847145760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":928,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":1112,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625858130651,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":947,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1117,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1643625848421465,"flow_src_last_pkt_time":1643625997739244,"flow_dst_last_pkt_time":1643625997646742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1085,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1649853179269000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1649853179269000}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179269000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179269000,"pkt":"eJS0JASgYDjgxTWgCABFAAA82XxAAD8GovfAqAJkEsHperAyFGbKjahPAAAAAKAC\/\/8SCgAAAgQFtAQCCAp5z8VmAAAAAAEDAwk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179291000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPUGxnMSwel6wKgCZBRmsDIvdwKjyo2oUKASaN9j8wAAAgQFrAQCCAqcy3ZJec\/FZgEDAwg="}
@@ -46,7 +46,7 @@
 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649853179337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Y2JAAPUGYxkSwel6wKgCZBRmsDIvdwKkyo2pKYAQAG758wAAAQEICpzLdnh5z8WU"}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649840399878000,"flow_dst_last_pkt_time":1649840399901000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":933,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":171,"midstream":0,"thread_ts_usec":1649853179854000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1650283578710000}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1650283578710000}
 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283578710000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650283578710000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DvVAAD8GnQ7AqAJky2sBQb46AFChwP+pAAAAAKAC\/\/8meQAAAgQFtAQCCArLcGZmAAAAAAEDAwk="}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650283579013000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAACkGwgvLawFBwKgCZABQvjrJa8kHocD\/qoASchB61gAAAgQFrAEBBAIBAwMH"}
@@ -55,7 +55,7 @@
 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"203.107.1.65","http": {"url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}}}
 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853538407000,"flow_dst_last_pkt_time":1649853179817000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":948,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":593,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1650283579202000}
+00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1650283579202000}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 52/52
 ~~ skipped flows.............: 0
@@ -64,8 +64,8 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525448 bytes
-~~ total memory freed........: 5525448 bytes
+~~ total memory allocated....: 5525568 bytes
+~~ total memory freed........: 5525568 bytes
 ~~ total allocations/frees...: 86000/86000
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/xss.pcap.out b/test/results/default/xss.pcap.out
index ddb6cd068..943d67286 100644
--- a/test/results/default/xss.pcap.out
+++ b/test/results/default/xss.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243489609806}
+00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243489609806}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489609806,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609806,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8+yJAAEAGt3DAqANtwKgDa9EKAFDSR62xAAAAAKAC+vBHrAAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609822,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QpkRtWU0ketsqAS\/og+LAAAAgQFtAQCCAqztRhGkEebngEDAwc="}
@@ -14,7 +14,7 @@
 01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489620426,"flow_dst_last_pkt_time":1655243489615942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":608,"flow_dst_tot_l4_payload_len":1843,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00947{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1655243489620426}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1655243489620426}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11/11
 ~~ skipped flows.............: 0
@@ -23,8 +23,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5500825 bytes
-~~ total memory freed........: 5500825 bytes
+~~ total memory allocated....: 5500865 bytes
+~~ total memory freed........: 5500865 bytes
 ~~ total allocations/frees...: 85890/85890
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
diff --git a/test/results/default/yandex.pcapng.out b/test/results/default/yandex.pcapng.out
index c9eaf8b1f..fc8acf5a7 100644
--- a/test/results/default/yandex.pcapng.out
+++ b/test/results/default/yandex.pcapng.out
@@ -1,5 +1,5 @@
-00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675629757956767}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675629757956767}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757956767,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757956767,"pkt":"dNqIE5X\/CI6QkAulCABFAAA87YBAAEAG6CrAqAH51bTMup0aAbsZxJRyAAAAAKAC+vDi+wAAAgQFtAQCCApF2HIeAAAAAAEDAwc="}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757971675,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcG3qvVtMy6wKgB+QG7nRotDdTkGcSUc6ASqUoQtAAAAgQFggQCCApPBdMWRdhyHgEDAwg="}
@@ -9,7 +9,7 @@
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757997818,"pkt":"CI6QkAuldNqIE5X\/CABFAAA03SdAADcGAYzVtMy6wKgB+QG7nRotDdTlGcSWeIAQAKjlzQAAAQEICk8F0yZF2HIt"}
 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
 01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88"}}}
-00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1675632200347508}
+00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1675632200347508}
 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200347508,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632200347508,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8p+RAAEAGmcPAqAH5spqD2N8mAbsQs3pEAAAAAKAC+vC2kwAAAgQFtAQCCAoxyf\/EAAAAAAEDAwc="}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675632200354042,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200354042,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+VAAEAGmcrAqAH5spqD2N8mAbsQs3pFVOenIIAQAfYqYQAAAQEICjHJ\/8uE0TMJ"}
@@ -39,7 +39,7 @@
 01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771661361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771661361,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0o39AADcGizxX+vpswKgB+QG73+pH994DthYOFIAQAKjWtwAAAQEICjlcYGHJQVuK"}
 01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t00d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
-00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1675633561788867}
+00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1675633561788867}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561788867,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561788867,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8OJ1AAEAG7PzAqAH5V\/r6huXQAbth\/x6mAAAAAKAC+vAp1QAAAgQFtAQCCAqt2\/gKAAAAAAEDAwc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561796212,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLppX+vqGwKgB+QG75dDNImeHYf8ep6ASqUqZLQAAAgQFggQCCAroj8Uzrdv4CgEDAwg="}
@@ -81,7 +81,7 @@
 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541955636,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMarket","proto_id":"91.56","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771825396,"flow_dst_last_pkt_time":1675632771825396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1072,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":1669,"flow_dst_tot_l4_payload_len":8437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2703,"flow_dst_tot_l4_payload_len":5466,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":130,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675633561819787}
+00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":130,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675633561819787}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 130/130
 ~~ skipped flows.............: 0
@@ -90,8 +90,8 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5613261 bytes
-~~ total memory freed........: 5613261 bytes
+~~ total memory allocated....: 5613413 bytes
+~~ total memory freed........: 5613413 bytes
 ~~ total allocations/frees...: 86175/86175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 547 chars
diff --git a/test/results/default/yojimbo.pcap.out b/test/results/default/yojimbo.pcap.out
index 0b9df6b64..3c7d5a25d 100644
--- a/test/results/default/yojimbo.pcap.out
+++ b/test/results/default/yojimbo.pcap.out
@@ -1,10 +1,10 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705841430802164}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1705841430802164}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 01971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1120,"pkt_l4_len":1086,"thread_ts_usec":1705841430802164,"pkt":"AAAAAAAAAAAAAAAACABFAARSxRtAAMIR8Xx\/AAABfwAAAYdOnEAEPgJSAE5FVENPREUgMS4wMgAAAAAAAAAAACATrWUAAAAAKEYo4cxsxbeO0bGn47kL6bIDhwFb6cXNgaAmgqG7OfEIoRHWgUHLOBEsmzkfjmvr6Cthgf2QIZ4Mk97xNQCSoVT3IBfKGcbuFUHtjUME04dUg7FSon9uKz63H8kkKmDM27hCsGkJ8pcpvjODFXa6vECBXfQ7YwQcC2hwnujXyAGXyxzMKYHJtc5zGs9uPLGhiXZjs2b6ZRVpcMfTM+TUewRvLl9d5pRM8MRznO6ke8Xij0xoZ4bLXDhDZPxxUSUVxlUi6PhvuXQHObIM\/Irjj0yYWbNeS58cDeEjgOhfFfUE4p7fKkwPOxG+L1LHt2i\/pa4hsJZd0nLAKeYIMmzBiXnhLmYw4aEX7KAldE8N5x6a28ChMpaJMTJaXdYeCFkSOSETAf5VATmAjsz246WRUBfKruKjYi8w3DE12Fy8q218zC6ajbMjixM5OZLYE1sQG54x2IGCnJrOSpeuH9vhXzg2pOr9jgTQC9tXUBIK+BRNxNdMRgGvAf8OPPdNPcqfzkMwzZyUNQ\/X04UIZ6bgZZJPXY+y5y6bcC\/g9UhsUR0EhuEaQOCeeS2KdT9X91bAosid3B8wXik5wugpmMknTQgFVJYtrv4hdQMejIa9CfAO9EoqOaFhYmjQtOVG2zByti3XrAIzqgPAtzkaaqxG\/kTxzvAUPgfDvj1vwKigHErva2jRMBMRYc7fbqVifXw\/5oCpNfT4haDeRE63W5LKPGcmgPUgTPAzrXHPE\/Cq5+pd3Rt0+DN\/VSMKYiSD9MAyk89fLaGI2W5c0QiWHVz+axOGP\/A5u2B2vBfPfMh1AaTS93MK2gyLL+HpMqcgYbXmyscvSydsrTl22fDmJYaUBcx32PcIQxaBxchgWRuJGWEiw2eQmZCQD4I\/WZqmzDRX088uAJ6qxRD+3xulxNOTxaqQNUh7ZxTktY4BswfyhNDJtqiYALpiEUNCzpAJSNm4FPNz8um1NGS9d3Dqlwp\/q6t8ZcMsQvpR1yhIBA25SdfmSxrb8p+l1QcjONwKhERsV9voT5pKSzybGc3pgzBRumB3VwY\/ZDYkj8uqoegxypS5Asq\/kC6A0xOkYpUIpttO3TOT6ESzAIqKxH8MIpyux5EE6onb1aqExUmjiIV40rg5XdsQspYr\/\/W3AIpktQpP\/0e+44QlnvT565BwfSP+TULnRvrtYXdwt9c52oukW09dpwXDN0wOhY4i8TIDqjp0+bXvULBMFKp4IkzmRvciwOsw0G1nWP4ZY11NM2vPdIYWaaX4TrkxuE5sMAhxj81+AiEYrkCDqZ3wnzr1gqS+O+eTzyuSzbjZ3vJ32fEbVr9h9T\/+ZUw5aAIYvIAcIcKWdBFxw3VYno5Dec9Hb82M+AI4a5b6jkRyqbp4x0KEtIBTd1IlRBcm4w=="}
 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1705841430802164,"flow_src_last_pkt_time":1705841430802164,"flow_dst_last_pkt_time":1705841430802164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1078,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1078,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1705841430802164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34638,"dst_port":40000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Yojimbo","proto_id":"388","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}}
-00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1705841430802164}
+00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yojimbo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1705841430802164}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
 ~~ skipped flows.............: 0
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498002 bytes
-~~ total memory freed........: 5498002 bytes
+~~ total memory allocated....: 5498026 bytes
+~~ total memory freed........: 5498026 bytes
 ~~ total allocations/frees...: 85861/85861
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 569 chars
+~~ json message min len.......: 567 chars
 ~~ json message max len.......: 1976 chars
-~~ json message avg len.......: 1227 chars
+~~ json message avg len.......: 1226 chars
diff --git a/test/results/default/youtube_quic.pcap.out b/test/results/default/youtube_quic.pcap.out
index 88d14b3fa..20a93d7fc 100644
--- a/test/results/default/youtube_quic.pcap.out
+++ b/test/results/default/youtube_quic.pcap.out
@@ -1,5 +1,5 @@
-00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1489363823466752}
+00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1489363823466752}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823466752,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}}
@@ -25,7 +25,7 @@
 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":113,"flow_dst_packets_processed":145,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363826862170,"flow_dst_last_pkt_time":1489363826861980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":11365,"flow_dst_tot_l4_payload_len":156294,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363824024913,"flow_dst_last_pkt_time":1489363823999542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2018,"flow_dst_tot_l4_payload_len":1915,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824712581,"flow_dst_last_pkt_time":1489363824840806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3551,"flow_dst_tot_l4_payload_len":4358,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1489363826862170}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1489363826862170}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 289/289
 ~~ skipped flows.............: 0
@@ -34,8 +34,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5510842 bytes
-~~ total memory freed........: 5510842 bytes
+~~ total memory allocated....: 5510898 bytes
+~~ total memory freed........: 5510898 bytes
 ~~ total allocations/frees...: 86174/86174
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 561 chars
diff --git a/test/results/default/youtubeupload.pcap.out b/test/results/default/youtubeupload.pcap.out
index 63fe6cc41..3b2b773cc 100644
--- a/test/results/default/youtubeupload.pcap.out
+++ b/test/results/default/youtubeupload.pcap.out
@@ -1,5 +1,5 @@
-00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1511102576794424}
+00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1511102576794424}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576794424,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64","quic_version":"Q039"}}}
@@ -27,7 +27,7 @@
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576954116,"flow_dst_last_pkt_time":1511102576952686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":4409,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":20,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102580286427,"flow_dst_last_pkt_time":1511102580285015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":97113,"flow_dst_tot_l4_payload_len":5163,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102594783349,"flow_dst_last_pkt_time":1511102594936951,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":8105,"flow_dst_tot_l4_payload_len":6001,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1511102594936951}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1511102594936951}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 137/137
 ~~ skipped flows.............: 0
@@ -36,8 +36,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5518749 bytes
-~~ total memory freed........: 5518749 bytes
+~~ total memory allocated....: 5518805 bytes
+~~ total memory freed........: 5518805 bytes
 ~~ total allocations/frees...: 86042/86042
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/z3950.pcapng.out b/test/results/default/z3950.pcapng.out
index dba59751f..c59eb7baa 100644
--- a/test/results/default/z3950.pcapng.out
+++ b/test/results/default/z3950.pcapng.out
@@ -1,12 +1,12 @@
-00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623680697296098}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623680697296098}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623680697296098,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697296098,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697327356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623680697329724,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1623680697329724,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1623680697330632,"pkt":"eJS0JASgYDjgxTWgCABFAACC7v1AAH8Gl1\/AqAJkwa7wXeYpANJ85vsC3ZUIa1AYAgRPTgAAtFiDAgDghAMAwaKFBAQAAACGBAQAAACfbgI4MZ9vClpPT00tQy9ZQVqfcC41LjQuMSAxMmI5NmNlNzE1NjBhNTY2ZGZmZjU5MDFlMmIxYWFhOWQyZGM5NGNj"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697354970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623680697354970,"pkt":"YDjgxTWgeJS0JASgCABFAAAoHB9AADYGs5jBrvBdwKgCZADS5indlQhrfOb7XFAQAfbzhQAAAAAAAAAA"}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1625070123680497}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1625070123680497}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625070123680497,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123680497,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123709562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123709562,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"}
@@ -17,7 +17,7 @@
 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680698821983,"flow_dst_last_pkt_time":1623680698846157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":3918,"midstream":0,"thread_ts_usec":1625070132777881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070196998319,"flow_dst_last_pkt_time":1625070132777866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1625070196998319,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070200217383,"flow_dst_last_pkt_time":1625070200217346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1625070200217383,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1625070200217383}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1625070200217383}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 31/31
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505140 bytes
-~~ total memory freed........: 5505140 bytes
+~~ total memory allocated....: 5505180 bytes
+~~ total memory freed........: 5505180 bytes
 ~~ total allocations/frees...: 85904/85904
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 529 chars
diff --git a/test/results/default/zabbix.pcap.out b/test/results/default/zabbix.pcap.out
index 18a47d50d..4be16a8c6 100644
--- a/test/results/default/zabbix.pcap.out
+++ b/test/results/default/zabbix.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572254070608539}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572254070608539}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608539,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608539,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608854,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="}
@@ -7,7 +7,7 @@
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1572254070608917,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="}
 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608917,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070609214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572254070609214,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"}
-00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1657872825792772}
+00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1657872825792772}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825792772,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792772,"pkt":"AAwphPY8AAwpXdTzCABFAAA86nZAAEAGwNPAqAcQwKgHEY9bJ0PFmT3IAAAAAKAC+vDyGgAAAgQFtAQCCArVxDu9AAAAAAEDAwc="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792809,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj1uwlSH0xZk9yaAS\/ohzWgAAAgQFtAQCCAqaoA3u1cQ7vQEDAwc="}
@@ -193,7 +193,7 @@
 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872870792611,"flow_src_last_pkt_time":1657872870794489,"flow_dst_last_pkt_time":1657872870794496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":40553,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952793338,"flow_dst_last_pkt_time":1657872952793345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872892792572,"flow_src_last_pkt_time":1657872892794079,"flow_dst_last_pkt_time":1657872892794088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36623,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":236,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1657872986793226}
+00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":236,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1657872986793226}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 236/236
 ~~ skipped flows.............: 0
@@ -202,8 +202,8 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5554773 bytes
-~~ total memory freed........: 5554773 bytes
+~~ total memory allocated....: 5555165 bytes
+~~ total memory freed........: 5555165 bytes
 ~~ total allocations/frees...: 86349/86349
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 544 chars
diff --git a/test/results/default/zattoo.pcap.out b/test/results/default/zattoo.pcap.out
index 6f3b51a9f..38d02d1be 100644
--- a/test/results/default/zattoo.pcap.out
+++ b/test/results/default/zattoo.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614851148233981}
+00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614851148233981}
 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148233981,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148233981,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148234305,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="}
@@ -17,7 +17,7 @@
 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614851148248533,"flow_dst_last_pkt_time":1614851148248907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_usec":1614851148248907,"pkt":"ApXG95NL5kBKB+riCABFAAG84bgAAH8GQ7UKZgACCmUAAgBQC3gk9N+zJPTdL1AYgAGT3gAASFRUUC8xLjAgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDY5MzQ0MjM5NA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyNTANCkRhdGU6IFNhdCwgMjAgQXVnIDIwMTEgMjM6MzQ6NTkgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjw\/eG1sIHZlcnNpb249IjEuMCI\/PjwhRE9DVFlQRSBjcm9zcy1kb21haW4tcG9saWN5IFNZU1RFTSAiaHR0cDovL3d3dy5tYWNyb21lZGlhLmNvbS94bWwvZHRkcy9jcm9zcy1kb21haW4tcG9saWN5LmR0ZCI+PGNyb3NzLWRvbWFpbi1wb2xpY3k+PGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKiIvPjxhbGxvdy1odHRwLXJlcXVlc3QtaGVhZGVycy1mcm9tIGRvbWFpbj0iKiIgaGVhZGVycz0iKiIvPjwvY3Jvc3MtZG9tYWluLXBvbGljeT4="}
 01316{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148237771,"flow_dst_last_pkt_time":1614851148238027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1165,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":2030,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","proto_id":"91.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}}
 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1614851148248095,"flow_src_last_pkt_time":1614851148254413,"flow_dst_last_pkt_time":1614851148254534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":961,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":5785,"flow_dst_tot_l4_payload_len":2260,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","proto_id":"7.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}}
-00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1614851148254534}
+00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1614851148254534}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 32/32
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5505562 bytes
-~~ total memory freed........: 5505562 bytes
+~~ total memory allocated....: 5505602 bytes
+~~ total memory freed........: 5505602 bytes
 ~~ total allocations/frees...: 85914/85914
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 537 chars
diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out
index 5fad620b3..3af47e626 100644
--- a/test/results/default/zoom.pcap.out
+++ b/test/results/default/zoom.pcap.out
@@ -1,5 +1,5 @@
-00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569520466080774}
+00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569520466080774}
 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
 01355{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","ja4":"t10d0909h2_61c4dbd01224_cc731f12afbb","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
@@ -214,7 +214,7 @@
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1569520473084563,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_usec":1569520473116083,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1569520473116331,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_usec":1569520473116331,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1569520473121070,"flow_dst_last_pkt_time":1569520473116083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1569520473121070,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDmwAAEARnEPAqAF1bV6gY\/EjImEAS0M9BQ0AAAAMASGOnDkoxEsvqQJwcoIuVvYBAAQDAgAAAAAAAAABAAAAFmRhdGFfYmluZF9yZXBsYWNlX2ZsYWcCAAAAAQ=="}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":701,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1673444902645655}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":701,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":33,"total-active-flows":33,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":217,"global_ts_usec":1673444902645655}
 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902645655,"packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902645655}
 00517{"packet_event_id":1,"packet_event_name":"packet","packet_id":701,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":167,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":167,"pkt_l4_len":0,"thread_ts_usec":1569520473198709,"pkt":"AAAAAAAAAAECAAD6gQBNQoEAQHEIAEUwAJHKGwAA\/xGzEwqGGUMKhA+wCGgIaAB9eUgw\/wBtBJhmXEUAAG316wAAQBEffgqMdSPBeiPtskIiYQBZseADAAAAEg\/+mNIAJy7JAQVA3IMlEZ3S66JjfHMo8enxO0XEN5PMhIeLRp6CXCZ6i5NbikRhcdwrc6d1VElcFx1R+ZHQglXiW8kQjpgMrPMjkQA="}
 00294{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902769137,"packet_id":702,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902769137}
@@ -289,7 +289,7 @@
 01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520472536483,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569520468399032,"flow_src_last_pkt_time":1569520468399309,"flow_dst_last_pkt_time":1569520468399032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569520473084563,"flow_src_last_pkt_time":1569520473170187,"flow_dst_last_pkt_time":1569520473198709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.Zoom","proto_id":"338.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
+01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469435439,"flow_dst_last_pkt_time":1569520469435372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":110,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469430881,"flow_dst_last_pkt_time":1569520469430777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":758,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1466,"flow_dst_tot_l4_payload_len":5833,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1569520469950703,"flow_src_last_pkt_time":1569520470454378,"flow_dst_last_pkt_time":1569520470449389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1614,"flow_dst_tot_l4_payload_len":15671,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
@@ -314,7 +314,7 @@
 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469984408,"flow_src_last_pkt_time":1569520469984408,"flow_dst_last_pkt_time":1569520470021639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":781,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":317,"global_ts_usec":1673445056996306}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":781,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":317,"global_ts_usec":1673445056996306}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 781/697
 ~~ skipped flows.............: 0
@@ -323,9 +323,9 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5823023 bytes
-~~ total memory freed........: 5823023 bytes
-~~ total allocations/frees...: 87008/87008
+~~ total memory allocated....: 5823585 bytes
+~~ total memory freed........: 5823585 bytes
+~~ total allocations/frees...: 87010/87010
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 298 chars
 ~~ json message max len.......: 2404 chars
diff --git a/test/results/default/zoom2.pcap.out b/test/results/default/zoom2.pcap.out
index a3992d3a2..0d31555f9 100644
--- a/test/results/default/zoom2.pcap.out
+++ b/test/results/default/zoom2.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642965458402978}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642965458402978}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="}
@@ -43,7 +43,7 @@
 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965459131929,"flow_dst_last_pkt_time":1642965459126031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2239,"flow_dst_tot_l4_payload_len":4984,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":98,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965464235467,"flow_dst_last_pkt_time":1642965464220244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":6619,"flow_dst_tot_l4_payload_len":13719,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.Zoom","proto_id":"338.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":66,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460403587,"flow_dst_last_pkt_time":1642965460412418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":2702,"flow_dst_tot_l4_payload_len":61420,"midstream":0,"thread_ts_usec":1642965500043016,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.Zoom","proto_id":"338.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":342,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1642965500043016}
+00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":342,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":97770,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1642965500043016}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 342/342
 ~~ skipped flows.............: 0
@@ -52,8 +52,8 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5525620 bytes
-~~ total memory freed........: 5525620 bytes
+~~ total memory allocated....: 5525692 bytes
+~~ total memory freed........: 5525692 bytes
 ~~ total allocations/frees...: 86247/86247
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/default/zoom_p2p.pcapng.out b/test/results/default/zoom_p2p.pcapng.out
index 5f6caab76..74f825247 100644
--- a/test/results/default/zoom_p2p.pcapng.out
+++ b/test/results/default/zoom_p2p.pcapng.out
@@ -1,5 +1,5 @@
-00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
+00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
@@ -128,7 +128,7 @@
 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}}
-00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663}
+00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 763/763
 ~~ skipped flows.............: 0
@@ -137,10 +137,10 @@
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5546080 bytes
-~~ total memory freed........: 5546080 bytes
+~~ total memory allocated....: 5546296 bytes
+~~ total memory freed........: 5546296 bytes
 ~~ total allocations/frees...: 86752/86752
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 572 chars
+~~ json message min len.......: 570 chars
 ~~ json message max len.......: 2171 chars
-~~ json message avg len.......: 1370 chars
+~~ json message avg len.......: 1369 chars
diff --git a/test/results/disable_aggressiveness/ookla.pcap.out b/test/results/disable_aggressiveness/ookla.pcap.out
index fdb097d45..b782b50cd 100644
--- a/test/results/disable_aggressiveness/ookla.pcap.out
+++ b/test/results/disable_aggressiveness/ookla.pcap.out
@@ -1,4 +1,4 @@
-00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="}
@@ -12,7 +12,7 @@
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
@@ -31,7 +31,7 @@
 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1679653269892307}
 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="}
@@ -53,7 +53,7 @@
 01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","ja4":"t13d1714h2_5b57614c22b0_8f66f9ee9c6c","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1679653307034874}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 113/113
 ~~ skipped flows.............: 0
@@ -62,8 +62,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5529549 bytes
-~~ total memory freed........: 5529549 bytes
+~~ total memory allocated....: 5529653 bytes
+~~ total memory freed........: 5529653 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/disable_metadata/tls_verylong_certificate.pcap.out
index e00c852ab..7e8d9d3be 100644
--- a/test/results/disable_metadata/tls_verylong_certificate.pcap.out
+++ b/test/results/disable_metadata/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00590{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03985{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02180{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01013{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/disable_metadata\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 571 chars
diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out
index 9e72afed7..b2b3927a0 100644
--- a/test/results/disable_protocols/dns_long_domainname.pcap.out
+++ b/test/results/disable_protocols/dns_long_domainname.pcap.out
@@ -1,12 +1,12 @@
-00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538}
+00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
 01101{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
 01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187}
+00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
 ~~ skipped flows.............: 0
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498055 bytes
-~~ total memory freed........: 5498055 bytes
+~~ total memory allocated....: 5498079 bytes
+~~ total memory freed........: 5498079 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 591 chars
+~~ json message min len.......: 589 chars
 ~~ json message max len.......: 1231 chars
-~~ json message avg len.......: 896 chars
+~~ json message avg len.......: 895 chars
diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out
index 249270223..daa23eafe 100644
--- a/test/results/disable_protocols/pluralsight.pcap.out
+++ b/test/results/disable_protocols/pluralsight.pcap.out
@@ -1,5 +1,5 @@
-00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733}
+00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733}
 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="}
@@ -56,7 +56,7 @@
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609}
+00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 44/44
 ~~ skipped flows.............: 0
@@ -65,8 +65,8 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5568455 bytes
-~~ total memory freed........: 5568455 bytes
+~~ total memory allocated....: 5568559 bytes
+~~ total memory freed........: 5568559 bytes
 ~~ total allocations/frees...: 86015/86015
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 563 chars
diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out
index 4f2d5f03d..ad3b78754 100644
--- a/test/results/disable_protocols/quic-mvfst-27.pcapng.out
+++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out
@@ -1,4 +1,4 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"}
 01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","ja4":"q00d0108h3_0f2cb44170f4_f4b4187450f5","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}}
@@ -7,7 +7,7 @@
 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="}
 02280{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="}
 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
-00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661}
+00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5508664 bytes
-~~ total memory freed........: 5508664 bytes
+~~ total memory allocated....: 5508688 bytes
+~~ total memory freed........: 5508688 bytes
 ~~ total allocations/frees...: 85901/85901
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 587 chars
+~~ json message min len.......: 585 chars
 ~~ json message max len.......: 2285 chars
-~~ json message avg len.......: 1431 chars
+~~ json message avg len.......: 1430 chars
diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out
index 1677f274f..23766f8dc 100644
--- a/test/results/disable_protocols/soap.pcap.out
+++ b/test/results/disable_protocols/soap.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"}
@@ -9,7 +9,7 @@
 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"}
 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860}
+00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860}
 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="}
 02184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="}
@@ -21,7 +21,7 @@
 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381}
+00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
 ~~ skipped flows.............: 0
@@ -30,8 +30,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5507135 bytes
-~~ total memory freed........: 5507135 bytes
+~~ total memory allocated....: 5507191 bytes
+~~ total memory freed........: 5507191 bytes
 ~~ total allocations/frees...: 85910/85910
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 549 chars
diff --git a/test/results/dns_process_response_disable/dns.pcap.out b/test/results/dns_process_response_disable/dns.pcap.out
index 82c3e2023..12ed2912d 100644
--- a/test/results/dns_process_response_disable/dns.pcap.out
+++ b/test/results/dns_process_response_disable/dns.pcap.out
@@ -1,17 +1,17 @@
-00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
+00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="}
 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
-00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
 00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667}
 00430{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="}
 00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144}
 00601{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/3
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498060 bytes
-~~ total memory freed........: 5498060 bytes
+~~ total memory allocated....: 5498084 bytes
+~~ total memory freed........: 5498084 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 317 chars
diff --git a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out
index 5aa4d77bc..f2ec1cf1c 100644
--- a/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out
+++ b/test/results/dns_subclassification_and_process_response_disable/dns.pcap.out
@@ -1,17 +1,17 @@
-00603{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00666{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
+00601{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00664{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="}
 01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
-00668{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
+00666{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
 00334{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667}
 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="}
 00334{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144}
 00623{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"}
 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00671{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
+00669{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_and_process_response_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/3
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498060 bytes
-~~ total memory freed........: 5498060 bytes
+~~ total memory allocated....: 5498084 bytes
+~~ total memory freed........: 5498084 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 339 chars
diff --git a/test/results/dns_subclassification_disable/dns.pcap.out b/test/results/dns_subclassification_disable/dns.pcap.out
index 0fddaaf32..0d8001d03 100644
--- a/test/results/dns_subclassification_disable/dns.pcap.out
+++ b/test/results/dns_subclassification_disable/dns.pcap.out
@@ -1,17 +1,17 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1112172654366527}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1112172654366527,"pkt":"AOAYsQytAMCfMkGMCABFAAA+1TkAAIARkAfAqKoUwKiqCAA1gBsAKryJ3KKBgAABAAAAAAAAA3d3dwFsBmdvb2dsZQNjb20AABwAAQ=="}
 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172654366527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1112172654366527,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.l.google.com","dns": {"num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1112172654366527,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695204348,"pkt":"AMCfMkGMAOAYsQytCABFAAA9AABAAEARZULAqKoIwKiqFIAbADUAKYhhvB8BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1112172695437491,"pkt":"AOAYsQytAMCfMkGMCABFAAA91p8AAIARjqLAqKoUwKiqCAA1gBsAKQfhvB+BgAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAHAAB"}
-00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
+00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1484673025972667}
 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025972667,"packet_id":4,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025972667}
 00431{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":91,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAPwAhRQAAPQAAQABAEYShUrJx9VKynrW4lwA1ACm2fXhDAQAAAQAAAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAQ=="}
 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1484673025976144,"packet_id":5,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1484673025976144}
 00602{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":219,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":219,"pkt_l4_len":0,"thread_ts_usec":1112172695437491,"pkt":"AAAAAAAB1JToDq3BgQABpYEAAxGIZBEAVWoAvwAhRQAAvQAAQAA6EYohUrKetVKycfUANbiXAKnLC3hDgYAAAQAIAAAAAAJlNwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAesABKkt2+vADAABAAEAAAHrAASpLyiOwAwAAQABAAAB6wAEqS34ecAMAAEAAQAAAesABGyosOrADAABAAEAAAHrAASpLfi9wAwAAQABAAAB6wAEqS34tMAMAAEAAQAAAesABKk1UU\/ADAABAAEAAAHrAASpLdvo"}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1112172654366527,"flow_src_last_pkt_time":1112172695437491,"flow_dst_last_pkt_time":1112172695204348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":33,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":33,"midstream":0,"thread_ts_usec":1112172695437491,"l3_proto":"ip4","src_ip":"192.168.170.20","dst_ip":"192.168.170.8","src_port":53,"dst_port":32795,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/dns_subclassification_disable\/pcap\/dns.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":5,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1484673025976144}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/3
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498060 bytes
-~~ total memory freed........: 5498060 bytes
+~~ total memory allocated....: 5498084 bytes
+~~ total memory freed........: 5498084 bytes
 ~~ total allocations/frees...: 85863/85863
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 318 chars
diff --git a/test/results/enable_doh_heuristic/doh.pcapng.out b/test/results/enable_doh_heuristic/doh.pcapng.out
index 4777ec1b1..fbd208029 100644
--- a/test/results/enable_doh_heuristic/doh.pcapng.out
+++ b/test/results/enable_doh_heuristic/doh.pcapng.out
@@ -1,5 +1,5 @@
-00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632}
+00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632}
 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"}
@@ -10,7 +10,7 @@
 01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","ja4":"t13d1909h2_9dc949149365_97f8aa674fd9","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
 02398{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537}
+00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 120/120
 ~~ skipped flows.............: 0
@@ -19,8 +19,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511383 bytes
-~~ total memory freed........: 5511383 bytes
+~~ total memory allocated....: 5511407 bytes
+~~ total memory freed........: 5511407 bytes
 ~~ total allocations/frees...: 85986/85986
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 548 chars
diff --git a/test/results/enable_payload_stat/1kxun.pcap.out b/test/results/enable_payload_stat/1kxun.pcap.out
index 6e0b43279..e6019a5e6 100644
--- a/test/results/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/enable_payload_stat/1kxun.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
+00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -689,7 +689,7 @@
 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00661{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
+00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
 01481{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}}
@@ -709,7 +709,7 @@
 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1654385127293052,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"}
 01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}}
 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_usec":1654385127425884,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"}
-01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
+01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_usec":1654385127488169,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="}
 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1654385128878259,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
@@ -838,7 +838,7 @@
 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
@@ -1291,7 +1291,7 @@
 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -1300,7 +1300,7 @@
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00666{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
+00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1723/1723
 ~~ skipped flows.............: 0
@@ -1309,9 +1309,9 @@
 ~~ total active/idle flows...: 197/197
 ~~ total timeout flows.......: 20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6054376 bytes
-~~ total memory freed........: 6054376 bytes
-~~ total allocations/frees...: 90515/90515
+~~ total memory allocated....: 6057552 bytes
+~~ total memory freed........: 6057552 bytes
+~~ total allocations/frees...: 90516/90516
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 541 chars
 ~~ json message max len.......: 11864 chars
diff --git a/test/results/flow-analyse/default/elf.pcap.out b/test/results/flow-analyse/default/elf.pcap.out
new file mode 100644
index 000000000..bab73746f
--- /dev/null
+++ b/test/results/flow-analyse/default/elf.pcap.out
@@ -0,0 +1 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
diff --git a/test/results/flow-analyse/default/netflix.pcap.out b/test/results/flow-analyse/default/netflix.pcap.out
index 3d4fe8dfd..9db8c92f6 100644
--- a/test/results/flow-analyse/default/netflix.pcap.out
+++ b/test/results/flow-analyse/default/netflix.pcap.out
@@ -4,24 +4,24 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.1.7,52.89.39.139,tcp,53132,443,info,17,15,1484319035079531,1484319042786338,1484319042922798,0,0,1448,1448,4576,5220,0,147,501615.3,7507819,1826252.6,3335198867456.0,1.4,"49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990",52,358.8,1500,520.7,271128.8,3.8,"64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474","10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1","4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"15"
 1,ip4,192.168.1.7,54.201.191.132,tcp,53151,80,finished,12,20,1484319048780859,1484319049236027,1484319049229808,0,0,1448,1448,2612,21687,0,193,29165.1,187154,42322.7,1791214592.0,4.0,"44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463",52,812.3,1500,674.9,455511.9,4.4,"64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64","9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0","0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0","4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,184.25.204.25,tcp,53148,80,finished,14,18,1484319043012652,1484319049640319,1484319049653906,0,0,246,1448,491,23168,0,590,428029.7,6030936,1231580.9,1516791529472.0,2.3,"22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068",52,795.6,1500,706.6,499284.2,4.3,"64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1","4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
-1,ip4,192.168.1.7,23.246.11.145,tcp,53163,80,finished,11,21,1484319050652467,1484319051912595,1484319051940613,0,0,356,1448,356,28027,0,3794,82202.4,651024,153564.6,23582076928.0,3.6,"24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077",52,940.8,1500,683.5,467159.1,4.5,"64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500","10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1","4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.3.140,tcp,53171,80,finished,10,22,1484319054101585,1484319054294236,1484319054480080,0,0,354,1448,354,29479,0,2187,18424.1,44333,10032.7,100655136.0,4.7,"30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167",52,984.9,1500,672.7,452466.1,4.5,"64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1","4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53180,80,finished,21,11,1484319056241489,1484319059351882,1484319059371795,0,0,360,1448,360,13550,0,394,201312.9,2097549,403399.4,162731114496.0,3.6,"61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903",52,493.7,1500,638.1,407212.3,3.9,"64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1","4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53177,80,finished,20,12,1484319056233255,1484319060551613,1484319060618267,0,0,360,1448,360,13563,0,135,280753.9,1046959,300914.6,90549583872.0,4.2,"43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897",52,490.1,1500,638.9,408170.9,3.9,"64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1","4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53175,80,finished,20,12,1484319056221799,1484319060594060,1484319060664663,0,0,357,1448,357,14998,0,569,284358.9,1636184,362564.9,131453321216.0,4.0,"16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864",52,536.6,1500,657.9,432827.8,3.9,"64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1","4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.133,tcp,53173,80,finished,16,16,1484319056210218,1484319060695068,1484319060746254,0,0,357,1448,357,20790,0,4949,290996.3,1397235,314333.5,98805530624.0,4.2,"23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490",52,716.2,1500,699.0,488561.8,4.2,"64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500","15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53182,80,finished,21,11,1484319056264541,1484319060916913,1484319060915445,0,0,358,1448,358,13550,0,342,300105.7,2716440,539188.2,290723889152.0,3.6,"61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098",52,492.6,1500,638.8,408052.9,3.9,"64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0","4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53174,80,finished,22,10,1484319056214323,1484319060947278,1484319060861747,0,0,358,1448,358,12102,0,137,302592.9,3094333,556136.4,309287714816.0,3.7,"19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619",52,447.8,1500,616.5,380048.7,3.8,"64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0","4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53181,80,finished,22,10,1484319056264215,1484319061168059,1484319060482194,0,0,359,1448,359,12101,0,266,294252.3,2608516,529173.0,280024055808.0,3.5,"61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559",52,449.2,1500,615.6,378913.2,3.8,"64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0","4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.133,tcp,53172,80,finished,21,11,1484319056204111,1484319061128980,1484319061270358,0,0,358,1448,358,13550,0,79,322294.1,3064500,576519.8,332375130112.0,3.6,"11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284",52,495.0,1500,637.2,406023.8,3.9,"64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1","4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53178,80,finished,21,11,1484319056233602,1484319061706774,1484319061794702,0,0,357,1448,357,13550,0,240,355944.2,3546297,682699.4,466078498816.0,3.5,"43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168",52,493.2,1500,638.4,407523.4,3.9,"64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1","4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53179,80,finished,20,12,1484319056234960,1484319062638948,1484319062680623,0,0,358,1448,358,14998,0,72,414504.9,4457097,811357.3,658300731392.0,3.6,"41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793",52,538.1,1500,656.8,431419.8,3.9,"64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1","4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
-1,ip4,192.168.1.7,23.246.11.141,tcp,53176,80,finished,23,9,1484319056232857,1484319062946776,1484319063015567,0,0,358,1448,358,10653,0,682,435375.1,4431980,814478.7,663375511552.0,3.6,"43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669",52,404.2,1500,589.2,347103.4,3.7,"64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500","22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1","4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
+1,ip4,192.168.1.7,23.246.11.145,tcp,53163,80,finished,11,21,1484319050652467,1484319051912595,1484319051940613,0,0,356,1448,356,28027,0,3794,82202.4,651024,153564.6,23582076928.0,3.6,"24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077",52,940.8,1500,683.5,467159.1,4.5,"64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500","10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1","4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.3.140,tcp,53171,80,finished,10,22,1484319054101585,1484319054294236,1484319054480080,0,0,354,1448,354,29479,0,2187,18424.1,44333,10032.7,100655136.0,4.7,"30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167",52,984.9,1500,672.7,452466.1,4.5,"64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1","4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53180,80,finished,21,11,1484319056241489,1484319059351882,1484319059371795,0,0,360,1448,360,13550,0,394,201312.9,2097549,403399.4,162731114496.0,3.6,"61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903",52,493.7,1500,638.1,407212.3,3.9,"64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1","4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53177,80,finished,20,12,1484319056233255,1484319060551613,1484319060618267,0,0,360,1448,360,13563,0,135,280753.9,1046959,300914.6,90549583872.0,4.2,"43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897",52,490.1,1500,638.9,408170.9,3.9,"64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1","4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53175,80,finished,20,12,1484319056221799,1484319060594060,1484319060664663,0,0,357,1448,357,14998,0,569,284358.9,1636184,362564.9,131453321216.0,4.0,"16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864",52,536.6,1500,657.9,432827.8,3.9,"64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1","4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.133,tcp,53173,80,finished,16,16,1484319056210218,1484319060695068,1484319060746254,0,0,357,1448,357,20790,0,4949,290996.3,1397235,314333.5,98805530624.0,4.2,"23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490",52,716.2,1500,699.0,488561.8,4.2,"64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500","15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53182,80,finished,21,11,1484319056264541,1484319060916913,1484319060915445,0,0,358,1448,358,13550,0,342,300105.7,2716440,539188.2,290723889152.0,3.6,"61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098",52,492.6,1500,638.8,408052.9,3.9,"64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0","4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53174,80,finished,22,10,1484319056214323,1484319060947278,1484319060861747,0,0,358,1448,358,12102,0,137,302592.9,3094333,556136.4,309287714816.0,3.7,"19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619",52,447.8,1500,616.5,380048.7,3.8,"64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0","4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53181,80,finished,22,10,1484319056264215,1484319061168059,1484319060482194,0,0,359,1448,359,12101,0,266,294252.3,2608516,529173.0,280024055808.0,3.5,"61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559",52,449.2,1500,615.6,378913.2,3.8,"64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0","4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.133,tcp,53172,80,finished,21,11,1484319056204111,1484319061128980,1484319061270358,0,0,358,1448,358,13550,0,79,322294.1,3064500,576519.8,332375130112.0,3.6,"11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284",52,495.0,1500,637.2,406023.8,3.9,"64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1","4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53178,80,finished,21,11,1484319056233602,1484319061706774,1484319061794702,0,0,357,1448,357,13550,0,240,355944.2,3546297,682699.4,466078498816.0,3.5,"43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168",52,493.2,1500,638.4,407523.4,3.9,"64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1","4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53179,80,finished,20,12,1484319056234960,1484319062638948,1484319062680623,0,0,358,1448,358,14998,0,72,414504.9,4457097,811357.3,658300731392.0,3.6,"41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793",52,538.1,1500,656.8,431419.8,3.9,"64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1","4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
+1,ip4,192.168.1.7,23.246.11.141,tcp,53176,80,finished,23,9,1484319056232857,1484319062946776,1484319063015567,0,0,358,1448,358,10653,0,682,435375.1,4431980,814478.7,663375511552.0,3.6,"43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669",52,404.2,1500,589.2,347103.4,3.7,"64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500","22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1","4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
 1,ip4,192.168.1.7,54.69.204.241,tcp,53118,443,info,17,15,1484319033631945,1484319063959877,1484319064010312,0,0,1448,1448,6334,4142,0,136,1958267.8,30086001,7379834.5,54461959503872.0,1.1,"47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822",52,380.0,1500,556.9,310128.2,3.8,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52","9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0","9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1","4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,54.69.204.241,tcp,53119,443,info,18,14,1484319033943762,1484319064712006,1484319034278653,0,0,1448,1448,6319,4140,0,74,1003326.9,30431499,5372888.5,28867930619904.0,0.2,"44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499",52,379.5,1500,557.0,310204.4,3.8,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52","10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0","7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0","4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,54.191.17.51,tcp,53202,443,info,19,13,1484319064671268,1484319065492035,1484319065478679,0,0,1448,1448,9240,6755,0,182,52521.9,282465,58168.2,3383536896.0,4.2,"50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723",52,552.5,1500,629.7,396553.7,4.0,"64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52","10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0","0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0","4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"15"
 1,ip4,192.168.1.7,52.37.36.252,tcp,53203,443,info,22,10,1484319064711690,1484319065635020,1484319065630720,0,0,1448,1448,19082,3110,0,105,59431.0,332646,83335.9,6944879104.0,3.8,"69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549",52,746.1,1500,703.8,495333.0,4.2,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500","6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0","6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0","4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
-1,ip4,192.168.1.7,23.246.3.140,tcp,53183,80,finished,17,15,1484319064590230,1484319066598421,1484319065741809,0,0,512,1448,1017,17969,0,5292,101928.1,730898,155663.8,24231225344.0,4.0,"30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720",52,648.3,1500,653.4,426995.3,4.2,"64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0","4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545",HTTP,7,0,Acceptable,Download,6,DPI,"4,12"
+1,ip4,192.168.1.7,23.246.3.140,tcp,53183,80,finished,17,15,1484319064590230,1484319066598421,1484319065741809,0,0,512,1448,1017,17969,0,5292,101928.1,730898,155663.8,24231225344.0,4.0,"30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720",52,648.3,1500,653.4,426995.3,4.2,"64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0","4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545",HTTP,7,0,Acceptable,Download,6,DPI,"12,54"
 1,ip4,192.168.1.7,52.41.30.5,tcp,53249,443,finished,16,16,1484319117826887,1484319118140455,1484319118145946,0,0,1448,1448,2205,9578,0,140,20407.3,141407,28956.2,838464256.0,3.9,"52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840",52,420.8,1500,506.4,256458.0,4.1,"64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707","12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"15"
 1,ip4,192.168.1.7,52.41.30.5,tcp,53239,443,info,17,15,1484319117605859,1484319118414034,1484319118767393,0,0,1448,1448,4896,7589,0,95,63539.0,500942,121518.7,14766798848.0,3.3,"58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945",52,442.8,1500,552.3,305076.8,4.0,"64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500","10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1","4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,""
 1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,""
diff --git a/test/results/flow-analyse/default/portable_executable.pcap.out b/test/results/flow-analyse/default/portable_executable.pcap.out
new file mode 100644
index 000000000..bab73746f
--- /dev/null
+++ b/test/results/flow-analyse/default/portable_executable.pcap.out
@@ -0,0 +1 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
diff --git a/test/results/flow-analyse/default/shell.pcap.out b/test/results/flow-analyse/default/shell.pcap.out
new file mode 100644
index 000000000..bab73746f
--- /dev/null
+++ b/test/results/flow-analyse/default/shell.pcap.out
@@ -0,0 +1 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
diff --git a/test/results/flow-analyse/default/starcraft_battle.pcap.out b/test/results/flow-analyse/default/starcraft_battle.pcap.out
index 428330260..ccbfae125 100644
--- a/test/results/flow-analyse/default/starcraft_battle.pcap.out
+++ b/test/results/flow-analyse/default/starcraft_battle.pcap.out
@@ -1,4 +1,4 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip4,192.168.1.100,87.248.221.254,tcp,3508,80,finished,16,16,1437389964790451,1437389964979632,1437389964979854,0,0,187,1460,187,20440,0,74,12212.4,72387,23706.7,562007808.0,2.8,"58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234",40,685.5,1500,719.0,516967.3,4.1,"52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500","15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.624014378,4.863714218,4.730640888,5.822455883,4.457919598,5.306115150,4.661768913,5.107864380,4.580640793,5.186793804,4.730640888,5.093457222,4.680640697,5.097416878,4.630640984,5.152558804,4.621928215,5.157567024,4.621928215,5.123836517,4.680641174,5.187242508,4.730640888,5.148094177,4.730640888,5.081175804,4.680641174,5.152382851,4.680641174,5.186464310,4.680641174,5.134456635",HTTP,7,0,Acceptable,Download,6,DPI,"4,16"
+1,ip4,192.168.1.100,87.248.221.254,tcp,3508,80,finished,16,16,1437389964790451,1437389964979632,1437389964979854,0,0,187,1460,187,20440,0,74,12212.4,72387,23706.7,562007808.0,2.8,"58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234",40,685.5,1500,719.0,516967.3,4.1,"52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500","15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.624014378,4.863714218,4.730640888,5.822455883,4.457919598,5.306115150,4.661768913,5.107864380,4.580640793,5.186793804,4.730640888,5.093457222,4.680640697,5.097416878,4.630640984,5.152558804,4.621928215,5.157567024,4.621928215,5.123836517,4.680641174,5.187242508,4.730640888,5.148094177,4.730640888,5.081175804,4.680641174,5.152382851,4.680641174,5.186464310,4.680641174,5.134456635",HTTP,7,0,Acceptable,Download,6,DPI,"16,54"
 1,ip4,192.168.1.100,213.248.127.130,tcp,3517,1119,finished,26,6,1437389982130449,1437389982733601,1437389982710820,0,0,195,743,893,1074,0,22,38178.2,166321,53269.1,2837592064.0,3.6,"52549,52614,94628,145687,24327,95105,95914,166321,70940,49609,160290,31197,128649,15235,41,28,25,24,29,35,25,23,24,30,27,23,28,23,22,29,22",40,102.4,783,136.0,18494.5,4.3,"52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63","23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.463548183,4.642490387,4.665311337,5.407479763,4.522393227,7.766187668,4.981687546,7.105029583,7.198122978,4.931687355,6.211636543,4.652828693,5.019042969,4.830181599,5.558794022,5.515064716,5.602522373,5.570774555,5.634266376,5.666012287,5.451573372,5.475538254,5.539031029,5.666014194,5.729505062,5.697759151,5.515064716,5.602520943,5.590539455,5.666013718,5.602520943,5.570777416",Starcraft,213,0,Fun,Game,6,DPI,""
 1,ip4,192.168.1.100,2.228.46.112,tcp,3527,80,finished,12,20,1437389985891466,1437389985995179,1437389985995168,0,0,149,1460,149,26280,0,65,6690.8,34324,13000.1,169003376.0,2.9,"32476,32510,1623,34324,1138,65,33880,153,130,283,141,278,419,213,122,339,108,139,244,139,597,734,100,131,232,130,134,265,32899,285,33184",40,866.8,1500,718.4,516058.3,4.3,"52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40","11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.545560837,4.801308632,4.730640888,5.763886929,4.501398087,5.907708645,7.721281052,4.730640888,7.812506199,7.777710438,4.730640888,7.794231415,7.742146015,4.680641174,7.749040604,7.800151825,4.680641174,7.781608105,7.754264832,4.730640888,7.783253193,7.795304775,4.730640888,7.746140480,7.751955986,4.680641174,7.805341244,7.749295712,4.730640888,7.808876514,7.796334743,4.680641174",HTTP,7,0,Acceptable,Web,6,DPI,""
diff --git a/test/results/flow-analyse/default/telegram_videocall.pcapng.out b/test/results/flow-analyse/default/telegram_videocall.pcapng.out
index a7b3c0cf9..6bf170e09 100644
--- a/test/results/flow-analyse/default/telegram_videocall.pcapng.out
+++ b/test/results/flow-analyse/default/telegram_videocall.pcapng.out
@@ -1,5 +1,5 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
 1,ip4,192.168.12.169,149.154.167.91,tcp,37950,443,finished,13,19,1648032336009996,1648032336391148,1648032336391586,0,0,884,1228,2636,13025,0,12,24604.6,126888,31047.4,963939136.0,3.9,"30731,31937,288,33006,35575,10197,44497,8215,4395,4095,48658,1376,3118,6445,36520,17815,50889,88402,126888,78673,32858,54,22,21,65506,275,2211,37,14,12,12",52,541.9,1280,516.1,266324.8,4.3,"60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280","6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1","4.759215832,5.200119972,5.156889439,7.326955795,6.678098679,5.118428230,7.754227638,7.716340542,7.727574825,6.586546898,6.619811058,5.118428230,7.671398640,6.924524307,7.207767487,5.154968739,7.392677784,7.317721844,5.308815479,6.654307365,5.270353794,7.858087063,7.839837551,7.851624012,7.845353127,5.195351601,5.195351601,7.846577168,7.826389313,7.858784676,7.859879017,7.849138260",Telegram,185,1,Acceptable,Chat,7,Match by IP,""
 1,ip4,192.168.12.169,149.154.167.222,tcp,40830,443,finished,13,19,1648032336638090,1648032336766698,1648032336786651,0,0,578,1228,1261,17676,0,13,8940.9,46767,14845.6,220392240.0,3.2,"30076,31371,312,583,31529,37,19,34994,157,6898,41656,13027,44,22,16,15,16,23,15,20,46767,55,14,127,880,6450,31944,44,19,13,26",52,644.3,1280,571.9,327061.8,4.3,"60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280","9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1","4.759216309,5.233454227,5.156889915,7.660384178,6.987750053,5.217375278,6.765834332,7.120079041,5.195351601,5.156889915,7.396682262,7.101703167,7.850454330,7.853686333,7.825681210,7.871449947,7.830209732,7.847279072,7.843949795,7.808338642,7.841329575,5.118428230,5.156889915,5.118428230,5.118428230,5.156889915,7.139685631,7.851319790,7.844550133,7.850350380,7.835945606,7.848772049",Telegram,185,1,Acceptable,Chat,7,Match by IP,""
-1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN,78,0,Acceptable,Network,6,DPI,"5"
+1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"5"
 1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,finished,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",Telegram,185,1,Acceptable,Chat,7,Match by IP,""
diff --git a/test/results/flow-analyse/default/waze.pcap.out b/test/results/flow-analyse/default/waze.pcap.out
index 5d3e5b1ca..5297f2f66 100644
--- a/test/results/flow-analyse/default/waze.pcap.out
+++ b/test/results/flow-analyse/default/waze.pcap.out
@@ -1,5 +1,5 @@
 flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
-1,ip4,10.8.0.1,65.39.128.135,tcp,54915,80,finished,16,16,1435587867755556,1435587873023451,1435587873023894,0,0,263,11779,263,60924,0,2041,339878.5,3680611,884676.9,782653259776.0,2.8,"3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477",40,1952.7,11819,3090.5,9551440.0,3.5,"60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40","15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174",HTTP,7,0,Acceptable,Download,6,DPI,"4"
+1,ip4,10.8.0.1,65.39.128.135,tcp,54915,80,finished,16,16,1435587867755556,1435587873023451,1435587873023894,0,0,263,11779,263,60924,0,2041,339878.5,3680611,884676.9,782653259776.0,2.8,"3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477",40,1952.7,11819,3090.5,9551440.0,3.5,"60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40","15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174",HTTP,7,0,Acceptable,Download,6,DPI,"54"
 1,ip4,10.8.0.1,46.51.173.182,tcp,36100,443,info,16,16,1435587868634159,1435587873119875,1435587873120117,0,0,536,5461,3221,13199,0,169,289408.8,1658841,505049.6,255075106816.0,3.3,"1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061",40,553.8,5501,1270.8,1615041.0,3.0,"60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40","5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1","4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7,8"
 1,ip4,10.8.0.1,52.17.114.219,tcp,39021,443,finished,16,16,1435587878215938,1435587880855977,1435587880856912,0,0,536,21888,1024,56070,0,475,170355.3,415925,135089.4,18249146368.0,4.4,"1325,1585,226918,227495,336533,387205,51299,1169,297221,297772,252519,309444,358705,415925,755,475,490,567,254342,305451,51846,52474,211304,161331,247956,249119,81326,79510,208662,209727,563",40,1824.8,21928,4660.8,21723256.0,2.6,"60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40","12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1","4.438340664,4.834184170,4.684184074,5.259868145,4.715312481,7.222858906,4.734184265,7.563067913,4.665312290,6.516509533,4.784184456,7.076688766,4.734184265,6.928961754,4.784184456,7.607337475,4.734184265,5.572360516,4.734184265,7.872128963,4.734184265,7.984007359,4.734184265,7.969620705,4.634184361,7.992324829,4.734184265,7.982760429,4.734183788,4.665311813,4.684184074,4.734184265",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7"
 1,ip4,10.8.0.1,176.34.186.180,tcp,36312,443,info,17,15,1435587878606407,1435587882306533,1435587880854651,0,0,536,11132,1238,41633,0,330,191882.9,1449192,279549.5,78147936256.0,3.8,"2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192",40,1380.3,11172,2994.0,8963944.0,2.9,"60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40","12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0","4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7"
diff --git a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out
index 93ec651e0..bd303e8e8 100644
--- a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out
@@ -2,6 +2,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_
 1,ip4,192.168.2.4,17.178.104.12,tcp,49201,443,info,18,14,1432582227604482,1432582229309355,1432582229616362,0,0,1440,1440,6486,6050,0,9,119895.3,712466,179472.3,32210292736.0,3.4,"281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952",40,432.9,1480,595.1,354099.2,3.8,"64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40","9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1","4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693",TLS.Apple,91.140,1,Safe,Web,6,DPI,"15"
 1,ip4,192.168.2.4,184.173.179.37,tcp,49202,5222,finished,17,15,1432582227643274,1432582230649748,1432582230614203,0,0,201,78,1159,445,0,0,192819.5,709350,172077.7,29610717184.0,4.4,"153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,0,204047",52,102.8,253,60.8,3698.6,4.8,"64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118","9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0","4.535581589,5.323234558,5.284870625,5.118428230,6.648615837,6.247110844,5.434191704,5.231892109,5.169486046,7.074976444,5.807060719,5.762281895,5.680767059,5.207947731,7.065171242,5.820694447,5.246409416,6.336829185,5.802911282,6.766283989,5.781786919,5.740469933,6.833239079,5.270353794,5.863435745,5.886964798,7.017980099,5.284870625,5.854554653,5.807495594,5.816376686,6.257439613",WhatsApp,142,1,Acceptable,Chat,6,DPI,""
 1,ip4,192.168.2.4,17.173.66.102,tcp,49204,443,finished,17,15,1432582230648273,1432582231572130,1432582231504448,0,0,1440,948,5225,2717,0,15,57420.4,246332,88943.3,7910914560.0,3.4,"139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179",40,289.3,1480,408.5,166890.9,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15"
-1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5"
+1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",SRTP.WhatsAppCall,338.45,1,Acceptable,VoIP,6,DPI,"5"
 1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5"
 1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15"
diff --git a/test/results/flow-analyse/stun_mapped_address_disabled/teams.pcap.out b/test/results/flow-analyse/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..1e1a3ab39
--- /dev/null
+++ b/test/results/flow-analyse/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,17 @@
+flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
+1,ip4,192.168.1.6,52.113.194.132,tcp,60533,443,info,15,17,1587041676435900,1587041676535873,1587041676535853,0,0,258,1452,757,10509,0,2,6449.2,29755,8827.8,77930416.0,3.7,"12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537",40,393.9,1492,548.1,300365.6,3.9,"64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40","10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0","4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.114.77.33,tcp,60532,443,info,23,9,1587041676362386,1587041676859269,1587041676859222,0,0,1428,1440,23115,4254,0,1,32055.5,221245,54144.2,2931591680.0,3.4,"43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3",52,907.9,1492,687.5,472618.5,4.4,"64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480","5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0","4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
+1,ip4,192.168.1.6,52.114.77.33,tcp,60535,443,finished,20,12,1587041677042751,1587041677328754,1587041677327352,0,0,1428,1440,15383,4699,0,2,18406.6,49836,21194.3,449200096.0,3.9,"45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321",52,680.6,1492,673.1,453031.8,4.2,"64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83","7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0","4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
+1,ip4,192.168.1.6,52.114.77.33,tcp,60543,443,info,21,11,1587041682369801,1587041682803345,1587041682803309,0,0,1428,1440,20291,4254,0,2,27969.4,152917,40324.3,1626047232.0,3.6,"50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765",52,819.7,1492,699.2,488828.9,4.3,"64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480","5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0","4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
+1,ip4,192.168.1.6,52.114.77.58,tcp,60545,443,finished,19,13,1587041682698689,1587041683063920,1587041683109441,0,0,1440,1452,2687,6860,0,7,25031.7,201410,47065.5,2215158784.0,3.2,"45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222",40,340.2,1492,510.3,260451.7,3.8,"64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82","11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1","4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.114.88.59,tcp,60547,443,finished,18,14,1587041683186164,1587041683511604,1587041683511700,0,0,1428,1440,2582,7792,0,2,20999.2,115070,31123.6,968681216.0,3.5,"34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185",52,377.2,1492,521.7,272149.2,3.9,"64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139","11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1","4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.113.194.132,tcp,60542,443,info,15,17,1587041682144166,1587041684314927,1587041684501131,0,0,521,1452,1329,7087,0,3,146055.7,2009785,489503.9,239614050304.0,1.7,"12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632",40,305.2,1492,468.1,219152.8,3.8,"64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345","9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1","4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",TLS.Microsoft365,91.219,1,Acceptable,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15"
+1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
+1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,finished,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,3,DPI (partial),""
+1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15"
+1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,""
+1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15"
+1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5"
diff --git a/test/results/flow-captured/caches_cfg/teams.pcap.out b/test/results/flow-captured/caches_cfg/teams.pcap.out
index 7a0343add..e2f4067c2 100644
--- a/test/results/flow-captured/caches_cfg/teams.pcap.out
+++ b/test/results/flow-captured/caches_cfg/teams.pcap.out
@@ -17,5 +17,5 @@ Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
 Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
-Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016
-Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036
+Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478
+Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478
diff --git a/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out
index 79c0e80d8..0247c3886 100644
--- a/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-captured/caches_global/lru_ipv6_caches.pcapng.out
@@ -1,2 +1,4 @@
 Flow 2 risky: udp 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 -> 3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27:60506
+Flow 7 risky: udp 2118:ec33:112b:7908:2c80:27ff:fef7:d71f:48415 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478
+Flow 12 risky: udp 3069:c624:1d42:9469:98b1:67ff:fe43:325:56131 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478
 Flow 3 risky: udp 2a2f:8509:1cb2:466d:ecbf:69d6:109c:608:62229 -> 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881
diff --git a/test/results/flow-captured/caches_global/teams.pcap.out b/test/results/flow-captured/caches_global/teams.pcap.out
index 7a0343add..e2f4067c2 100644
--- a/test/results/flow-captured/caches_global/teams.pcap.out
+++ b/test/results/flow-captured/caches_global/teams.pcap.out
@@ -17,5 +17,5 @@ Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
 Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
-Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016
-Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036
+Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478
+Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478
diff --git a/test/results/flow-captured/default/elf.pcap.out b/test/results/flow-captured/default/elf.pcap.out
new file mode 100644
index 000000000..658a3e527
--- /dev/null
+++ b/test/results/flow-captured/default/elf.pcap.out
@@ -0,0 +1,2 @@
+Flow 2 not-detected: tcp 127.0.0.1:41150 -> 127.0.0.1:33333
+Flow 1 not-detected: udp 127.0.0.1:60150 -> 127.0.0.1:33333
diff --git a/test/results/flow-captured/default/ftp.pcap.out b/test/results/flow-captured/default/ftp.pcap.out
index 859c0bfef..d8242ebed 100644
--- a/test/results/flow-captured/default/ftp.pcap.out
+++ b/test/results/flow-captured/default/ftp.pcap.out
@@ -1,3 +1,2 @@
 Flow 1 risky: tcp 192.168.1.212:50694 -> 90.130.70.73:21
 Flow 3 not-detected: tcp 192.168.1.212:50696 -> 90.130.70.73:24523
-Flow 2 risky: tcp 192.168.1.212:50695 -> 90.130.70.73:25685
diff --git a/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out
index 79c0e80d8..0247c3886 100644
--- a/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-captured/default/lru_ipv6_caches.pcapng.out
@@ -1,2 +1,4 @@
 Flow 2 risky: udp 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881 -> 3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27:60506
+Flow 7 risky: udp 2118:ec33:112b:7908:2c80:27ff:fef7:d71f:48415 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478
+Flow 12 risky: udp 3069:c624:1d42:9469:98b1:67ff:fe43:325:56131 -> 32fb:f967:681e:e96b:face:b00c::74fd:3478
 Flow 3 risky: udp 2a2f:8509:1cb2:466d:ecbf:69d6:109c:608:62229 -> 3991:72d:336e:65ec:c5bf:a5fa:83ad:23de:6881
diff --git a/test/results/flow-captured/default/portable_executable.pcap.out b/test/results/flow-captured/default/portable_executable.pcap.out
new file mode 100644
index 000000000..53f91eaea
--- /dev/null
+++ b/test/results/flow-captured/default/portable_executable.pcap.out
@@ -0,0 +1 @@
+Flow 1 not-detected: tcp 172.16.99.201:1732 -> 64.227.107.71:4444
diff --git a/test/results/flow-captured/default/shell.pcap.out b/test/results/flow-captured/default/shell.pcap.out
new file mode 100644
index 000000000..a84f36af1
--- /dev/null
+++ b/test/results/flow-captured/default/shell.pcap.out
@@ -0,0 +1,4 @@
+Flow 4 not-detected: tcp 127.0.0.1:54970 -> 127.0.0.1:33333
+Flow 1 not-detected: tcp 127.0.0.1:47638 -> 127.0.0.1:33333
+Flow 2 not-detected: udp 127.0.0.1:54112 -> 127.0.0.1:33333
+Flow 3 not-detected: udp 127.0.0.1:58538 -> 127.0.0.1:33333
diff --git a/test/results/flow-captured/default/stun_signal.pcapng.out b/test/results/flow-captured/default/stun_signal.pcapng.out
index dad2b24a0..44fe66f11 100644
--- a/test/results/flow-captured/default/stun_signal.pcapng.out
+++ b/test/results/flow-captured/default/stun_signal.pcapng.out
@@ -1,15 +1,15 @@
 Flow 14 risky: udp 192.168.12.169:43068 -> 18.195.131.143:61156
 Flow 3 risky: udp 192.168.12.169:47204 -> 35.158.183.167:443
-Flow 2 risky: udp 192.168.12.169:47204 -> 172.253.121.127:19302
 Flow 6 risky: udp 192.168.12.169:39518 -> 35.158.183.167:443
-Flow 1 risky: udp 192.168.12.169:39518 -> 172.253.121.127:19302
 Flow 23 risky: udp 192.168.12.169:47767 -> 18.195.131.143:61498
 Flow 9 risky: udp 192.168.12.169:43068 -> 35.158.183.167:443
 Flow 10 risky: udp 192.168.12.169:43068 -> 172.253.121.127:19302
 Flow 12 risky: udp 192.168.12.169:39950 -> 35.158.183.167:443
 Flow 11 risky: udp 192.168.12.169:39950 -> 172.253.121.127:19302
+Flow 20 risky: udp 192.168.12.169:37970 -> 35.158.122.211:3478
 Flow 22 risky: udp 192.168.12.169:47767 -> 18.195.131.143:54054
 Flow 17 risky: udp 192.168.12.169:47767 -> 35.158.122.211:443
 Flow 15 risky: udp 192.168.12.169:47767 -> 172.253.121.127:19302
 Flow 18 risky: udp 192.168.12.169:37970 -> 35.158.122.211:443
 Flow 16 risky: udp 192.168.12.169:37970 -> 172.253.121.127:19302
+Flow 19 risky: udp 192.168.12.169:47767 -> 35.158.122.211:3478
diff --git a/test/results/flow-captured/default/teams.pcap.out b/test/results/flow-captured/default/teams.pcap.out
index 7a0343add..e2f4067c2 100644
--- a/test/results/flow-captured/default/teams.pcap.out
+++ b/test/results/flow-captured/default/teams.pcap.out
@@ -17,5 +17,5 @@ Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
 Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
 Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
-Flow 81 risky: udp 52.114.252.8:3479 -> 192.168.1.6:50016
-Flow 80 risky: udp 52.114.252.21:3480 -> 192.168.1.6:50036
+Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478
+Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478
diff --git a/test/results/flow-captured/default/telegram_videocall.pcapng.out b/test/results/flow-captured/default/telegram_videocall.pcapng.out
index e0cc6941a..4184bab7a 100644
--- a/test/results/flow-captured/default/telegram_videocall.pcapng.out
+++ b/test/results/flow-captured/default/telegram_videocall.pcapng.out
@@ -1,8 +1,5 @@
 Flow 26 risky: udp 192.168.12.169:42405 -> 93.36.13.115:35393
 Flow 18 risky: udp 192.168.12.169:40643 -> 91.108.9.35:1400
-Flow 14 risky: udp 192.168.12.169:40906 -> 91.108.17.2:1400
-Flow 13 risky: udp 192.168.12.169:40906 -> 91.108.13.23:1400
-Flow 12 risky: udp 192.168.12.169:40906 -> 91.108.9.35:1400
 Flow 24 risky: udp 192.168.12.169:42405 -> 10.46.103.200:42554
 Flow 19 risky: udp 192.168.12.169:49667 -> 91.108.13.23:1400
 Flow 25 risky: udp 192.168.12.169:40906 -> 10.46.103.200:42554
@@ -11,6 +8,3 @@ Flow 20 risky: udp 192.168.12.169:49780 -> 91.108.17.2:1400
 Flow 22 risky: udp 192.168.12.169:37530 -> 91.108.13.23:1400
 Flow 34 midstream: tcp 18.195.162.93:443 -> 192.168.12.169:38956
 Flow 21 risky: udp 192.168.12.169:37849 -> 91.108.9.35:1400
-Flow 17 risky: udp 192.168.12.169:42197 -> 91.108.17.2:1400
-Flow 16 risky: udp 192.168.12.169:42197 -> 91.108.13.23:1400
-Flow 15 risky: udp 192.168.12.169:42197 -> 91.108.9.35:1400
diff --git a/test/results/flow-captured/default/wa_video.pcap.out b/test/results/flow-captured/default/wa_video.pcap.out
index 91366f18d..32d1e558c 100644
--- a/test/results/flow-captured/default/wa_video.pcap.out
+++ b/test/results/flow-captured/default/wa_video.pcap.out
@@ -1,4 +1,7 @@
 Flow 3 risky: udp 192.168.2.12:53688 -> 31.13.86.48:3478
 Flow 11 risky: udp 192.168.2.12:53688 -> 91.252.56.51:32641
 Flow 7 risky: udp 192.168.2.12:53688 -> 157.240.196.62:3478
+Flow 5 risky: udp 192.168.2.12:53688 -> 157.240.193.48:3478
+Flow 6 risky: udp 192.168.2.12:53688 -> 179.60.192.48:3478
+Flow 4 risky: udp 192.168.2.12:53688 -> 185.60.216.51:3478
 Flow 10 risky: udp 192.168.2.12:53688 -> 1.60.78.64:59491
diff --git a/test/results/flow-captured/stun_mapped_address_disabled/teams.pcap.out b/test/results/flow-captured/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..e2f4067c2
--- /dev/null
+++ b/test/results/flow-captured/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,21 @@
+Flow 7 risky: tcp 192.168.1.6:60535 -> 52.114.77.33:443
+Flow 48 risky: tcp 192.168.1.6:60559 -> 52.114.77.33:443
+Flow 64 risky: tcp 192.168.1.6:50018 -> 52.114.250.123:443
+Flow 78 risky: udp 93.71.110.205:16332 -> 192.168.1.6:50016
+Flow 67 risky: tcp 192.168.1.6:50021 -> 52.114.250.123:443
+Flow 43 risky: tcp 192.168.1.6:60554 -> 52.113.194.132:443
+Flow 76 risky: udp 192.168.1.6:50016 -> 192.168.0.4:50005
+Flow 77 risky: udp 192.168.1.6:50036 -> 192.168.0.4:50020
+Flow 36 risky: udp 192.168.1.6:61245 -> 192.168.1.1:53
+Flow 4 risky: tcp 192.168.1.6:60532 -> 52.114.77.33:443
+Flow 25 risky: tcp 192.168.1.6:60543 -> 52.114.77.33:443
+Flow 51 risky: tcp 192.168.1.6:60561 -> 52.114.77.33:443
+Flow 74 risky: tcp 192.168.1.6:60567 -> 52.114.77.136:443
+Flow 30 risky: tcp 192.168.1.6:60546 -> 167.99.215.164:4434
+Flow 61 risky: tcp 192.168.1.6:60566 -> 167.99.215.164:4434
+Flow 60 not-detected: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 60 midstream: tcp 151.11.50.139:2222 -> 192.168.1.6:54750
+Flow 79 risky: udp 93.71.110.205:16333 -> 192.168.1.6:50036
+Flow 10 risky: udp 192.168.1.6:64046 -> 192.168.1.1:53
+Flow 68 risky: udp 192.168.1.6:50016 -> 52.114.250.141:3478
+Flow 70 risky: udp 192.168.1.6:50036 -> 52.114.250.137:3478
diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/caches_cfg/teams.pcap.out
+++ b/test/results/flow-info/caches_cfg/teams.pcap.out
@@ -369,7 +369,7 @@
          detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
               new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
               new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
-         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
  detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
          detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
-         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
          detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
  detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
               new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
               new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
          detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
               new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
          detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+                   RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+                   RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
          detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
                    [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
                    [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
                    [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
          detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
  detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
              idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
              idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
              idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
                    RISK: Known Proto on Non Std Port
              idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
           guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+                   RISK: Susp Entropy
              idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
              idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
      not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
index 9fb54e98e..8d8174ec0 100644
--- a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
@@ -24,6 +24,8 @@
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
               new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144]
          detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][]
                    RISK: Unidirectional Traffic
@@ -43,8 +45,12 @@
                    RISK: Unidirectional Traffic
               new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
               new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
              idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
                    RISK: Unidirectional Traffic
              idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
@@ -60,9 +66,12 @@
              idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable]
              idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/caches_global/teams.pcap.out
+++ b/test/results/flow-info/caches_global/teams.pcap.out
@@ -369,7 +369,7 @@
          detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
               new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
               new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
-         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
  detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
          detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
-         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
          detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
  detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
               new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
               new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
          detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
               new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
          detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+                   RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+                   RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
          detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
                    [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
                    [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
                    [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
          detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
  detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
              idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
              idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
              idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
                    RISK: Known Proto on Non Std Port
              idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
           guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+                   RISK: Susp Entropy
              idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
              idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
      not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/default/1kxun.pcap.out
+++ b/test/results/flow-info/default/1kxun.pcap.out
@@ -427,7 +427,7 @@
               new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
          detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
  detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
          detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
               new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
              idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
                    RISK: Non-Printable/Invalid Chars Detected
           guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+                   RISK: Susp Entropy
              idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
               end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
                    RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
              idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
              idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/default/443-chrome.pcap.out b/test/results/flow-info/default/443-chrome.pcap.out
index 6d5d1ad07..8d6f2778e 100644
--- a/test/results/flow-info/default/443-chrome.pcap.out
+++ b/test/results/flow-info/default/443-chrome.pcap.out
@@ -3,6 +3,6 @@
      DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [MIDSTREAM]
           guessed: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [TLS][Unknown][Web][Safe]
-                   RISK: Unidirectional Traffic
+                   RISK: Susp Entropy, Unidirectional Traffic
              idle: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
index 3bfc7430e..dd73ed7ce 100644
--- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
@@ -214,6 +214,7 @@
           guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP][Google][Web][Acceptable][]
               end: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922]
           guessed: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
+                   RISK: Susp Entropy
              idle: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
              idle: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
index 65d33336d..57982e439 100644
--- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
@@ -122,5 +122,6 @@
              idle: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable]
              idle: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][Unknown][VoIP][Acceptable]
           guessed: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
+                   RISK: Susp Entropy
              idle: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/collectd.pcap.out b/test/results/flow-info/default/collectd.pcap.out
index f0d5e4fcd..3f3d358fb 100644
--- a/test/results/flow-info/default/collectd.pcap.out
+++ b/test/results/flow-info/default/collectd.pcap.out
@@ -19,8 +19,10 @@
               new: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826]
          detected: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable][devlap.fritz.box]
           guessed: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][Unknown][System][Acceptable][]
+                   RISK: Susp Entropy
              idle: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826]
           guessed: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] [collectd][Unknown][System][Acceptable][]
+                   RISK: Susp Entropy
              idle: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826]
               new: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826]
          detected: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable][devlap.fritz.box]
diff --git a/test/results/flow-info/default/dotenv.pcap.out b/test/results/flow-info/default/dotenv.pcap.out
index 40f476f3e..448aa097d 100644
--- a/test/results/flow-info/default/dotenv.pcap.out
+++ b/test/results/flow-info/default/dotenv.pcap.out
@@ -5,7 +5,7 @@
          detected: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Web][Acceptable][sevenpitaly.com]
                    RISK: Possible Exploit Attempt
  detection-update: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Download][Acceptable][sevenpitaly.com]
-                   RISK: Possible Exploit Attempt, Error Code, Binary Data Transfer Attemot
+                   RISK: Possible Exploit Attempt, Error Code, Binary file/data transfer (attempt)
               end: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Possible Exploit Attempt, Error Code, Binary Data Transfer Attemot
+                   RISK: Possible Exploit Attempt, Error Code, Binary file/data transfer (attempt)
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/elf.pcap.out b/test/results/flow-info/default/elf.pcap.out
new file mode 100644
index 000000000..98eb41eb7
--- /dev/null
+++ b/test/results/flow-info/default/elf.pcap.out
@@ -0,0 +1,12 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333]
+              new: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333]
+     not-detected: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Binary App Transfer
+              end: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333]
+     not-detected: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Binary App Transfer, Unidirectional Traffic
+             idle: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out
index 7c0a683d7..b04634f07 100644
--- a/test/results/flow-info/default/emotet.pcap.out
+++ b/test/results/flow-info/default/emotet.pcap.out
@@ -33,7 +33,7 @@
               new: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80]
          detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Web][Acceptable][gandhitoday.org]
  detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
-                   RISK: Binary App Transfer
+                   RISK: Binary App Transfer, Binary file/data transfer (attempt)
              idle: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
      DAEMON-EVENT: [Processed: 122 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
@@ -41,9 +41,9 @@
          detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Web][Acceptable][filmmogzivota.rs]
                    RISK: HTTP Susp User-Agent
  detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent
+                   RISK: Binary App Transfer, HTTP Susp User-Agent, Binary file/data transfer (attempt)
              idle: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary App Transfer, Binary file/data transfer (attempt)
               new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443]
          detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
                    RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
@@ -55,7 +55,7 @@
  detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
                    RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
              idle: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent
+                   RISK: Binary App Transfer, HTTP Susp User-Agent, Binary file/data transfer (attempt)
              idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
                    RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
               end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/default/exe_download.pcap.out b/test/results/flow-info/default/exe_download.pcap.out
index ee5e346f4..aa74f9c93 100644
--- a/test/results/flow-info/default/exe_download.pcap.out
+++ b/test/results/flow-info/default/exe_download.pcap.out
@@ -5,7 +5,7 @@
          detected: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Web][Acceptable][144.91.69.195]
                    RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable][144.91.69.195]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
+                   RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server, Binary file/data transfer (attempt)
              idle: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
+                   RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server, Binary file/data transfer (attempt)
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ftp.pcap.out b/test/results/flow-info/default/ftp.pcap.out
index d379ae187..e34743ca0 100644
--- a/test/results/flow-info/default/ftp.pcap.out
+++ b/test/results/flow-info/default/ftp.pcap.out
@@ -16,7 +16,6 @@
                    [ENTROPIES...: 4.2,5.3,4.9,5.6,4.9,5.4,5.2,5.7,4.9,5.2,5.1,5.7,4.9,5.0,5.0,5.6,4.8,5.0,5.5,5.3,4.9,4.9,5.2,5.7,4.9,5.0,4.9,5.6,5.6,4.9,5.1,5.7]
               new: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685]
          detected: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Unknown][Download][Acceptable]
-                   RISK: Known Proto on Non Std Port
               new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
           analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
                                          min|       max|       avg|    stddev|         variance|  entropy
@@ -33,5 +32,4 @@
               end: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
                    RISK: Unsafe Protocol, Clear-Text Credentials
               end: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Unknown][Download][Acceptable]
-                   RISK: Known Proto on Non Std Port
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out
index 6314c8103..1fec92df6 100644
--- a/test/results/flow-info/default/gnutella.pcap.out
+++ b/test/results/flow-info/default/gnutella.pcap.out
@@ -869,9 +869,9 @@
                    RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
               new: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058]
  detection-update: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][69.118.162.229]
-                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
  detection-update: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][189.147.72.83]
-                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
               new: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888]
          detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous]
                    RISK: Unsafe Protocol
@@ -7108,7 +7108,7 @@
              idle: [...123] [ip4][..tcp] [......10.0.2.15][50254] -> [..24.78.134.188][49046]
              idle: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
              idle: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous]
-                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
      not-detected: [....64] [ip4][..tcp] [......10.0.2.15][50223] -> [118.167.248.220][63108] [Unknown][Unknown][Unrated]
                    RISK: Unidirectional Traffic
              idle: [....64] [ip4][..tcp] [......10.0.2.15][50223] -> [118.167.248.220][63108]
@@ -7347,7 +7347,7 @@
               end: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Unknown][Download][Potentially Dangerous]
                    RISK: Unsafe Protocol
              idle: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous]
-                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+                   RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
              idle: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
                    RISK: Unsafe Protocol
              idle: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous]
diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out
index 9547ce50c..1f684621e 100644
--- a/test/results/flow-info/default/http_ipv6.pcap.out
+++ b/test/results/flow-info/default/http_ipv6.pcap.out
@@ -73,6 +73,7 @@
           guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Facebook][Web][Safe]
              idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443]
           guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Google][Web][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443]
           guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Google][Web][Safe]
              idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443]
diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out
index d22e00bdf..324365a57 100644
--- a/test/results/flow-info/default/instagram.pcap.out
+++ b/test/results/flow-info/default/instagram.pcap.out
@@ -193,6 +193,7 @@
               end: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80]
               end: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Unknown][Web][Safe]
           guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: Susp Entropy
               end: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80]
              idle: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun]
              idle: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
@@ -202,6 +203,7 @@
              idle: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
                    RISK: Obsolete TLS (v1.1 or older)
           guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP][Facebook][Web][Acceptable][]
+                   RISK: Susp Entropy
              idle: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216]
              idle: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
                    RISK: Obsolete TLS (v1.1 or older)
@@ -216,6 +218,7 @@
                    RISK: Obsolete TLS (v1.1 or older)
              idle: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
           guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: Susp Entropy
              idle: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151]
               end: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
              idle: [....12] [ip4][..tcp] [....31.13.93.52][..443] -> [..192.168.0.103][33934] [TLS][Facebook][Web][Safe]
@@ -225,6 +228,7 @@
      not-detected: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] [Unknown][Unknown][Unrated]
              idle: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520]
           guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Unknown][Web][Acceptable][]
+                   RISK: Susp Entropy
              idle: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562]
               new: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443]
               new: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443]
diff --git a/test/results/flow-info/default/kerberos.pcap.out b/test/results/flow-info/default/kerberos.pcap.out
index b64d1fa07..f7ae85f6e 100644
--- a/test/results/flow-info/default/kerberos.pcap.out
+++ b/test/results/flow-info/default/kerberos.pcap.out
@@ -52,8 +52,10 @@
               new: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88] [MIDSTREAM]
               new: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445] [MIDSTREAM]
      not-detected: [....11] [ip4][..tcp] [...172.16.8.201][49165] -> [.....172.16.8.8][49155] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [....11] [ip4][..tcp] [...172.16.8.201][49165] -> [.....172.16.8.8][49155]
      not-detected: [....26] [ip4][..tcp] [...172.16.8.201][49185] -> [.....172.16.8.8][49155] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [....26] [ip4][..tcp] [...172.16.8.201][49185] -> [.....172.16.8.8][49155]
              idle: [.....1] [ip4][..tcp] [...172.16.8.201][49157] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
              idle: [.....2] [ip4][..tcp] [...172.16.8.201][49158] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
@@ -70,6 +72,7 @@
              idle: [....13] [ip4][..tcp] [...172.16.8.201][49170] -> [.....172.16.8.8][...88]
              idle: [....14] [ip4][..tcp] [...172.16.8.201][49171] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
           guessed: [....15] [ip4][..tcp] [...172.16.8.201][49173] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
+                   RISK: Susp Entropy
              idle: [....15] [ip4][..tcp] [...172.16.8.201][49173] -> [.....172.16.8.8][...88]
           guessed: [....17] [ip4][..tcp] [...172.16.8.201][49175] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
              idle: [....17] [ip4][..tcp] [...172.16.8.201][49175] -> [.....172.16.8.8][...88]
@@ -93,23 +96,33 @@
           guessed: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
              idle: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88]
           guessed: [.....7] [ip4][..tcp] [...172.16.8.201][49161] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....7] [ip4][..tcp] [...172.16.8.201][49161] -> [.....172.16.8.8][..389]
           guessed: [....12] [ip4][..tcp] [...172.16.8.201][49169] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....12] [ip4][..tcp] [...172.16.8.201][49169] -> [.....172.16.8.8][..389]
           guessed: [....16] [ip4][..tcp] [...172.16.8.201][49172] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....16] [ip4][..tcp] [...172.16.8.201][49172] -> [.....172.16.8.8][..389]
           guessed: [....20] [ip4][..tcp] [...172.16.8.201][49179] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....20] [ip4][..tcp] [...172.16.8.201][49179] -> [.....172.16.8.8][..389]
           guessed: [....21] [ip4][..tcp] [...172.16.8.201][49180] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....21] [ip4][..tcp] [...172.16.8.201][49180] -> [.....172.16.8.8][..389]
           guessed: [....32] [ip4][..tcp] [...172.16.8.201][49191] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....32] [ip4][..tcp] [...172.16.8.201][49191] -> [.....172.16.8.8][..389]
           guessed: [....33] [ip4][..tcp] [...172.16.8.201][49193] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....33] [ip4][..tcp] [...172.16.8.201][49193] -> [.....172.16.8.8][..389]
           guessed: [.....5] [ip4][..tcp] [...172.16.8.201][49156] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....5] [ip4][..tcp] [...172.16.8.201][49156] -> [.....172.16.8.8][..445]
           guessed: [....19] [ip4][..tcp] [...172.16.8.201][49174] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....19] [ip4][..tcp] [...172.16.8.201][49174] -> [.....172.16.8.8][..445]
           guessed: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+                   RISK: Susp Entropy
              idle: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/kontiki.pcap.out b/test/results/flow-info/default/kontiki.pcap.out
index d80aaf2ef..b9df63015 100644
--- a/test/results/flow-info/default/kontiki.pcap.out
+++ b/test/results/flow-info/default/kontiki.pcap.out
@@ -36,6 +36,7 @@
      not-detected: [.....1] [ip4][..udp] [....10.25.32.59][19948] -> [255.255.255.255][19948] [Unknown][Unknown][Unrated]
              idle: [.....1] [ip4][..udp] [....10.25.32.59][19948] -> [255.255.255.255][19948]
      not-detected: [.....2] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.82][.1948] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [.....2] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.82][.1948]
              idle: [.....5] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.88][...80] [Kontiki][Unknown][Media][Potentially Dangerous]
                    RISK: Unsafe Protocol
diff --git a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
index 9fb54e98e..8d8174ec0 100644
--- a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
@@ -24,6 +24,8 @@
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
               new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144]
          detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][]
                    RISK: Unidirectional Traffic
@@ -43,8 +45,12 @@
                    RISK: Unidirectional Traffic
               new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
               new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
          detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
              idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
                    RISK: Unidirectional Traffic
              idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
@@ -60,9 +66,12 @@
              idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable]
              idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
              idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out
index 02d78dc9a..6cca6ebd9 100644
--- a/test/results/flow-info/default/netflix.pcap.out
+++ b/test/results/flow-info/default/netflix.pcap.out
@@ -162,7 +162,7 @@
          detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.145]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
           analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........:      0.004|     0.651|     0.082|     0.154|        23582.077|    3.600]
@@ -177,12 +177,12 @@
          detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Web][Acceptable][23.246.10.139]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Download][Acceptable][23.246.10.139]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               new: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80]
          detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable][23.246.3.140]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
           analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........:      0.002|     0.044|     0.018|     0.010|          100.655|    4.700]
@@ -213,7 +213,7 @@
          detected: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
          detected: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
          detected: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
@@ -223,31 +223,31 @@
          detected: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
          detected: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
          detected: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
          detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
           analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     2.098|     0.201|     0.403|       162731.114|    3.600]
@@ -375,13 +375,13 @@
          detected: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable][23.246.3.140]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               new: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443]
               new: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443]
               new: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53]
          detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
  detection-update: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
  detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
               new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443]
           analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
@@ -443,7 +443,7 @@
          detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.133]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
            update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
            update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
@@ -453,7 +453,7 @@
          detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
            update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
            update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
            update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
@@ -595,41 +595,41 @@
              idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
              idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
               end: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
               end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
               end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
diff --git a/test/results/flow-info/default/nintendo.pcap.out b/test/results/flow-info/default/nintendo.pcap.out
index 6ae46c3c5..416910ee0 100644
--- a/test/results/flow-info/default/nintendo.pcap.out
+++ b/test/results/flow-info/default/nintendo.pcap.out
@@ -123,7 +123,7 @@
              idle: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Unknown][Game][Fun]
              idle: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun]
           guessed: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] [AmazonAWS][AmazonAWS][Cloud][Acceptable]
-                   RISK: Unidirectional Traffic
+                   RISK: Susp Entropy, Unidirectional Traffic
              idle: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343]
               end: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun]
                    RISK: TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/default/portable_executable.pcap.out b/test/results/flow-info/default/portable_executable.pcap.out
new file mode 100644
index 000000000..973ba812c
--- /dev/null
+++ b/test/results/flow-info/default/portable_executable.pcap.out
@@ -0,0 +1,12 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444]
+              new: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652]
+     not-detected: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] [Unknown][Unknown][Unrated]
+                   RISK: Binary App Transfer
+             idle: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444]
+          guessed: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] [DNS][Unknown][Network][Acceptable][]
+                   RISK: Binary App Transfer, Malformed Packet
+             idle: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/pps.pcap.out b/test/results/flow-info/default/pps.pcap.out
index 70ebd04c1..1877cc50a 100644
--- a/test/results/flow-info/default/pps.pcap.out
+++ b/test/results/flow-info/default/pps.pcap.out
@@ -162,7 +162,7 @@
               new: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900]
          detected: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
  detection-update: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe][bcu.ff.avast.com]
-                   RISK: HTTP Susp User-Agent, HTTP Obsolete Server
+                   RISK: HTTP Susp User-Agent, HTTP Obsolete Server, Binary file/data transfer (attempt)
               new: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [MIDSTREAM]
          detected: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am]
               new: [....57] [ip4][..tcp] [..192.168.115.8][50488] -> [..223.26.106.20][...80] [MIDSTREAM]
@@ -196,7 +196,7 @@
  detection-update: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Web][Acceptable][223.26.106.66]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Unidirectional Traffic
  detection-update: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Download][Acceptable][223.26.106.66]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
               new: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900]
          detected: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
               new: [....66] [ip4][..tcp] [..192.168.115.8][50495] -> [.202.108.14.236][...80] [MIDSTREAM]
@@ -284,7 +284,7 @@
               new: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [MIDSTREAM]
          detected: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
  detection-update: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM]
          detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am]
               new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900]
@@ -294,7 +294,7 @@
               new: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [MIDSTREAM]
          detected: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
  detection-update: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [MIDSTREAM]
          detected: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Unknown][Web][Acceptable][]
                    RISK: HTTP Susp User-Agent, HTTP Obsolete Server
@@ -306,17 +306,17 @@
               new: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [MIDSTREAM]
          detected: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
  detection-update: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [MIDSTREAM]
          detected: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [HTTP][Unknown][Web][Acceptable][iplocation.geo.qiyi.com]
               new: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [MIDSTREAM]
          detected: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
  detection-update: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [MIDSTREAM]
          detected: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
  detection-update: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [MIDSTREAM]
          detected: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Unknown][Web][Acceptable][msg.video.qiyi.com]
               new: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [MIDSTREAM]
@@ -324,7 +324,7 @@
  detection-update: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Unknown][Web][Acceptable][msg.video.qiyi.com]
                    RISK: HTTP Obsolete Server
  detection-update: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [MIDSTREAM]
          detected: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Unknown][Streaming][Fun][api.cupid.iqiyi.com]
  detection-update: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Unknown][Streaming][Fun][api.cupid.iqiyi.com]
@@ -370,16 +370,16 @@
          detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun][preimage1.qiyipic.com]
               new: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [MIDSTREAM]
          detected: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent
+                   RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
  detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
-                   RISK: Binary App Transfer, HTTP Susp User-Agent, Unidirectional Traffic
+                   RISK: HTTP Susp User-Agent, Unidirectional Traffic, Binary file/data transfer (attempt)
  detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.Cybersec][AVAST][Cybersecurity][Safe][su.ff.avast.com]
-                   RISK: HTTP Susp User-Agent
+                   RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
      not-detected: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] [Unknown][Unknown][Unrated]
                    RISK: Unidirectional Traffic
              idle: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133]
              idle: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe]
-                   RISK: HTTP Susp User-Agent, HTTP Obsolete Server
+                   RISK: HTTP Susp User-Agent, HTTP Obsolete Server, Binary file/data transfer (attempt)
      not-detected: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] [Unknown][Unknown][Unrated]
                    RISK: Unidirectional Traffic
              idle: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006]
@@ -411,13 +411,13 @@
              idle: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Unknown][Web][Acceptable]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
              idle: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
      not-detected: [....32] [ip4][..udp] [..192.168.115.8][22793] -> [..114.47.91.129][22576] [Unknown][Unknown][Unrated]
                    RISK: Unidirectional Traffic
              idle: [....32] [ip4][..udp] [..192.168.115.8][22793] -> [..114.47.91.129][22576]
@@ -433,11 +433,11 @@
                    RISK: Unidirectional Traffic
              idle: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443]
              idle: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
              idle: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
              idle: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
@@ -458,6 +458,7 @@
      not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unknown][Unrated]
              idle: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956]
      not-detected: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793]
           guessed: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [HTTP][Unknown][Web][Acceptable][]
                    RISK: Unidirectional Traffic
@@ -499,7 +500,7 @@
              idle: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Unknown][Web][Acceptable]
                    RISK: HTTP Susp User-Agent, HTTP Obsolete Server
              idle: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.Cybersec][AVAST][Cybersecurity][Safe]
-                   RISK: HTTP Susp User-Agent
+                   RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
      not-detected: [....23] [ip4][..udp] [..192.168.115.8][22793] -> [.114.37.142.173][.1074] [Unknown][Unknown][Unrated]
                    RISK: Unidirectional Traffic
              idle: [....23] [ip4][..udp] [..192.168.115.8][22793] -> [.114.37.142.173][.1074]
@@ -576,6 +577,7 @@
              idle: [....17] [ip4][..udp] [..192.168.115.8][22793] -> [.111.117.101.81][10162]
              idle: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
      not-detected: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793]
      not-detected: [.....5] [ip4][..udp] [..192.168.115.8][22793] -> [...202.198.7.89][16039] [Unknown][Unknown][Unrated]
              idle: [.....5] [ip4][..udp] [..192.168.115.8][22793] -> [...202.198.7.89][16039]
diff --git a/test/results/flow-info/default/quickplay.pcap.out b/test/results/flow-info/default/quickplay.pcap.out
index 3244ce908..cbbe5a432 100644
--- a/test/results/flow-info/default/quickplay.pcap.out
+++ b/test/results/flow-info/default/quickplay.pcap.out
@@ -41,14 +41,14 @@
          detected: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun][hkextshort.weixin.qq.com]
                    RISK: Known Proto on Non Std Port
  detection-update: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
  detection-update: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun][hkextshort.weixin.qq.com]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
               new: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [MIDSTREAM]
          detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun][hkextshort.weixin.qq.com]
                    RISK: Known Proto on Non Std Port
  detection-update: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
           analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........:      0.183|     5.871|     2.460|     1.331|      1772261.736|    4.700]
@@ -63,13 +63,13 @@
          detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun][hkminorshort.weixin.qq.com]
                    RISK: Known Proto on Non Std Port
  detection-update: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkminorshort.weixin.qq.com]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
               new: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [MIDSTREAM]
          detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable][api.account.xiaomi.com]
               new: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [MIDSTREAM]
          detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable][vod-singtelhawk.quickplay.com]
               end: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
               new: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [MIDSTREAM]
          detected: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable][vod-singtelhawk.quickplay.com]
               new: [....19] [ip4][..tcp] [..10.54.169.250][52019] -> [...120.28.35.40][...80] [MIDSTREAM]
@@ -84,9 +84,9 @@
              idle: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun]
                    RISK: Known Proto on Non Std Port
              idle: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
              idle: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
              idle: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Unknown][Streaming][Acceptable]
              idle: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][Web][Acceptable]
              idle: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable]
@@ -100,6 +100,6 @@
              idle: [.....4] [ip4][..tcp] [..10.54.169.250][52285] -> [..173.252.74.22][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun]
              idle: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun]
              idle: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
-                   RISK: Binary App Transfer, Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
              idle: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [HTTP][Unknown][Streaming][Acceptable]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/riot.pcapng.out b/test/results/flow-info/default/riot.pcapng.out
index 5386bea30..a0388ef6d 100644
--- a/test/results/flow-info/default/riot.pcapng.out
+++ b/test/results/flow-info/default/riot.pcapng.out
@@ -9,7 +9,7 @@
  detection-update: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun][]
                    RISK: Unidirectional Traffic
           guessed: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817] [TLS][AmazonAWS][Web][Safe]
-                   RISK: Unidirectional Traffic
+                   RISK: Susp Entropy, Unidirectional Traffic
              idle: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817]
              idle: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun]
                    RISK: Unidirectional Traffic
diff --git a/test/results/flow-info/default/shell.pcap.out b/test/results/flow-info/default/shell.pcap.out
new file mode 100644
index 000000000..a8902a531
--- /dev/null
+++ b/test/results/flow-info/default/shell.pcap.out
@@ -0,0 +1,20 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333]
+              new: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333]
+              new: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333]
+              new: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333]
+     not-detected: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Possible Exploit Attempt
+              end: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333]
+     not-detected: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Possible Exploit Attempt
+              end: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333]
+     not-detected: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Possible Exploit Attempt, Unidirectional Traffic
+             idle: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333]
+     not-detected: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+                   RISK: Possible Exploit Attempt, Unidirectional Traffic
+             idle: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out
index 0063aa839..b710f8d60 100644
--- a/test/results/flow-info/default/starcraft_battle.pcap.out
+++ b/test/results/flow-info/default/starcraft_battle.pcap.out
@@ -47,7 +47,7 @@
          detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Web][Acceptable][llnw.blizzard.com]
                    RISK: Susp DGA Domain name
  detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
-                   RISK: Binary App Transfer, Susp DGA Domain name
+                   RISK: Susp DGA Domain name, Binary file/data transfer (attempt)
           analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     0.072|     0.012|     0.024|          562.008|    2.800]
@@ -212,7 +212,7 @@
               end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443]
              idle: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
               end: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer, Susp DGA Domain name
+                   RISK: Susp DGA Domain name, Binary file/data transfer (attempt)
           guessed: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [TLS][Unknown][Web][Safe]
                    RISK: Unidirectional Traffic, TCP Connection Issues
               end: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476]
diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out
index 03a937b31..94036af3b 100644
--- a/test/results/flow-info/default/stun_signal.pcapng.out
+++ b/test/results/flow-info/default/stun_signal.pcapng.out
@@ -33,6 +33,10 @@
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
  detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
               new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478]
          detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
               new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443]
@@ -49,6 +53,18 @@
                    RISK: Known Proto on Non Std Port
               new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478]
          detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
               new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156]
          detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
@@ -76,11 +92,11 @@
            update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
            update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+                   RISK: Known Proto on Non Std Port
            update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
            update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+                   RISK: Known Proto on Non Std Port
            update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
            update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
               new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302]
@@ -95,12 +111,30 @@
               new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443]
          detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478]
          detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
               new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478]
          detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
+ detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
               new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169]
          detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
+ detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
+ detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
               new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054]
          detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
@@ -119,13 +153,13 @@
                    [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8]
            update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
            update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
            update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
            update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
            update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
            update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
            update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
@@ -133,7 +167,7 @@
              idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
              idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
              idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
@@ -141,23 +175,23 @@
              idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+                   RISK: Known Proto on Non Std Port
              idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
-             idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
              idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
              idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
              idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
diff --git a/test/results/flow-info/default/stun_wa_call.pcapng.out b/test/results/flow-info/default/stun_wa_call.pcapng.out
index 373cf7725..c76506e55 100644
--- a/test/results/flow-info/default/stun_wa_call.pcapng.out
+++ b/test/results/flow-info/default/stun_wa_call.pcapng.out
@@ -77,6 +77,10 @@
               new: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107]
          detected: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156]
          detected: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable]
            update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
@@ -89,8 +93,8 @@
              idle: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
              idle: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
              idle: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
-             idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
              idle: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/default/teams.pcap.out
+++ b/test/results/flow-info/default/teams.pcap.out
@@ -369,7 +369,7 @@
          detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
               new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
               new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
-         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
  detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
          detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
               new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
-         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
          detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
  detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
                    RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
               new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
               new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
          detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
               new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
          detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+                   RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+                   RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
               new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
          detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
                    [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
                    [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
                    [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
          detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
  detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
              idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
              idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
              idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
              idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
                    RISK: Known Proto on Non Std Port
              idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
           guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+                   RISK: Susp Entropy
              idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
              idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
      not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out
index b51a9755a..d21678e9e 100644
--- a/test/results/flow-info/default/telegram_videocall.pcapng.out
+++ b/test/results/flow-info/default/telegram_videocall.pcapng.out
@@ -91,24 +91,24 @@
  detection-update: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
                    RISK: Known Proto on Non Std Port
               new: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554]
-         detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+         detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
               new: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554]
-         detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+         detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
               new: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393]
-         detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable][]
+         detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
               new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393]
-         detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable][]
+         detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
- detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
          detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
-          analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+          analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     0.475|     0.052|     0.095|         9109.989|    3.600]
                    [PKTLEN......:     49.000|   265.000|   106.200|    48.900|         2396.000|    4.900]
@@ -167,7 +167,7 @@
                    RISK: Known Proto on Non Std Port
              idle: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
-             idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable]
+             idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
              idle: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
@@ -179,11 +179,11 @@
              idle: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
              idle: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
-             idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable]
+             idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
-             idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+             idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
@@ -197,7 +197,7 @@
              idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222]
              idle: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
-             idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+             idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
index 54c925f2d..2d0586881 100644
--- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
@@ -55,11 +55,11 @@
          detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
  detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
  detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
-                   RISK: HTTP Susp Header
+                   RISK: HTTP Susp Header, Binary file/data transfer (attempt)
               new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80]
          detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
  detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
-                   RISK: HTTP Susp Header
+                   RISK: HTTP Susp Header, Binary file/data transfer (attempt)
               new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM]
               new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53]
          detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
@@ -136,9 +136,9 @@
              idle: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
              idle: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable]
               end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe]
-                   RISK: HTTP Susp Header
+                   RISK: HTTP Susp Header, Binary file/data transfer (attempt)
               end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe]
-                   RISK: HTTP Susp Header
+                   RISK: HTTP Susp Header, Binary file/data transfer (attempt)
              idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe]
              idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe]
              idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
@@ -178,6 +178,7 @@
              idle: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
               end: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
      not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unrated]
+                   RISK: Susp Entropy
              idle: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367]
              idle: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe]
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wa_video.pcap.out b/test/results/flow-info/default/wa_video.pcap.out
index ad11e60f8..c0ba900b5 100644
--- a/test/results/flow-info/default/wa_video.pcap.out
+++ b/test/results/flow-info/default/wa_video.pcap.out
@@ -59,6 +59,12 @@
               new: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641]
          detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
           analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     1.979|     0.150|     0.383|       146861.081|    2.700]
@@ -89,7 +95,8 @@
              idle: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
           guessed: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
              idle: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wa_voice.pcap.out b/test/results/flow-info/default/wa_voice.pcap.out
index 3c65b278b..de43affaf 100644
--- a/test/results/flow-info/default/wa_voice.pcap.out
+++ b/test/results/flow-info/default/wa_voice.pcap.out
@@ -99,6 +99,8 @@
               new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328]
          detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
           analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|    12.196|     1.588|     3.050|      9304956.469|    3.200]
@@ -112,6 +114,10 @@
               new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282]
          detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
           analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     1.204|     0.182|     0.229|        52393.320|    4.200]
@@ -154,7 +160,7 @@
              idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
              idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
              idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
              idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
              idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out
index 753e6544a..d7404cdef 100644
--- a/test/results/flow-info/default/waze.pcap.out
+++ b/test/results/flow-info/default/waze.pcap.out
@@ -28,7 +28,7 @@
  detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][]
                    RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
  detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable][xtra1.gpsonextra.net]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80]
               new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80]
          detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com]
@@ -211,7 +211,7 @@
           guessed: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][]
               end: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80]
               end: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
           guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][]
               end: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80]
           guessed: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out
index a9fd8499b..4d8acc25f 100644
--- a/test/results/flow-info/default/wechat.pcap.out
+++ b/test/results/flow-info/default/wechat.pcap.out
@@ -216,6 +216,7 @@
                    [PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480]
                    [ENTROPIES...: 4.7,5.2,5.1,5.9,5.1,6.8,5.0,7.6,5.0,6.4,6.1,7.8,7.4,5.1,7.1,7.8,7.6,5.1,7.9,7.0,5.0,7.8,7.4,5.1,7.1,5.0,7.8,7.9,5.1,7.9,5.1,7.9]
           guessed: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] [TLS][Unknown][Web][Safe]
+                   RISK: Susp Entropy
               end: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084]
           guessed: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe]
               end: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443]
diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out
index 1bfa784db..99e555b67 100644
--- a/test/results/flow-info/default/weibo.pcap.out
+++ b/test/results/flow-info/default/weibo.pcap.out
@@ -201,6 +201,7 @@
              idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
              idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
           guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361]
               end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun]
           guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][]
@@ -210,6 +211,7 @@
           guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS][Google][Web][Safe]
              idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443]
           guessed: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [QUIC][Google][Web][Acceptable]
+                   RISK: Susp Entropy
              idle: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443]
              idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
              idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun]
diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out
index afae754b5..25c80512f 100644
--- a/test/results/flow-info/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out
@@ -126,7 +126,11 @@
               new: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344]
          detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
-          analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ detection-update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+          analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     0.352|     0.131|     0.070|         4931.355|    4.700]
                    [PKTLEN......:     50.000|   337.000|   199.000|    98.800|         9763.600|    4.800]
@@ -210,6 +214,8 @@
               new: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665]
          detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
                    RISK: Known Proto on Non Std Port
+ detection-update: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
           analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     0.307|     0.114|     0.086|         7398.241|    4.500]
@@ -220,11 +226,11 @@
                    [IATS(ms)....: 304.3,307.4,8.4,89.9,31.9,6.5,226.2,154.2,0.0,188.0,0.3,163.9,163.4,160.1,21.8,153.7,0.1,168.1,122.6,138.9,158.5,186.7,16.2,65.9,114.2,83.7,193.2,164.5,1.3,77.1,55.4]
                    [PKTLENS.....: 72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]
                    [ENTROPIES...: 5.6,5.6,5.6,5.5,5.6,6.3,6.4,7.3,6.7,5.2,7.0,6.6,7.1,7.0,6.2,6.5,6.6,5.2,6.7,6.6,6.7,6.7,6.7,6.4,6.3,6.5,6.9,6.5,6.9,5.2,6.6,6.7]
-           update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+           update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
            update: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
            update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               new: [....56] [ip4][..tcp] [....192.168.2.4][49197] -> [..17.167.142.39][..443] [MIDSTREAM]
            update: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
            update: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
@@ -294,13 +300,13 @@
                    RISK: Known Proto on Non Std Port
            update: [....33] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
            update: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
            update: [....34] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
-           update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+           update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
            update: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
            update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
              idle: [.....1] [ip4][..tcp] [....192.168.2.4][49199] -> [..17.172.100.70][..993] [IMAPS][Apple][Email][Safe]
           guessed: [....35] [ip4][..tcp] [....192.168.2.4][49194] -> [..93.62.150.157][..443] [TLS][Unknown][Web][Safe]
@@ -328,11 +334,11 @@
              idle: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
               end: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable]
              idle: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
              idle: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Apple][Cloud][Acceptable]
              idle: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
              idle: [....34] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
-             idle: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+             idle: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
                    RISK: Known Proto on Non Std Port
              idle: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe]
               end: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe]
@@ -355,7 +361,7 @@
               end: [....21] [ip4][..tcp] [....192.168.2.4][49181] -> [..17.172.100.37][..443]
              idle: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
              idle: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
-                   RISK: Known Proto on Non Std Port
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
               end: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
                    RISK: TLS (probably) Not Carrying HTTPS
              idle: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
diff --git a/test/results/flow-info/default/windowsupdate_over_http.pcap.out b/test/results/flow-info/default/windowsupdate_over_http.pcap.out
index f1718be34..f4e62aff6 100644
--- a/test/results/flow-info/default/windowsupdate_over_http.pcap.out
+++ b/test/results/flow-info/default/windowsupdate_over_http.pcap.out
@@ -3,7 +3,7 @@
          detected: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][SoftwareUpdate][Safe][151.99.72.125]
                    RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
  detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe][151.99.72.125]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
              idle: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe]
-                   RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
      DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out
index f9af59cca..f7f50d8cc 100644
--- a/test/results/flow-info/default/zoom.pcap.out
+++ b/test/results/flow-info/default/zoom.pcap.out
@@ -195,6 +195,7 @@
              idle: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable]
              idle: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [SRTP.Zoom][Unknown][Video][Acceptable]
           guessed: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [HTTP][Google][Web][Acceptable][]
+                   RISK: Susp Entropy
              idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80]
              idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable]
              idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Zoom][Video][Acceptable]
diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
@@ -427,7 +427,7 @@
               new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
          detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
  detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
          detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
               new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
              idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
                    RISK: Non-Printable/Invalid Chars Detected
           guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+                   RISK: Susp Entropy
              idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
               end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
                    RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
              idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
              idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
@@ -427,7 +427,7 @@
               new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
          detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
  detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
               new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
          detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
               new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
              idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
                    RISK: Non-Printable/Invalid Chars Detected
           guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+                   RISK: Susp Entropy
              idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
               end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
                    RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
              idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
-                   RISK: Binary App Transfer
+                   RISK: Binary file/data transfer (attempt)
              idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
              idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
              idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out b/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..9c24be31a
--- /dev/null
+++ b/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,573 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
+         detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
+      ERROR-EVENT: Unknown packet type [1/16]
+              new: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [MIDSTREAM]
+      ERROR-EVENT: Unknown packet type [2/16]
+      ERROR-EVENT: Unknown packet type [3/16]
+      ERROR-EVENT: Unknown packet type [4/16]
+      ERROR-EVENT: Unknown packet type [5/16]
+      ERROR-EVENT: Unknown packet type [6/16]
+              new: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53]
+         detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+              new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443]
+              new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443]
+         detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+         detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+          analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.030|     0.006|     0.009|           77.930|    3.700]
+                   [PKTLEN......:     40.000|  1492.000|   393.900|   548.100|       300365.600|    3.900]
+                   [BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0]
+                   [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5]
+                   [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]
+                   [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7]
+ detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+      ERROR-EVENT: Unknown packet type [7/16]
+              new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443]
+         detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+          analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.221|     0.032|     0.054|         2931.592|    3.400]
+                   [PKTLEN......:     52.000|  1492.000|   907.900|   687.500|       472618.500|    4.400]
+                   [BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
+                   [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0]
+                   [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0]
+                   [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]
+                   [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9]
+              new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443]
+         detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443]
+         detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+          analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.050|     0.018|     0.021|          449.200|    3.900]
+                   [PKTLEN......:     52.000|  1492.000|   680.600|   673.100|       453031.800|    4.200]
+                   [BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0]
+                   [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0]
+                   [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3]
+                   [PKTLENS.....: 64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]
+                   [ENTROPIES...: 4.3,5.2,5.0,6.0,7.3,7.7,5.1,7.3,5.0,6.0,5.7,5.1,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.8,5.1,5.2,5.2,7.5,5.0,5.3]
+      ERROR-EVENT: Unknown packet type [8/16]
+      ERROR-EVENT: Unknown packet type [9/16]
+              new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443]
+         detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+      ERROR-EVENT: Unknown packet type [10/16]
+              new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53]
+         detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+              new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
+         detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+              new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
+         detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+      ERROR-EVENT: Unknown packet type [11/16]
+      ERROR-EVENT: Unknown packet type [12/16]
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+                   RISK: Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+                   RISK: Error Code
+              new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
+         detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
+              new: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [MIDSTREAM]
+         detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
+      ERROR-EVENT: Unknown packet type [13/16]
+              new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53]
+         detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+      ERROR-EVENT: Unknown packet type [14/16]
+      ERROR-EVENT: Unknown packet type [15/16]
+              new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53]
+         detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com]
+              new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53]
+         detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+              new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443]
+ detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com]
+              new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443]
+         detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+         detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ detection-update: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+              new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443]
+              new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443]
+         detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+         detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+              new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53]
+         detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detection-update: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+              new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443]
+         detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+ detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+              new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53]
+         detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+              new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443]
+ detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+              new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443]
+         detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+         detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
+ detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
+ detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+      ERROR-EVENT: Unknown packet type [16/16]
+              new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53]
+         detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+ detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+              new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443]
+              new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM]
+         detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
+         detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
+ detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
+          analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.153|     0.028|     0.040|         1626.047|    3.600]
+                   [PKTLEN......:     52.000|  1492.000|   819.700|   699.200|       488828.900|    4.300]
+                   [BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0]
+                   [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0]
+                   [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8]
+                   [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480]
+                   [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9]
+              new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434]
+         detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+                   RISK: Known Proto on Non Std Port
+          analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.201|     0.025|     0.047|         2215.159|    3.200]
+                   [PKTLEN......:     40.000|  1492.000|   340.200|   510.300|       260451.700|    3.800]
+                   [BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1]
+                   [IATS(ms)....: 45.7,45.8,0.2,47.9,0.0,47.7,0.0,0.1,0.2,0.1,0.2,9.9,9.9,3.5,10.4,0.4,51.4,37.1,0.2,0.2,0.2,7.1,7.0,1.3,1.2,79.2,201.4,0.0,0.0,167.5,0.2]
+                   [PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]
+                   [ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4]
+              new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53]
+         detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+ detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+              new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443]
+         detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
+              new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443]
+         detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+          analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.115|     0.021|     0.031|          968.681|    3.500]
+                   [PKTLEN......:     52.000|  1492.000|   377.200|   521.700|       272149.200|    3.900]
+                   [BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
+                   [BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1]
+                   [IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2]
+                   [PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]
+                   [ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8]
+              new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53]
+         detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+              new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443]
+         detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
+ detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
+          analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     2.010|     0.146|     0.490|       239614.050|    1.700]
+                   [PKTLEN......:     40.000|  1492.000|   305.200|   468.100|       219152.800|    3.800]
+                   [BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1]
+                   [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6]
+                   [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]
+                   [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
+          analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.540|     0.024|     0.095|         8949.939|    1.900]
+                   [PKTLEN......:     40.000|  1492.000|   331.500|   473.500|       224192.200|    3.900]
+                   [BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+                   [BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0]
+                   [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3]
+                   [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]
+                   [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0]
+              new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53]
+         detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+              new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53]
+         detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+              new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53]
+         detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+              new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53]
+         detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
+ detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+              new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443]
+ detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
+ detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+                   RISK: Minor Issues
+              new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53]
+         detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+ detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+              new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443]
+              new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443]
+              new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53]
+         detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+              new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443]
+              new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443]
+         detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+         detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+         detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+         detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+         detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+          analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.154|     0.015|     0.036|         1274.324|    2.800]
+                   [PKTLEN......:     40.000|  1492.000|   585.700|   671.400|       450756.000|    4.000]
+                   [BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1]
+                   [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2]
+                   [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]
+                   [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9]
+              new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443]
+         detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443]
+         detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+          analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.053|     0.020|     0.022|          492.470|    3.900]
+                   [PKTLEN......:     52.000|  1492.000|   640.900|   667.900|       446080.700|    4.100]
+                   [BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
+                   [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0]
+                   [IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1]
+                   [PKTLENS.....: 64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]
+                   [ENTROPIES...: 4.4,5.3,4.9,6.0,7.3,7.3,5.1,4.9,7.6,5.0,5.9,5.7,5.0,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.8,7.9,5.1,7.8,5.1,5.2,7.6,5.1,5.3,5.0]
+              new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621]
+         detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
+              new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443]
+         detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+              new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443]
+         detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53]
+         detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
+ detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
+              new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443]
+         detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com]
+ detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+          analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.126|     0.019|     0.032|         1006.354|    3.400]
+                   [PKTLEN......:     52.000|  1492.000|   345.200|   499.900|       249913.200|    3.900]
+                   [BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
+                   [BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0]
+                   [IATS(ms)....: 29.5,29.6,0.2,45.7,0.2,45.7,0.1,0.1,0.1,0.1,0.0,0.1,0.6,23.2,0.2,30.2,0.0,6.1,0.0,0.2,22.9,22.6,1.5,1.4,2.9,0.0,32.7,0.2,30.1,125.5,125.6]
+                   [PKTLENS.....: 64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]
+                   [ENTROPIES...: 4.4,5.2,4.9,5.6,7.4,7.5,4.9,7.4,4.9,4.8,7.6,7.1,5.0,5.9,6.3,7.4,5.6,6.1,4.9,4.9,5.4,5.6,4.9,7.5,5.0,7.9,6.1,5.1,5.7,5.0,7.5,4.9]
+              new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53]
+         detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
+ detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
+              new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
+          analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.162|     0.032|     0.044|         1964.919|    3.600]
+                   [PKTLEN......:     52.000|  1492.000|   736.700|   694.000|       481656.100|    4.200]
+                   [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
+                   [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+                   [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1]
+                   [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7]
+                   [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52]
+                   [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2]
+         detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com]
+              new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53]
+         detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+ detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+              new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443]
+         detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ detection-update: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+              new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53]
+         detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+              new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443]
+         detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
+ detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
+          analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.277|     0.019|     0.049|         2449.644|    2.900]
+                   [PKTLEN......:     52.000|  1492.000|   370.200|   512.100|       262257.700|    3.900]
+                   [BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1]
+                   [IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9]
+                   [PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
+                   [ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
+          analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     8.978|     0.329|     1.582|      2503841.415|    0.800]
+                   [PKTLEN......:     40.000|  1492.000|   339.200|   486.100|       236250.500|    3.900]
+                   [BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1]
+                   [IATS(ms)....: 47.1,47.2,0.5,44.4,0.0,43.9,0.0,0.0,0.2,0.1,0.0,0.2,0.0,4.4,9.7,0.3,46.5,32.1,0.5,0.4,0.1,18.9,1.4,20.2,62.9,403.2,425.0,8978.2,0.0,0.0,0.0]
+                   [PKTLENS.....: 64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]
+                   [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5]
+              new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM]
+              new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434]
+         detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+                   RISK: Known Proto on Non Std Port
+              new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
+              new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478]
+         detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+              new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443]
+              new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53]
+         detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+         detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478]
+         detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+              new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
+              new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
+         detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
+         detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+         detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
+         detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+              new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
+         detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
+              new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
+              new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
+         detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
+         detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153]
+                   RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
+ detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152]
+                   RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+ detection-update: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153]
+                   RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+              new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443]
+              new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53]
+         detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+         detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005]
+         detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+              new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020]
+         detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+              new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016]
+         detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+              new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
+         detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+                   RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+                   RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+              new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
+         detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+              new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016]
+         detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+          analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     1.567|     0.072|     0.275|        75449.426|    1.900]
+                   [PKTLEN......:     40.000|  1492.000|   256.900|   427.000|       182315.300|    3.700]
+                   [BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1]
+                   [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
+                   [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
+                   [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+              new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
+         detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+              new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
+         detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
+          analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     1.168|     0.160|     0.366|       133702.353|    2.700]
+                   [PKTLEN......:     66.000|  1242.000|   253.400|   374.400|       140199.200|    4.000]
+                   [BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [IATS(ms)....: 24.8,0.2,101.3,1168.2,1167.0,967.1,50.8,1119.2,0.0,0.0,51.0,80.3,2.0,2.7,3.7,0.0,0.0,0.0,10.7,24.2,9.3,21.5,4.5,19.9,25.3,9.2,24.4,24.6,9.5,26.0,24.3]
+                   [PKTLENS.....: 140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]
+                   [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2]
+             idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+              end: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
+              end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+             idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+             idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+             idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+             idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+             idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
+             idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+                   RISK: Minor Issues
+             idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable]
+              end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe]
+             idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+             idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+             idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe]
+             idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+              end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
+             idle: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
+             idle: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
+              end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+              end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
+             idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe]
+                   RISK: TLS (probably) Not Carrying HTTPS
+             idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
+             idle: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+          guessed: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+                   RISK: Unidirectional Traffic
+              end: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443]
+             idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable]
+             idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
+             idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+              end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe]
+                   RISK: Known Proto on Non Std Port
+             idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+             idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe]
+                   RISK: Known Proto on Non Std Port
+             idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+          guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+                   RISK: Susp Entropy
+             idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
+             idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+     not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
+             idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
+             idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+             idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+             idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+             idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable]
+             idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
+             idle: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
+             idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe]
+                   RISK: Error Code
+             idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+             idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+             idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+                   RISK: Known Proto on Non Std Port
+             idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+              end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+              end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+              end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+              end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
+             idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable]
+             idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+             idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+             idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+             idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe]
+             idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+             idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+             idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+             idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/flow_risk_lists_disable/protonvpn.pcap.out
index 38464fe7a..0e749783f 100644
--- a/test/results/flow_risk_lists_disable/protonvpn.pcap.out
+++ b/test/results/flow_risk_lists_disable/protonvpn.pcap.out
@@ -1,4 +1,4 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="}
 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="}
@@ -15,14 +15,14 @@
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="}
-00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682}
+00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682}
 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="}
 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ProtonVPN","proto_id":"91.344","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 01168{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"45": {"risk":"Anonymous Subscriber","severity":"Medium","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682}
+00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/flow_risk_lists_disable\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 41/41
 ~~ skipped flows.............: 0
@@ -31,8 +31,8 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5520149 bytes
-~~ total memory freed........: 5520149 bytes
+~~ total memory allocated....: 5520205 bytes
+~~ total memory freed........: 5520205 bytes
 ~~ total allocations/frees...: 85939/85939
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 526 chars
diff --git a/test/results/guessing_disable/webex.pcap.out b/test/results/guessing_disable/webex.pcap.out
index a32676c6c..e527b6514 100644
--- a/test/results/guessing_disable/webex.pcap.out
+++ b/test/results/guessing_disable/webex.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841}
 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"}
@@ -497,7 +497,7 @@
 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570640346348,"flow_dst_last_pkt_time":1444570639263789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
 01084{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570652359038,"flow_dst_last_pkt_time":1444570652361105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 01213{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570673280105,"flow_dst_last_pkt_time":1444570673246494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","proto_id":"91.141","proto_by_ip":"Webex","proto_by_ip_id":141,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":500,"global_ts_usec":1444570742172121}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/guessing_disable\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":39,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":500,"global_ts_usec":1444570742172121}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1110/1110
 ~~ skipped flows.............: 0
@@ -506,8 +506,8 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6029687 bytes
-~~ total memory freed........: 6029687 bytes
+~~ total memory allocated....: 6030607 bytes
+~~ total memory freed........: 6030607 bytes
 ~~ total allocations/frees...: 87930/87930
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 535 chars
diff --git a/test/results/http_process_response_disable/http.pcapng.out b/test/results/http_process_response_disable/http.pcapng.out
index ccb4ad47a..e41370e44 100644
--- a/test/results/http_process_response_disable/http.pcapng.out
+++ b/test/results/http_process_response_disable/http.pcapng.out
@@ -1,5 +1,5 @@
-00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643129441023341}
+00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643129441023341}
 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441023341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441023341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441023341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8mDFAAEAGN5nAqAGA2DrQjqS6AFARiJzNAAAAAKAC+vCG+AAAAgQFtAQCCArCG0WpAAAAAAEDAwc="}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643129441023341,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643129441030591,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8NRsAAHgGoi\/YOtCOwKgBgABQpLoKOrN\/EYiczqAS\/\/9o0gAAAgQFlgQCCArUwoamwhtFqQEDAwg="}
@@ -8,7 +8,7 @@
 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441030591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643129441030691,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"google.com","http": {"url":"google.com\/","code":0,"content_type":"","user_agent":"curl\/7.68.0"}}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643129441030691,"flow_dst_last_pkt_time":1643129441038384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643129441038384,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA0NSMAAHgGoi\/YOtCOwKgBgABQpLoKOrOAEYidGIAQAQCWKAAAAQEICtTChq7CG0Ww"}
 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1643129441023341,"flow_src_last_pkt_time":1643129441065505,"flow_dst_last_pkt_time":1643129441065458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":528,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1643129441065505,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.208.142","src_port":42170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643129441065505}
+00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/http_process_response_disable\/pcap\/http.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":602,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643129441065505}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
 ~~ skipped flows.............: 0
@@ -17,8 +17,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5498301 bytes
-~~ total memory freed........: 5498301 bytes
+~~ total memory allocated....: 5498325 bytes
+~~ total memory freed........: 5498325 bytes
 ~~ total allocations/frees...: 85874/85874
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 567 chars
diff --git a/test/results/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/http_process_response_disable/http_asymmetric.pcapng.out
index 142907322..48fd37510 100644
--- a/test/results/http_process_response_disable/http_asymmetric.pcapng.out
+++ b/test/results/http_process_response_disable/http_asymmetric.pcapng.out
@@ -1,5 +1,5 @@
-00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414}
+00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414}
 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"}
 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -17,7 +17,7 @@
 01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210504093,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210504093,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 01325{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00668{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1631378215504945}
+00666{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/http_process_response_disable\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1631378215504945}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 23/23
 ~~ skipped flows.............: 0
@@ -26,8 +26,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501428 bytes
-~~ total memory freed........: 5501428 bytes
+~~ total memory allocated....: 5501468 bytes
+~~ total memory freed........: 5501468 bytes
 ~~ total allocations/frees...: 85913/85913
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 561 chars
diff --git a/test/results/influxd/caches_cfg/ookla.pcap.out b/test/results/influxd/caches_cfg/ookla.pcap.out
index c677afd12..970dd8c01 100644
--- a/test/results/influxd/caches_cfg/ookla.pcap.out
+++ b/test/results/influxd/caches_cfg/ookla.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=56,json_bytes=43688,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
+general json_lines=56,json_bytes=43680,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/caches_cfg/teams.pcap.out b/test/results/influxd/caches_cfg/teams.pcap.out
index 1fa157966..4328034e7 100644
--- a/test/results/influxd/caches_cfg/teams.pcap.out
+++ b/test/results/influxd/caches_cfg/teams.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=674,json_bytes=640742,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
-events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=57,flow_not_detected_count=1,flow_risky_count=27,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=16,flow_state_finished=67
+general json_lines=682,json_bytes=649810,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
+events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=65,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=20,flow_state_finished=63
 breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=38,flow_severity_medium=10,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=42,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=42,flow_l4_udp_count=40,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=83,flow_detected_count=80,flow_guessed_count=2,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=10,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=12,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/caches_global/bittorrent.pcap.out b/test/results/influxd/caches_global/bittorrent.pcap.out
index a100dbbe0..3761b305e 100644
--- a/test/results/influxd/caches_global/bittorrent.pcap.out
+++ b/test/results/influxd/caches_global/bittorrent.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=164,json_bytes=149968,flow_src_total_bytes=6341,flow_dst_total_bytes=279641
+general json_lines=164,json_bytes=149962,flow_src_total_bytes=6341,flow_dst_total_bytes=279641
 events flow_new_count=24,flow_end_count=11,flow_idle_count=13,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=88,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=24
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out b/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out
index 9af05c119..ad57f4393 100644
--- a/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/influxd/caches_global/lru_ipv6_caches.pcapng.out
@@ -1,11 +1,11 @@
-general json_lines=86,json_bytes=88141,flow_src_total_bytes=14408,flow_dst_total_bytes=846
-events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=6,flow_state_finished=6
+general json_lines=89,json_bytes=91995,flow_src_total_bytes=14408,flow_dst_total_bytes=846
+events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=11,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=7,flow_state_finished=5
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=10,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=13,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=12,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=3,flow_l4_udp_count=9,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=12,flow_detected_count=12,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=10,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/caches_global/mining.pcapng.out b/test/results/influxd/caches_global/mining.pcapng.out
index 67dff5b45..7eb27e4b6 100644
--- a/test/results/influxd/caches_global/mining.pcapng.out
+++ b/test/results/influxd/caches_global/mining.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=41,json_bytes=36562,flow_src_total_bytes=146948,flow_dst_total_bytes=30432
+general json_lines=41,json_bytes=36552,flow_src_total_bytes=146948,flow_dst_total_bytes=30432
 events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=4,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/caches_global/ookla.pcap.out b/test/results/influxd/caches_global/ookla.pcap.out
index c67ddb190..b1f9e996f 100644
--- a/test/results/influxd/caches_global/ookla.pcap.out
+++ b/test/results/influxd/caches_global/ookla.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=56,json_bytes=43856,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
+general json_lines=56,json_bytes=43848,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/caches_global/teams.pcap.out b/test/results/influxd/caches_global/teams.pcap.out
index f2dea974d..aa1cd8414 100644
--- a/test/results/influxd/caches_global/teams.pcap.out
+++ b/test/results/influxd/caches_global/teams.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=674,json_bytes=642764,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
-events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=57,flow_not_detected_count=1,flow_risky_count=27,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=16,flow_state_finished=67
+general json_lines=682,json_bytes=651856,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
+events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=65,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=20,flow_state_finished=63
 breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=38,flow_severity_medium=10,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=42,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=42,flow_l4_udp_count=40,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=83,flow_detected_count=80,flow_guessed_count=2,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=10,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=12,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/caches_global/zoom_p2p.pcapng.out b/test/results/influxd/caches_global/zoom_p2p.pcapng.out
index fd851e696..a2023d593 100644
--- a/test/results/influxd/caches_global/zoom_p2p.pcapng.out
+++ b/test/results/influxd/caches_global/zoom_p2p.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=131,json_bytes=108028,flow_src_total_bytes=137033,flow_dst_total_bytes=103149
+general json_lines=131,json_bytes=108022,flow_src_total_bytes=137033,flow_dst_total_bytes=103149
 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=27,flow_analyse_count=4,flow_guessed_count=4,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/1kxun.pcap.out b/test/results/influxd/default/1kxun.pcap.out
index 2369f8062..438bf028e 100644
--- a/test/results/influxd/default/1kxun.pcap.out
+++ b/test/results/influxd/default/1kxun.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=1303,json_bytes=1542796,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
+general json_lines=1303,json_bytes=1542944,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=35,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=27,flow_state_finished=170
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=34,flow_severity_medium=5,flow_severity_high=20,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=34,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/default/443-chrome.pcap.out b/test/results/influxd/default/443-chrome.pcap.out
index cddf39365..540047a1a 100644
--- a/test/results/influxd/default/443-chrome.pcap.out
+++ b/test/results/influxd/default/443-chrome.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=7032,flow_src_total_bytes=1440,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=7129,flow_src_total_bytes=1440,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/443-curl.pcap.out b/test/results/influxd/default/443-curl.pcap.out
index af599a165..9a6cceb39 100644
--- a/test/results/influxd/default/443-curl.pcap.out
+++ b/test/results/influxd/default/443-curl.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=13192,flow_src_total_bytes=930,flow_dst_total_bytes=65886
+general json_lines=14,json_bytes=13186,flow_src_total_bytes=930,flow_dst_total_bytes=65886
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/443-firefox.pcap.out b/test/results/influxd/default/443-firefox.pcap.out
index 8b9b71b2d..50f4e9a64 100644
--- a/test/results/influxd/default/443-firefox.pcap.out
+++ b/test/results/influxd/default/443-firefox.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=13440,flow_src_total_bytes=7675,flow_dst_total_bytes=406398
+general json_lines=14,json_bytes=13434,flow_src_total_bytes=7675,flow_dst_total_bytes=406398
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/443-git.pcap.out b/test/results/influxd/default/443-git.pcap.out
index 1ee10c14b..57b1b0d7b 100644
--- a/test/results/influxd/default/443-git.pcap.out
+++ b/test/results/influxd/default/443-git.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=15245,flow_src_total_bytes=881,flow_dst_total_bytes=31704
+general json_lines=14,json_bytes=15239,flow_src_total_bytes=881,flow_dst_total_bytes=31704
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/443-opvn.pcap.out b/test/results/influxd/default/443-opvn.pcap.out
index 92b353336..399b0ac4e 100644
--- a/test/results/influxd/default/443-opvn.pcap.out
+++ b/test/results/influxd/default/443-opvn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9624,flow_src_total_bytes=3974,flow_dst_total_bytes=4543
+general json_lines=12,json_bytes=9618,flow_src_total_bytes=3974,flow_dst_total_bytes=4543
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/443-safari.pcap.out b/test/results/influxd/default/443-safari.pcap.out
index f381ae613..c4bb37d1e 100644
--- a/test/results/influxd/default/443-safari.pcap.out
+++ b/test/results/influxd/default/443-safari.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=12951,flow_src_total_bytes=797,flow_dst_total_bytes=16406
+general json_lines=14,json_bytes=12945,flow_src_total_bytes=797,flow_dst_total_bytes=16406
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/4in4tunnel.pcap.out b/test/results/influxd/default/4in4tunnel.pcap.out
index c40abf96c..6907a649c 100644
--- a/test/results/influxd/default/4in4tunnel.pcap.out
+++ b/test/results/influxd/default/4in4tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=17,json_bytes=8627,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=17,json_bytes=8613,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=5,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/4in6tunnel.pcap.out b/test/results/influxd/default/4in6tunnel.pcap.out
index f71e2a475..e330cc158 100644
--- a/test/results/influxd/default/4in6tunnel.pcap.out
+++ b/test/results/influxd/default/4in6tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=9401,flow_src_total_bytes=316,flow_dst_total_bytes=1464
+general json_lines=10,json_bytes=9395,flow_src_total_bytes=316,flow_dst_total_bytes=1464
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/6in4tunnel.pcap.out b/test/results/influxd/default/6in4tunnel.pcap.out
index 94e05f7b6..ea525f144 100644
--- a/test/results/influxd/default/6in4tunnel.pcap.out
+++ b/test/results/influxd/default/6in4tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9752,flow_src_total_bytes=11600,flow_dst_total_bytes=24375
+general json_lines=12,json_bytes=9746,flow_src_total_bytes=11600,flow_dst_total_bytes=24375
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/6in6tunnel.pcap.out b/test/results/influxd/default/6in6tunnel.pcap.out
index 3566f46dc..0d28d632d 100644
--- a/test/results/influxd/default/6in6tunnel.pcap.out
+++ b/test/results/influxd/default/6in6tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8148,flow_src_total_bytes=104,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=8142,flow_src_total_bytes=104,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out
index fd9274f54..ba485b7ec 100644
--- a/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/influxd/default/BGP_Cisco_hdlc_slarp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7392,flow_src_total_bytes=76,flow_dst_total_bytes=269
+general json_lines=11,json_bytes=7386,flow_src_total_bytes=76,flow_dst_total_bytes=269
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/BGP_redist.pcap.out b/test/results/influxd/default/BGP_redist.pcap.out
index 3c69aa40f..e97387efa 100644
--- a/test/results/influxd/default/BGP_redist.pcap.out
+++ b/test/results/influxd/default/BGP_redist.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=6102,flow_src_total_bytes=115,flow_dst_total_bytes=0
+general json_lines=9,json_bytes=6096,flow_src_total_bytes=115,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=1,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/EAQ.pcap.out b/test/results/influxd/default/EAQ.pcap.out
index e1c70c855..87dfef84d 100644
--- a/test/results/influxd/default/EAQ.pcap.out
+++ b/test/results/influxd/default/EAQ.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=269,json_bytes=193281,flow_src_total_bytes=2383,flow_dst_total_bytes=10862
+general json_lines=269,json_bytes=193275,flow_src_total_bytes=2383,flow_dst_total_bytes=10862
 events flow_new_count=31,flow_end_count=2,flow_idle_count=29,flow_update_count=29,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=31,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=23,packet_count=0,packet_flow_count=144,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=31
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index 6dc256540..ad5ae65bb 100644
--- a/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/influxd/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=52,json_bytes=54935,flow_src_total_bytes=56781,flow_dst_total_bytes=136335
+general json_lines=52,json_bytes=54929,flow_src_total_bytes=56781,flow_dst_total_bytes=136335
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=6,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/IEC104.pcap.out b/test/results/influxd/default/IEC104.pcap.out
index e55cea9d2..99036373a 100644
--- a/test/results/influxd/default/IEC104.pcap.out
+++ b/test/results/influxd/default/IEC104.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=17,json_bytes=12102,flow_src_total_bytes=609,flow_dst_total_bytes=0
+general json_lines=17,json_bytes=12096,flow_src_total_bytes=609,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/KakaoTalk_chat.pcap.out b/test/results/influxd/default/KakaoTalk_chat.pcap.out
index cd073c173..fe5dcf375 100644
--- a/test/results/influxd/default/KakaoTalk_chat.pcap.out
+++ b/test/results/influxd/default/KakaoTalk_chat.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=270,json_bytes=238298,flow_src_total_bytes=15862,flow_dst_total_bytes=36150
+general json_lines=270,json_bytes=238410,flow_src_total_bytes=15862,flow_dst_total_bytes=36150
 events flow_new_count=38,flow_end_count=8,flow_idle_count=30,flow_update_count=1,flow_analyse_count=3,flow_guessed_count=5,flow_detected_count=33,flow_detection_update_count=33,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=12,flow_state_finished=26
 breed flow_breed_safe_count=9,flow_breed_acceptable_count=16,flow_breed_fun_count=8,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/KakaoTalk_talk.pcap.out b/test/results/influxd/default/KakaoTalk_talk.pcap.out
index 73d76905b..427984009 100644
--- a/test/results/influxd/default/KakaoTalk_talk.pcap.out
+++ b/test/results/influxd/default/KakaoTalk_talk.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=144,json_bytes=120158,flow_src_total_bytes=146910,flow_dst_total_bytes=144494
+general json_lines=144,json_bytes=120270,flow_src_total_bytes=146910,flow_dst_total_bytes=144494
 events flow_new_count=20,flow_end_count=6,flow_idle_count=14,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=9,flow_detected_count=11,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=73,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=11,flow_state_finished=9
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=4,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/NTPv2.pcap.out b/test/results/influxd/default/NTPv2.pcap.out
index 320925662..0144b9930 100644
--- a/test/results/influxd/default/NTPv2.pcap.out
+++ b/test/results/influxd/default/NTPv2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5570,flow_src_total_bytes=368,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5564,flow_src_total_bytes=368,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/NTPv3.pcap.out b/test/results/influxd/default/NTPv3.pcap.out
index bc360f930..bff50b0ea 100644
--- a/test/results/influxd/default/NTPv3.pcap.out
+++ b/test/results/influxd/default/NTPv3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5130,flow_src_total_bytes=48,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5124,flow_src_total_bytes=48,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/NTPv4.pcap.out b/test/results/influxd/default/NTPv4.pcap.out
index bc360f930..bff50b0ea 100644
--- a/test/results/influxd/default/NTPv4.pcap.out
+++ b/test/results/influxd/default/NTPv4.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5130,flow_src_total_bytes=48,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5124,flow_src_total_bytes=48,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/Oscar.pcap.out b/test/results/influxd/default/Oscar.pcap.out
index b5860cd6d..3611ccd81 100644
--- a/test/results/influxd/default/Oscar.pcap.out
+++ b/test/results/influxd/default/Oscar.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9662,flow_src_total_bytes=1504,flow_dst_total_bytes=3946
+general json_lines=12,json_bytes=9656,flow_src_total_bytes=1504,flow_dst_total_bytes=3946
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/TivoDVR.pcap.out b/test/results/influxd/default/TivoDVR.pcap.out
index 433fd139c..caf7334dc 100644
--- a/test/results/influxd/default/TivoDVR.pcap.out
+++ b/test/results/influxd/default/TivoDVR.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=6243,flow_src_total_bytes=334,flow_dst_total_bytes=0
+general json_lines=8,json_bytes=6237,flow_src_total_bytes=334,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/WebattackRCE.pcap.out b/test/results/influxd/default/WebattackRCE.pcap.out
index acd8543a9..589dd93d8 100644
--- a/test/results/influxd/default/WebattackRCE.pcap.out
+++ b/test/results/influxd/default/WebattackRCE.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=3191,json_bytes=3379261,flow_src_total_bytes=138401,flow_dst_total_bytes=0
+general json_lines=3191,json_bytes=3379255,flow_src_total_bytes=138401,flow_dst_total_bytes=0
 events flow_new_count=797,flow_end_count=0,flow_idle_count=797,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=797,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=797,packet_count=0,packet_flow_count=797,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=797,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=797,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/WebattackSQLinj.pcap.out b/test/results/influxd/default/WebattackSQLinj.pcap.out
index 43b7e9423..95961e008 100644
--- a/test/results/influxd/default/WebattackSQLinj.pcap.out
+++ b/test/results/influxd/default/WebattackSQLinj.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=75,json_bytes=65864,flow_src_total_bytes=4839,flow_dst_total_bytes=18821
+general json_lines=75,json_bytes=65858,flow_src_total_bytes=4839,flow_dst_total_bytes=18821
 events flow_new_count=9,flow_end_count=9,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=9,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=9
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/WebattackXSS.pcap.out b/test/results/influxd/default/WebattackXSS.pcap.out
index 108fc6875..a5b6eb04d 100644
--- a/test/results/influxd/default/WebattackXSS.pcap.out
+++ b/test/results/influxd/default/WebattackXSS.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=5305,json_bytes=3632325,flow_src_total_bytes=857367,flow_dst_total_bytes=3234521
+general json_lines=5305,json_bytes=3632317,flow_src_total_bytes=857367,flow_dst_total_bytes=3234521
 events flow_new_count=661,flow_end_count=657,flow_idle_count=4,flow_update_count=0,flow_analyse_count=19,flow_guessed_count=639,flow_detected_count=22,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=3299,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=639,flow_state_finished=22
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=22,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/activision.pcap.out b/test/results/influxd/default/activision.pcap.out
index 274bcb3d9..6c939a25e 100644
--- a/test/results/influxd/default/activision.pcap.out
+++ b/test/results/influxd/default/activision.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=38,json_bytes=26037,flow_src_total_bytes=620,flow_dst_total_bytes=764
+general json_lines=38,json_bytes=26027,flow_src_total_bytes=620,flow_dst_total_bytes=764
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/adult_content.pcap.out b/test/results/influxd/default/adult_content.pcap.out
index b4b2c2e2f..7ba4a48c5 100644
--- a/test/results/influxd/default/adult_content.pcap.out
+++ b/test/results/influxd/default/adult_content.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9102,flow_src_total_bytes=3131,flow_dst_total_bytes=3791
+general json_lines=12,json_bytes=9096,flow_src_total_bytes=3131,flow_dst_total_bytes=3791
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/afp.pcap.out b/test/results/influxd/default/afp.pcap.out
index fdfd2beb0..65fcea23e 100644
--- a/test/results/influxd/default/afp.pcap.out
+++ b/test/results/influxd/default/afp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7386,flow_src_total_bytes=44,flow_dst_total_bytes=118
+general json_lines=11,json_bytes=7380,flow_src_total_bytes=44,flow_dst_total_bytes=118
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/agora-sd-rtn.pcap.out b/test/results/influxd/default/agora-sd-rtn.pcap.out
index 48f308d94..3fc10d2ab 100644
--- a/test/results/influxd/default/agora-sd-rtn.pcap.out
+++ b/test/results/influxd/default/agora-sd-rtn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=238,json_bytes=225892,flow_src_total_bytes=54495,flow_dst_total_bytes=40944
+general json_lines=238,json_bytes=225878,flow_src_total_bytes=54495,flow_dst_total_bytes=40944
 events flow_new_count=26,flow_end_count=0,flow_idle_count=26,flow_update_count=23,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=26,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=130,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=26
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=26,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ah.pcapng.out b/test/results/influxd/default/ah.pcapng.out
index 1fe08ab15..1e7922274 100644
--- a/test/results/influxd/default/ah.pcapng.out
+++ b/test/results/influxd/default/ah.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=12175,flow_src_total_bytes=790,flow_dst_total_bytes=742
+general json_lines=15,json_bytes=12169,flow_src_total_bytes=790,flow_dst_total_bytes=742
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ajp.pcap.out b/test/results/influxd/default/ajp.pcap.out
index 139ef03e9..2ddf33f9c 100644
--- a/test/results/influxd/default/ajp.pcap.out
+++ b/test/results/influxd/default/ajp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=43,json_bytes=23823,flow_src_total_bytes=2112,flow_dst_total_bytes=482
+general json_lines=43,json_bytes=23817,flow_src_total_bytes=2112,flow_dst_total_bytes=482
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=12,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=12,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/alexa-app.pcapng.out b/test/results/influxd/default/alexa-app.pcapng.out
index c00c825c2..631248f48 100644
--- a/test/results/influxd/default/alexa-app.pcapng.out
+++ b/test/results/influxd/default/alexa-app.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=1415,json_bytes=1268458,flow_src_total_bytes=399153,flow_dst_total_bytes=588052
+general json_lines=1415,json_bytes=1268452,flow_src_total_bytes=399153,flow_dst_total_bytes=588052
 events flow_new_count=160,flow_end_count=104,flow_idle_count=56,flow_update_count=77,flow_analyse_count=23,flow_guessed_count=14,flow_detected_count=146,flow_detection_update_count=143,flow_not_detected_count=0,flow_risky_count=61,packet_count=5,packet_flow_count=679,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=5,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=35,flow_state_finished=125
 breed flow_breed_safe_count=8,flow_breed_acceptable_count=138,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/alicloud.pcap.out b/test/results/influxd/default/alicloud.pcap.out
index 0d9173306..ebe954a00 100644
--- a/test/results/influxd/default/alicloud.pcap.out
+++ b/test/results/influxd/default/alicloud.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=135,json_bytes=92461,flow_src_total_bytes=5696,flow_dst_total_bytes=2176
+general json_lines=135,json_bytes=92431,flow_src_total_bytes=5696,flow_dst_total_bytes=2176
 events flow_new_count=15,flow_end_count=0,flow_idle_count=15,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=15,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=75,init_count=1,reconnect_count=0,shutdown_count=1,status_count=13,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=15
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=15,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/among_us.pcap.out b/test/results/influxd/default/among_us.pcap.out
index 439474de9..8df880d53 100644
--- a/test/results/influxd/default/among_us.pcap.out
+++ b/test/results/influxd/default/among_us.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5054,flow_src_total_bytes=15,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5048,flow_src_total_bytes=15,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/amqp.pcap.out b/test/results/influxd/default/amqp.pcap.out
index 95fa95691..17ea9a99a 100644
--- a/test/results/influxd/default/amqp.pcap.out
+++ b/test/results/influxd/default/amqp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=23195,flow_src_total_bytes=12849,flow_dst_total_bytes=105
+general json_lines=28,json_bytes=23189,flow_src_total_bytes=12849,flow_dst_total_bytes=105
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/android.pcap.out b/test/results/influxd/default/android.pcap.out
index 9ace40d75..21f0f1cff 100644
--- a/test/results/influxd/default/android.pcap.out
+++ b/test/results/influxd/default/android.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=437,json_bytes=374406,flow_src_total_bytes=25482,flow_dst_total_bytes=76498
+general json_lines=437,json_bytes=374400,flow_src_total_bytes=25482,flow_dst_total_bytes=76498
 events flow_new_count=63,flow_end_count=9,flow_idle_count=54,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=60,flow_detection_update_count=45,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=196,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=19,flow_state_finished=44
 breed flow_breed_safe_count=10,flow_breed_acceptable_count=36,flow_breed_fun_count=14,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/anyconnect-vpn.pcap.out b/test/results/influxd/default/anyconnect-vpn.pcap.out
index 703d1c209..0596c987c 100644
--- a/test/results/influxd/default/anyconnect-vpn.pcap.out
+++ b/test/results/influxd/default/anyconnect-vpn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=457,json_bytes=385180,flow_src_total_bytes=38688,flow_dst_total_bytes=56727
+general json_lines=457,json_bytes=385174,flow_src_total_bytes=38688,flow_dst_total_bytes=56727
 events flow_new_count=69,flow_end_count=10,flow_idle_count=59,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=6,flow_detected_count=61,flow_detection_update_count=34,flow_not_detected_count=2,flow_risky_count=17,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=15,flow_state_finished=54
 breed flow_breed_safe_count=13,flow_breed_acceptable_count=48,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/anydesk.pcapng.out b/test/results/influxd/default/anydesk.pcapng.out
index f01bf712d..247c0c45f 100644
--- a/test/results/influxd/default/anydesk.pcapng.out
+++ b/test/results/influxd/default/anydesk.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=66,json_bytes=65342,flow_src_total_bytes=19883,flow_dst_total_bytes=15955
+general json_lines=66,json_bytes=65332,flow_src_total_bytes=19883,flow_dst_total_bytes=15955
 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=6
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/avast.pcap.out b/test/results/influxd/default/avast.pcap.out
index 3b605daa0..e100afdbb 100644
--- a/test/results/influxd/default/avast.pcap.out
+++ b/test/results/influxd/default/avast.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=101,json_bytes=68518,flow_src_total_bytes=1031,flow_dst_total_bytes=246
+general json_lines=101,json_bytes=68476,flow_src_total_bytes=1031,flow_dst_total_bytes=246
 events flow_new_count=10,flow_end_count=2,flow_idle_count=8,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=19,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=10
 breed flow_breed_safe_count=10,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/avast_securedns.pcapng.out b/test/results/influxd/default/avast_securedns.pcapng.out
index b2ecf3cf5..e262d7e5a 100644
--- a/test/results/influxd/default/avast_securedns.pcapng.out
+++ b/test/results/influxd/default/avast_securedns.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=218,json_bytes=177858,flow_src_total_bytes=1521,flow_dst_total_bytes=6688
+general json_lines=218,json_bytes=177828,flow_src_total_bytes=1521,flow_dst_total_bytes=6688
 events flow_new_count=39,flow_end_count=0,flow_idle_count=39,flow_update_count=9,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=39,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=77,init_count=1,reconnect_count=0,shutdown_count=1,status_count=13,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=39
 breed flow_breed_safe_count=39,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bacnet.pcap.out b/test/results/influxd/default/bacnet.pcap.out
index 3257af0f8..38f88efab 100644
--- a/test/results/influxd/default/bacnet.pcap.out
+++ b/test/results/influxd/default/bacnet.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=57,json_bytes=44588,flow_src_total_bytes=398,flow_dst_total_bytes=0
+general json_lines=57,json_bytes=44572,flow_src_total_bytes=398,flow_dst_total_bytes=0
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=10
 breed flow_breed_safe_count=10,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bad-dns-traffic.pcap.out b/test/results/influxd/default/bad-dns-traffic.pcap.out
index b8173ecd5..2a7e81a76 100644
--- a/test/results/influxd/default/bad-dns-traffic.pcap.out
+++ b/test/results/influxd/default/bad-dns-traffic.pcap.out
@@ -1,10 +1,10 @@
-general json_lines=39,json_bytes=40394,flow_src_total_bytes=44399,flow_dst_total_bytes=38931
+general json_lines=39,json_bytes=40424,flow_src_total_bytes=44399,flow_dst_total_bytes=38931
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=3,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=3,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=3,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=12,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=0,flow_severity_medium=6,flow_severity_high=6,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=3,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=3,flow_detected_count=3,flow_guessed_count=0,flow_not_detected_count=0
diff --git a/test/results/influxd/default/badpackets.pcap.out b/test/results/influxd/default/badpackets.pcap.out
index 19811da06..cad91f12a 100644
--- a/test/results/influxd/default/badpackets.pcap.out
+++ b/test/results/influxd/default/badpackets.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=194,json_bytes=127432,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=194,json_bytes=127424,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=95,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=89,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=6,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/beckhoff_ads.pcapng.out b/test/results/influxd/default/beckhoff_ads.pcapng.out
index d8e8744ad..f676cb832 100644
--- a/test/results/influxd/default/beckhoff_ads.pcapng.out
+++ b/test/results/influxd/default/beckhoff_ads.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9676,flow_src_total_bytes=1376,flow_dst_total_bytes=1934
+general json_lines=12,json_bytes=9670,flow_src_total_bytes=1376,flow_dst_total_bytes=1934
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bets.pcapng.out b/test/results/influxd/default/bets.pcapng.out
index 7216cb10d..d0dabe80c 100644
--- a/test/results/influxd/default/bets.pcapng.out
+++ b/test/results/influxd/default/bets.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=11390,flow_src_total_bytes=573,flow_dst_total_bytes=6919
+general json_lines=13,json_bytes=11384,flow_src_total_bytes=573,flow_dst_total_bytes=6919
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bfd.pcap.out b/test/results/influxd/default/bfd.pcap.out
index bb8fe814e..be5f2a06d 100644
--- a/test/results/influxd/default/bfd.pcap.out
+++ b/test/results/influxd/default/bfd.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=26,json_bytes=18517,flow_src_total_bytes=192,flow_dst_total_bytes=0
+general json_lines=26,json_bytes=18511,flow_src_total_bytes=192,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bitcoin.pcap.out b/test/results/influxd/default/bitcoin.pcap.out
index f9be1aa2f..679f6bdac 100644
--- a/test/results/influxd/default/bitcoin.pcap.out
+++ b/test/results/influxd/default/bitcoin.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=57,json_bytes=49970,flow_src_total_bytes=112000,flow_dst_total_bytes=279630
+general json_lines=57,json_bytes=49958,flow_src_total_bytes=112000,flow_dst_total_bytes=279630
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bittorrent.pcap.out b/test/results/influxd/default/bittorrent.pcap.out
index ce711ad96..75ee1a1f3 100644
--- a/test/results/influxd/default/bittorrent.pcap.out
+++ b/test/results/influxd/default/bittorrent.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=164,json_bytes=148984,flow_src_total_bytes=6341,flow_dst_total_bytes=279641
+general json_lines=164,json_bytes=148978,flow_src_total_bytes=6341,flow_dst_total_bytes=279641
 events flow_new_count=24,flow_end_count=11,flow_idle_count=13,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=22,packet_count=0,packet_flow_count=88,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=24
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out b/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out
index 464554eea..9f4f79811 100644
--- a/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out
+++ b/test/results/influxd/default/bittorrent_tcp_miss.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10989,flow_src_total_bytes=1093,flow_dst_total_bytes=90373
+general json_lines=12,json_bytes=10983,flow_src_total_bytes=1093,flow_dst_total_bytes=90373
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bittorrent_utp.pcap.out b/test/results/influxd/default/bittorrent_utp.pcap.out
index 481b2a960..e061f5499 100644
--- a/test/results/influxd/default/bittorrent_utp.pcap.out
+++ b/test/results/influxd/default/bittorrent_utp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=19385,flow_src_total_bytes=34748,flow_dst_total_bytes=3258
+general json_lines=23,json_bytes=19377,flow_src_total_bytes=34748,flow_dst_total_bytes=3258
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bjnp.pcap.out b/test/results/influxd/default/bjnp.pcap.out
index 51d60a0bd..9e4e8243b 100644
--- a/test/results/influxd/default/bjnp.pcap.out
+++ b/test/results/influxd/default/bjnp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=43,json_bytes=34000,flow_src_total_bytes=160,flow_dst_total_bytes=0
+general json_lines=43,json_bytes=33994,flow_src_total_bytes=160,flow_dst_total_bytes=0
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=10
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bot.pcap.out b/test/results/influxd/default/bot.pcap.out
index 44603e693..e9bd60e81 100644
--- a/test/results/influxd/default/bot.pcap.out
+++ b/test/results/influxd/default/bot.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10428,flow_src_total_bytes=316,flow_dst_total_bytes=406780
+general json_lines=12,json_bytes=10422,flow_src_total_bytes=316,flow_dst_total_bytes=406780
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bt-dns.pcap.out b/test/results/influxd/default/bt-dns.pcap.out
index 97a2a7889..d95c9893c 100644
--- a/test/results/influxd/default/bt-dns.pcap.out
+++ b/test/results/influxd/default/bt-dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=6067,flow_src_total_bytes=30,flow_dst_total_bytes=46
+general json_lines=8,json_bytes=6063,flow_src_total_bytes=30,flow_dst_total_bytes=46
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bt-http.pcapng.out b/test/results/influxd/default/bt-http.pcapng.out
index 6841259f3..675a36a9c 100644
--- a/test/results/influxd/default/bt-http.pcapng.out
+++ b/test/results/influxd/default/bt-http.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8648,flow_src_total_bytes=370,flow_dst_total_bytes=340
+general json_lines=11,json_bytes=8642,flow_src_total_bytes=370,flow_dst_total_bytes=340
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/bt_search.pcap.out b/test/results/influxd/default/bt_search.pcap.out
index 2c7e20c91..3bc1dad45 100644
--- a/test/results/influxd/default/bt_search.pcap.out
+++ b/test/results/influxd/default/bt_search.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=5973,flow_src_total_bytes=238,flow_dst_total_bytes=0
+general json_lines=8,json_bytes=5967,flow_src_total_bytes=238,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/c1222.pcapng.out b/test/results/influxd/default/c1222.pcapng.out
index 637d46d79..5cc440cac 100644
--- a/test/results/influxd/default/c1222.pcapng.out
+++ b/test/results/influxd/default/c1222.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=9909,flow_src_total_bytes=244,flow_dst_total_bytes=111
+general json_lines=13,json_bytes=9903,flow_src_total_bytes=244,flow_dst_total_bytes=111
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/cachefly.pcapng.out b/test/results/influxd/default/cachefly.pcapng.out
index 9dff49c6b..e8d1cf82f 100644
--- a/test/results/influxd/default/cachefly.pcapng.out
+++ b/test/results/influxd/default/cachefly.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=17911,flow_src_total_bytes=5242,flow_dst_total_bytes=517
+general json_lines=13,json_bytes=17905,flow_src_total_bytes=5242,flow_dst_total_bytes=517
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/can.pcap.out b/test/results/influxd/default/can.pcap.out
index b05f9b481..ed64b4339 100644
--- a/test/results/influxd/default/can.pcap.out
+++ b/test/results/influxd/default/can.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=36,json_bytes=29214,flow_src_total_bytes=360,flow_dst_total_bytes=0
+general json_lines=36,json_bytes=29208,flow_src_total_bytes=360,flow_dst_total_bytes=0
 events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=8,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/capwap.pcap.out b/test/results/influxd/default/capwap.pcap.out
index 9f7a00154..186d16b76 100644
--- a/test/results/influxd/default/capwap.pcap.out
+++ b/test/results/influxd/default/capwap.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=70,json_bytes=56303,flow_src_total_bytes=48656,flow_dst_total_bytes=33179
+general json_lines=70,json_bytes=56297,flow_src_total_bytes=48656,flow_dst_total_bytes=33179
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=15,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=9,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=9,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/capwap_data.pcapng.out b/test/results/influxd/default/capwap_data.pcapng.out
index 4224dc75e..87a4ec7f8 100644
--- a/test/results/influxd/default/capwap_data.pcapng.out
+++ b/test/results/influxd/default/capwap_data.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=31,json_bytes=14086,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=31,json_bytes=14080,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=14,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=14,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/cassandra.pcap.out b/test/results/influxd/default/cassandra.pcap.out
index 41d3fee4c..1f6ff554f 100644
--- a/test/results/influxd/default/cassandra.pcap.out
+++ b/test/results/influxd/default/cassandra.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=26,json_bytes=17839,flow_src_total_bytes=160,flow_dst_total_bytes=172
+general json_lines=26,json_bytes=17833,flow_src_total_bytes=160,flow_dst_total_bytes=172
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ceph.pcap.out b/test/results/influxd/default/ceph.pcap.out
index f33736f0d..e90a527c0 100644
--- a/test/results/influxd/default/ceph.pcap.out
+++ b/test/results/influxd/default/ceph.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9418,flow_src_total_bytes=1151,flow_dst_total_bytes=9638
+general json_lines=12,json_bytes=9412,flow_src_total_bytes=1151,flow_dst_total_bytes=9638
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/check_mk_new.pcap.out b/test/results/influxd/default/check_mk_new.pcap.out
index 1d82e45c1..ec1cd33da 100644
--- a/test/results/influxd/default/check_mk_new.pcap.out
+++ b/test/results/influxd/default/check_mk_new.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9572,flow_src_total_bytes=0,flow_dst_total_bytes=13758
+general json_lines=12,json_bytes=9566,flow_src_total_bytes=0,flow_dst_total_bytes=13758
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/chrome.pcap.out b/test/results/influxd/default/chrome.pcap.out
index b83b00b8a..6fdd2f06c 100644
--- a/test/results/influxd/default/chrome.pcap.out
+++ b/test/results/influxd/default/chrome.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=57,json_bytes=48730,flow_src_total_bytes=8227,flow_dst_total_bytes=51402
+general json_lines=57,json_bytes=48724,flow_src_total_bytes=8227,flow_dst_total_bytes=51402
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=0
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/cip_io.pcap.out b/test/results/influxd/default/cip_io.pcap.out
index dc06f52a5..238d27a53 100644
--- a/test/results/influxd/default/cip_io.pcap.out
+++ b/test/results/influxd/default/cip_io.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=6822,flow_src_total_bytes=60,flow_dst_total_bytes=68
+general json_lines=10,json_bytes=6816,flow_src_total_bytes=60,flow_dst_total_bytes=68
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/citrix.pcap.out b/test/results/influxd/default/citrix.pcap.out
index 42b130f8f..8aac6f08e 100644
--- a/test/results/influxd/default/citrix.pcap.out
+++ b/test/results/influxd/default/citrix.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8353,flow_src_total_bytes=3874,flow_dst_total_bytes=1616
+general json_lines=11,json_bytes=8349,flow_src_total_bytes=3874,flow_dst_total_bytes=1616
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/cloudflare-warp.pcap.out b/test/results/influxd/default/cloudflare-warp.pcap.out
index 17c54f9e1..c2dcaf666 100644
--- a/test/results/influxd/default/cloudflare-warp.pcap.out
+++ b/test/results/influxd/default/cloudflare-warp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=63,json_bytes=48760,flow_src_total_bytes=2276,flow_dst_total_bytes=6167
+general json_lines=63,json_bytes=48754,flow_src_total_bytes=2276,flow_dst_total_bytes=6167
 events flow_new_count=8,flow_end_count=2,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=3,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=33,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=7,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/coap_mqtt.pcap.out b/test/results/influxd/default/coap_mqtt.pcap.out
index b77bef660..507ce802c 100644
--- a/test/results/influxd/default/coap_mqtt.pcap.out
+++ b/test/results/influxd/default/coap_mqtt.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=121,json_bytes=102092,flow_src_total_bytes=41887,flow_dst_total_bytes=11416
+general json_lines=121,json_bytes=102082,flow_src_total_bytes=41887,flow_dst_total_bytes=11416
 events flow_new_count=16,flow_end_count=0,flow_idle_count=16,flow_update_count=2,flow_analyse_count=8,flow_guessed_count=0,flow_detected_count=16,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=16
 breed flow_breed_safe_count=8,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/collectd.pcap.out b/test/results/influxd/default/collectd.pcap.out
index b1e3fab40..651a089a4 100644
--- a/test/results/influxd/default/collectd.pcap.out
+++ b/test/results/influxd/default/collectd.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=74,json_bytes=103040,flow_src_total_bytes=105984,flow_dst_total_bytes=0
+general json_lines=74,json_bytes=103264,flow_src_total_bytes=105984,flow_dst_total_bytes=0
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=15,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/corba.pcap.out b/test/results/influxd/default/corba.pcap.out
index 0fcb3777f..4758d8101 100644
--- a/test/results/influxd/default/corba.pcap.out
+++ b/test/results/influxd/default/corba.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=14638,flow_src_total_bytes=20910,flow_dst_total_bytes=4122
+general json_lines=19,json_bytes=14632,flow_src_total_bytes=20910,flow_dst_total_bytes=4122
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/cpha.pcap.out b/test/results/influxd/default/cpha.pcap.out
index ee676b053..4883c217b 100644
--- a/test/results/influxd/default/cpha.pcap.out
+++ b/test/results/influxd/default/cpha.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5077,flow_src_total_bytes=50,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5071,flow_src_total_bytes=50,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/crawler_false_positive.pcapng.out b/test/results/influxd/default/crawler_false_positive.pcapng.out
index ebb60c598..5e694e726 100644
--- a/test/results/influxd/default/crawler_false_positive.pcapng.out
+++ b/test/results/influxd/default/crawler_false_positive.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=8746,flow_src_total_bytes=235,flow_dst_total_bytes=799
+general json_lines=12,json_bytes=8740,flow_src_total_bytes=235,flow_dst_total_bytes=799
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/crynet.pcap.out b/test/results/influxd/default/crynet.pcap.out
index 7afa2fb16..b8ea1f306 100644
--- a/test/results/influxd/default/crynet.pcap.out
+++ b/test/results/influxd/default/crynet.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=64,json_bytes=47548,flow_src_total_bytes=8204,flow_dst_total_bytes=1463
+general json_lines=64,json_bytes=47532,flow_src_total_bytes=8204,flow_dst_total_bytes=1463
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/custom_categories.pcapng.out b/test/results/influxd/default/custom_categories.pcapng.out
index 627d375bf..d854d2b74 100644
--- a/test/results/influxd/default/custom_categories.pcapng.out
+++ b/test/results/influxd/default/custom_categories.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=26666,flow_src_total_bytes=2156,flow_dst_total_bytes=5216
+general json_lines=30,json_bytes=26656,flow_src_total_bytes=2156,flow_dst_total_bytes=5216
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=1,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/custom_risk_mask.pcapng.out b/test/results/influxd/default/custom_risk_mask.pcapng.out
index 57f855927..59e818764 100644
--- a/test/results/influxd/default/custom_risk_mask.pcapng.out
+++ b/test/results/influxd/default/custom_risk_mask.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9162,flow_src_total_bytes=60,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=9156,flow_src_total_bytes=60,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/custom_rules_ipv6.pcapng.out b/test/results/influxd/default/custom_rules_ipv6.pcapng.out
index 1bbf52dfa..3ae6a8441 100644
--- a/test/results/influxd/default/custom_rules_ipv6.pcapng.out
+++ b/test/results/influxd/default/custom_rules_ipv6.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=34,json_bytes=31400,flow_src_total_bytes=3502,flow_dst_total_bytes=448
+general json_lines=34,json_bytes=31390,flow_src_total_bytes=3502,flow_dst_total_bytes=448
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=5,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=5,flow_state_finished=2
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out
index 30541f3c1..6641011cf 100644
--- a/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/test/results/influxd/default/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=15317,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=21,json_bytes=15309,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dazn.pcapng.out b/test/results/influxd/default/dazn.pcapng.out
index fad141dc5..dad62a14e 100644
--- a/test/results/influxd/default/dazn.pcapng.out
+++ b/test/results/influxd/default/dazn.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=27,json_bytes=29301,flow_src_total_bytes=1551,flow_dst_total_bytes=4284
+general json_lines=27,json_bytes=29295,flow_src_total_bytes=1551,flow_dst_total_bytes=4284
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dcerpc.pcap.out b/test/results/influxd/default/dcerpc.pcap.out
index a43379d1a..758c69263 100644
--- a/test/results/influxd/default/dcerpc.pcap.out
+++ b/test/results/influxd/default/dcerpc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=29,json_bytes=29220,flow_src_total_bytes=6194,flow_dst_total_bytes=0
+general json_lines=29,json_bytes=29214,flow_src_total_bytes=6194,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dhcp-fuzz.pcapng.out b/test/results/influxd/default/dhcp-fuzz.pcapng.out
index 74f6266b5..dce14d47f 100644
--- a/test/results/influxd/default/dhcp-fuzz.pcapng.out
+++ b/test/results/influxd/default/dhcp-fuzz.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5398,flow_src_total_bytes=300,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5392,flow_src_total_bytes=300,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/diameter.pcap.out b/test/results/influxd/default/diameter.pcap.out
index 39d719929..3a2d89fe2 100644
--- a/test/results/influxd/default/diameter.pcap.out
+++ b/test/results/influxd/default/diameter.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9251,flow_src_total_bytes=1012,flow_dst_total_bytes=644
+general json_lines=11,json_bytes=9245,flow_src_total_bytes=1012,flow_dst_total_bytes=644
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/discord.pcap.out b/test/results/influxd/default/discord.pcap.out
index d59c59eec..49bd34bd0 100644
--- a/test/results/influxd/default/discord.pcap.out
+++ b/test/results/influxd/default/discord.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=316,json_bytes=262135,flow_src_total_bytes=32475,flow_dst_total_bytes=48285
+general json_lines=316,json_bytes=262123,flow_src_total_bytes=32475,flow_dst_total_bytes=48285
 events flow_new_count=34,flow_end_count=0,flow_idle_count=34,flow_update_count=57,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=34,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=149,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=33
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=34,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/discord_mid_flow.pcap.out b/test/results/influxd/default/discord_mid_flow.pcap.out
index 350781736..6e209b1ea 100644
--- a/test/results/influxd/default/discord_mid_flow.pcap.out
+++ b/test/results/influxd/default/discord_mid_flow.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=35,json_bytes=14085,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=35,json_bytes=14079,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=16,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dlep.pcapng.out b/test/results/influxd/default/dlep.pcapng.out
index c09aa4941..dc90731c8 100644
--- a/test/results/influxd/default/dlep.pcapng.out
+++ b/test/results/influxd/default/dlep.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=16,json_bytes=12344,flow_src_total_bytes=106,flow_dst_total_bytes=145
+general json_lines=16,json_bytes=12338,flow_src_total_bytes=106,flow_dst_total_bytes=145
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dlms.pcap.out b/test/results/influxd/default/dlms.pcap.out
index 37fe807a9..ca672e36c 100644
--- a/test/results/influxd/default/dlms.pcap.out
+++ b/test/results/influxd/default/dlms.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=13721,flow_src_total_bytes=2659,flow_dst_total_bytes=32
+general json_lines=20,json_bytes=13713,flow_src_total_bytes=2659,flow_dst_total_bytes=32
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dlt_ppp.pcap.out b/test/results/influxd/default/dlt_ppp.pcap.out
index 3e9d955fe..250f683f4 100644
--- a/test/results/influxd/default/dlt_ppp.pcap.out
+++ b/test/results/influxd/default/dlt_ppp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=4,json_bytes=3446,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=4,json_bytes=3442,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=1,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dnp3.pcap.out b/test/results/influxd/default/dnp3.pcap.out
index 4ba3ffe41..f5c4e095f 100644
--- a/test/results/influxd/default/dnp3.pcap.out
+++ b/test/results/influxd/default/dnp3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=81,json_bytes=64303,flow_src_total_bytes=2559,flow_dst_total_bytes=5229
+general json_lines=81,json_bytes=64283,flow_src_total_bytes=2559,flow_dst_total_bytes=5229
 events flow_new_count=8,flow_end_count=2,flow_idle_count=6,flow_update_count=0,flow_analyse_count=7,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns-exf.pcap.out b/test/results/influxd/default/dns-exf.pcap.out
index 34767ed17..ee4fc12e3 100644
--- a/test/results/influxd/default/dns-exf.pcap.out
+++ b/test/results/influxd/default/dns-exf.pcap.out
@@ -4,7 +4,7 @@ state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=4,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=0,flow_severity_medium=2,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0
diff --git a/test/results/influxd/default/dns-google-nsid.pcapng.out b/test/results/influxd/default/dns-google-nsid.pcapng.out
index 72956258b..d1d5e53b1 100644
--- a/test/results/influxd/default/dns-google-nsid.pcapng.out
+++ b/test/results/influxd/default/dns-google-nsid.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=46,json_bytes=40054,flow_src_total_bytes=368,flow_dst_total_bytes=1054
+general json_lines=46,json_bytes=40046,flow_src_total_bytes=368,flow_dst_total_bytes=1054
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns-invalid-chars.pcap.out b/test/results/influxd/default/dns-invalid-chars.pcap.out
index 9e3b79652..0c49b314b 100644
--- a/test/results/influxd/default/dns-invalid-chars.pcap.out
+++ b/test/results/influxd/default/dns-invalid-chars.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=7436,flow_src_total_bytes=48,flow_dst_total_bytes=64
+general json_lines=9,json_bytes=7430,flow_src_total_bytes=48,flow_dst_total_bytes=64
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns-tunnel-iodine.pcap.out b/test/results/influxd/default/dns-tunnel-iodine.pcap.out
index baf9b2e56..3f0e9d9d8 100644
--- a/test/results/influxd/default/dns-tunnel-iodine.pcap.out
+++ b/test/results/influxd/default/dns-tunnel-iodine.pcap.out
@@ -4,7 +4,7 @@ state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0
diff --git a/test/results/influxd/default/dns.pcap.out b/test/results/influxd/default/dns.pcap.out
index 6302e7db1..8b2ca34d6 100644
--- a/test/results/influxd/default/dns.pcap.out
+++ b/test/results/influxd/default/dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=8601,flow_src_total_bytes=67,flow_dst_total_bytes=33
+general json_lines=14,json_bytes=8593,flow_src_total_bytes=67,flow_dst_total_bytes=33
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns2tcp_tunnel.pcap.out b/test/results/influxd/default/dns2tcp_tunnel.pcap.out
index c5a2b6088..6e2eb4447 100644
--- a/test/results/influxd/default/dns2tcp_tunnel.pcap.out
+++ b/test/results/influxd/default/dns2tcp_tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12336,flow_src_total_bytes=1343,flow_dst_total_bytes=4713
+general json_lines=13,json_bytes=12330,flow_src_total_bytes=1343,flow_dst_total_bytes=4713
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_ambiguous_names.pcap.out b/test/results/influxd/default/dns_ambiguous_names.pcap.out
index 50b9a44cc..1619fc7bc 100644
--- a/test/results/influxd/default/dns_ambiguous_names.pcap.out
+++ b/test/results/influxd/default/dns_ambiguous_names.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=63,json_bytes=55455,flow_src_total_bytes=509,flow_dst_total_bytes=1438
+general json_lines=63,json_bytes=55449,flow_src_total_bytes=509,flow_dst_total_bytes=1438
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=10
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=4,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_doh.pcap.out b/test/results/influxd/default/dns_doh.pcap.out
index fcb99902d..7cc82a9cf 100644
--- a/test/results/influxd/default/dns_doh.pcap.out
+++ b/test/results/influxd/default/dns_doh.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=11807,flow_src_total_bytes=3792,flow_dst_total_bytes=8866
+general json_lines=13,json_bytes=11801,flow_src_total_bytes=3792,flow_dst_total_bytes=8866
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_dot.pcap.out b/test/results/influxd/default/dns_dot.pcap.out
index e520ec95e..f27588afb 100644
--- a/test/results/influxd/default/dns_dot.pcap.out
+++ b/test/results/influxd/default/dns_dot.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10474,flow_src_total_bytes=548,flow_dst_total_bytes=3721
+general json_lines=12,json_bytes=10468,flow_src_total_bytes=548,flow_dst_total_bytes=3721
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_exfiltration.pcap.out b/test/results/influxd/default/dns_exfiltration.pcap.out
index 42dcb0a52..49876abb2 100644
--- a/test/results/influxd/default/dns_exfiltration.pcap.out
+++ b/test/results/influxd/default/dns_exfiltration.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=14279,flow_src_total_bytes=26119,flow_dst_total_bytes=34826
+general json_lines=14,json_bytes=14273,flow_src_total_bytes=26119,flow_dst_total_bytes=34826
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_fragmented.pcap.out b/test/results/influxd/default/dns_fragmented.pcap.out
index 8562eeb45..7638c8991 100644
--- a/test/results/influxd/default/dns_fragmented.pcap.out
+++ b/test/results/influxd/default/dns_fragmented.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=153,json_bytes=146536,flow_src_total_bytes=1207,flow_dst_total_bytes=16654
+general json_lines=153,json_bytes=146526,flow_src_total_bytes=1207,flow_dst_total_bytes=16654
 events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=10,packet_count=7,packet_flow_count=49,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=4,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=3,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=20
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=21,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_invert_query.pcapng.out b/test/results/influxd/default/dns_invert_query.pcapng.out
index 4c26c9b8a..b1ec3a576 100644
--- a/test/results/influxd/default/dns_invert_query.pcapng.out
+++ b/test/results/influxd/default/dns_invert_query.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=5864,flow_src_total_bytes=36,flow_dst_total_bytes=12
+general json_lines=8,json_bytes=5858,flow_src_total_bytes=36,flow_dst_total_bytes=12
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dns_long_domainname.pcap.out b/test/results/influxd/default/dns_long_domainname.pcap.out
index 348c79853..a45ebb0de 100644
--- a/test/results/influxd/default/dns_long_domainname.pcap.out
+++ b/test/results/influxd/default/dns_long_domainname.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=7405,flow_src_total_bytes=61,flow_dst_total_bytes=117
+general json_lines=9,json_bytes=7399,flow_src_total_bytes=61,flow_dst_total_bytes=117
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out
index 26e5c6fe4..38409d0a5 100644
--- a/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/influxd/default/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=1539,json_bytes=1581014,flow_src_total_bytes=244416,flow_dst_total_bytes=44650
+general json_lines=1539,json_bytes=1581006,flow_src_total_bytes=244416,flow_dst_total_bytes=44650
 events flow_new_count=245,flow_end_count=0,flow_idle_count=245,flow_update_count=200,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=245,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=56,packet_flow_count=488,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=56,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=245
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=245,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dnscrypt-v2-doh.pcap.out b/test/results/influxd/default/dnscrypt-v2-doh.pcap.out
index 999405ba6..6dd8c2e5f 100644
--- a/test/results/influxd/default/dnscrypt-v2-doh.pcap.out
+++ b/test/results/influxd/default/dnscrypt-v2-doh.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=309,json_bytes=416409,flow_src_total_bytes=32683,flow_dst_total_bytes=152737
+general json_lines=309,json_bytes=416403,flow_src_total_bytes=32683,flow_dst_total_bytes=152737
 events flow_new_count=34,flow_end_count=0,flow_idle_count=34,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=34,flow_detection_update_count=36,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=168,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=32
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=34,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dnscrypt-v2.pcap.out b/test/results/influxd/default/dnscrypt-v2.pcap.out
index c6d87e6f3..bc37427fd 100644
--- a/test/results/influxd/default/dnscrypt-v2.pcap.out
+++ b/test/results/influxd/default/dnscrypt-v2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=18,json_bytes=18621,flow_src_total_bytes=3264,flow_dst_total_bytes=784
+general json_lines=18,json_bytes=18615,flow_src_total_bytes=3264,flow_dst_total_bytes=784
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out
index eda2f2055..662ab988a 100644
--- a/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/influxd/default/dnscrypt_skype_false_positive.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=11692,flow_src_total_bytes=1536,flow_dst_total_bytes=592
+general json_lines=13,json_bytes=11684,flow_src_total_bytes=1536,flow_dst_total_bytes=592
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/doh.pcapng.out b/test/results/influxd/default/doh.pcapng.out
index a54683ace..cf7558c77 100644
--- a/test/results/influxd/default/doh.pcapng.out
+++ b/test/results/influxd/default/doh.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12229,flow_src_total_bytes=1881,flow_dst_total_bytes=5821
+general json_lines=13,json_bytes=12223,flow_src_total_bytes=1881,flow_dst_total_bytes=5821
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/doq.pcapng.out b/test/results/influxd/default/doq.pcapng.out
index c23f97af4..5f6f75bd2 100644
--- a/test/results/influxd/default/doq.pcapng.out
+++ b/test/results/influxd/default/doq.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=18417,flow_src_total_bytes=2350,flow_dst_total_bytes=2416
+general json_lines=19,json_bytes=18411,flow_src_total_bytes=2350,flow_dst_total_bytes=2416
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/doq_adguard.pcapng.out b/test/results/influxd/default/doq_adguard.pcapng.out
index 8bb13cb06..71d731fae 100644
--- a/test/results/influxd/default/doq_adguard.pcapng.out
+++ b/test/results/influxd/default/doq_adguard.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=16737,flow_src_total_bytes=10308,flow_dst_total_bytes=21705
+general json_lines=12,json_bytes=16731,flow_src_total_bytes=10308,flow_dst_total_bytes=21705
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out b/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out
index a7969594e..b67ec309a 100644
--- a/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/influxd/default/dos_win98_smb_netbeui.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=110,json_bytes=60104,flow_src_total_bytes=5953,flow_dst_total_bytes=0
+general json_lines=110,json_bytes=60098,flow_src_total_bytes=5953,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=8,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=35,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dotenv.pcap.out b/test/results/influxd/default/dotenv.pcap.out
index a7ff1758a..a4b1bf85f 100644
--- a/test/results/influxd/default/dotenv.pcap.out
+++ b/test/results/influxd/default/dotenv.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9465,flow_src_total_bytes=82,flow_dst_total_bytes=231
+general json_lines=12,json_bytes=9475,flow_src_total_bytes=82,flow_dst_total_bytes=231
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/drda_db2.pcap.out b/test/results/influxd/default/drda_db2.pcap.out
index 20ae310e2..8e4065e83 100644
--- a/test/results/influxd/default/drda_db2.pcap.out
+++ b/test/results/influxd/default/drda_db2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9750,flow_src_total_bytes=2081,flow_dst_total_bytes=2542
+general json_lines=12,json_bytes=9744,flow_src_total_bytes=2081,flow_dst_total_bytes=2542
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dropbox.pcap.out b/test/results/influxd/default/dropbox.pcap.out
index 533c0e74c..aa5d9af72 100644
--- a/test/results/influxd/default/dropbox.pcap.out
+++ b/test/results/influxd/default/dropbox.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=132,json_bytes=114246,flow_src_total_bytes=43692,flow_dst_total_bytes=11224
+general json_lines=132,json_bytes=114236,flow_src_total_bytes=43692,flow_dst_total_bytes=11224
 events flow_new_count=15,flow_end_count=0,flow_idle_count=15,flow_update_count=4,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=15,flow_detection_update_count=11,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=63,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=15
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=15,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls.pcap.out b/test/results/influxd/default/dtls.pcap.out
index dac932b21..32a34148d 100644
--- a/test/results/influxd/default/dtls.pcap.out
+++ b/test/results/influxd/default/dtls.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=8227,flow_src_total_bytes=310,flow_dst_total_bytes=0
+general json_lines=9,json_bytes=8221,flow_src_total_bytes=310,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls2.pcap.out b/test/results/influxd/default/dtls2.pcap.out
index 158e1076e..273aca1bc 100644
--- a/test/results/influxd/default/dtls2.pcap.out
+++ b/test/results/influxd/default/dtls2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=17,json_bytes=18040,flow_src_total_bytes=1658,flow_dst_total_bytes=2073
+general json_lines=17,json_bytes=18034,flow_src_total_bytes=1658,flow_dst_total_bytes=2073
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls_certificate.pcapng.out b/test/results/influxd/default/dtls_certificate.pcapng.out
index aa3ba2a0a..db5a024d2 100644
--- a/test/results/influxd/default/dtls_certificate.pcapng.out
+++ b/test/results/influxd/default/dtls_certificate.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=7863,flow_src_total_bytes=1444,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=7857,flow_src_total_bytes=1444,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls_certificate_fragments.pcap.out b/test/results/influxd/default/dtls_certificate_fragments.pcap.out
index c7698b776..26c75761b 100644
--- a/test/results/influxd/default/dtls_certificate_fragments.pcap.out
+++ b/test/results/influxd/default/dtls_certificate_fragments.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=25,json_bytes=30875,flow_src_total_bytes=3051,flow_dst_total_bytes=6050
+general json_lines=25,json_bytes=30867,flow_src_total_bytes=3051,flow_dst_total_bytes=6050
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls_mid_sessions.pcapng.out b/test/results/influxd/default/dtls_mid_sessions.pcapng.out
index 6064c56e5..8ae9ad1ff 100644
--- a/test/results/influxd/default/dtls_mid_sessions.pcapng.out
+++ b/test/results/influxd/default/dtls_mid_sessions.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=31,json_bytes=32984,flow_src_total_bytes=29417,flow_dst_total_bytes=4629
+general json_lines=31,json_bytes=32978,flow_src_total_bytes=29417,flow_dst_total_bytes=4629
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls_old_version.pcapng.out b/test/results/influxd/default/dtls_old_version.pcapng.out
index 9937181ab..08be99f14 100644
--- a/test/results/influxd/default/dtls_old_version.pcapng.out
+++ b/test/results/influxd/default/dtls_old_version.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=11578,flow_src_total_bytes=416,flow_dst_total_bytes=284
+general json_lines=14,json_bytes=11572,flow_src_total_bytes=416,flow_dst_total_bytes=284
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out
index d9b292a04..43d4f1b42 100644
--- a/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/influxd/default/dtls_session_id_and_coockie_both.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9589,flow_src_total_bytes=218,flow_dst_total_bytes=218
+general json_lines=11,json_bytes=9583,flow_src_total_bytes=218,flow_dst_total_bytes=218
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/edonkey.pcap.out b/test/results/influxd/default/edonkey.pcap.out
index 37bf45a78..2c0579a17 100644
--- a/test/results/influxd/default/edonkey.pcap.out
+++ b/test/results/influxd/default/edonkey.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7878,flow_src_total_bytes=248,flow_dst_total_bytes=792
+general json_lines=11,json_bytes=7872,flow_src_total_bytes=248,flow_dst_total_bytes=792
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/elasticsearch.pcap.out b/test/results/influxd/default/elasticsearch.pcap.out
index 57d5863e5..4180a73ca 100644
--- a/test/results/influxd/default/elasticsearch.pcap.out
+++ b/test/results/influxd/default/elasticsearch.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=44,json_bytes=38548,flow_src_total_bytes=8322,flow_dst_total_bytes=1267
+general json_lines=44,json_bytes=38540,flow_src_total_bytes=8322,flow_dst_total_bytes=1267
 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/elf.pcap.out b/test/results/influxd/default/elf.pcap.out
new file mode 100644
index 000000000..79663b919
--- /dev/null
+++ b/test/results/influxd/default/elf.pcap.out
@@ -0,0 +1,11 @@
+general json_lines=16,json_bytes=45104,flow_src_total_bytes=62064,flow_dst_total_bytes=0
+events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=2,flow_state_finished=0
+breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
+category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
+confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
+severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0
+layer4 flow_l4_tcp_count=1,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0
+detection flow_active_count=2,flow_detected_count=0,flow_guessed_count=0,flow_not_detected_count=2
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/emotet.pcap.out b/test/results/influxd/default/emotet.pcap.out
index 1bfdbf697..bc5713d66 100644
--- a/test/results/influxd/default/emotet.pcap.out
+++ b/test/results/influxd/default/emotet.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=60,json_bytes=52881,flow_src_total_bytes=17972,flow_dst_total_bytes=71884
+general json_lines=60,json_bytes=53381,flow_src_total_bytes=17972,flow_dst_total_bytes=71884
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=5
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=5,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=6,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=4,flow_severity_medium=3,flow_severity_high=3,flow_severity_severe=2,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=4,flow_severity_medium=5,flow_severity_high=3,flow_severity_severe=2,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=6,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=6,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=6,flow_detected_count=6,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=2,flow_risk_5_count=0,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=4,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=4,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=2,flow_risk_5_count=0,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=4,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=4,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=2
diff --git a/test/results/influxd/default/encrypted_sni.pcap.out b/test/results/influxd/default/encrypted_sni.pcap.out
index e2297b1a1..5dc30df47 100644
--- a/test/results/influxd/default/encrypted_sni.pcap.out
+++ b/test/results/influxd/default/encrypted_sni.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=15362,flow_src_total_bytes=2148,flow_dst_total_bytes=0
+general json_lines=15,json_bytes=15356,flow_src_total_bytes=2148,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=0
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/epicgames.pcapng.out b/test/results/influxd/default/epicgames.pcapng.out
index e0334fdad..1435973d8 100644
--- a/test/results/influxd/default/epicgames.pcapng.out
+++ b/test/results/influxd/default/epicgames.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=35,json_bytes=24744,flow_src_total_bytes=5959,flow_dst_total_bytes=1825
+general json_lines=35,json_bytes=24738,flow_src_total_bytes=5959,flow_dst_total_bytes=1825
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/esp.pcapng.out b/test/results/influxd/default/esp.pcapng.out
index 6e4d5dc03..8323219a0 100644
--- a/test/results/influxd/default/esp.pcapng.out
+++ b/test/results/influxd/default/esp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=12330,flow_src_total_bytes=834,flow_dst_total_bytes=786
+general json_lines=15,json_bytes=12324,flow_src_total_bytes=834,flow_dst_total_bytes=786
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ethereum.pcap.out b/test/results/influxd/default/ethereum.pcap.out
index 1e9b8e438..6fc8c5c42 100644
--- a/test/results/influxd/default/ethereum.pcap.out
+++ b/test/results/influxd/default/ethereum.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=573,json_bytes=509231,flow_src_total_bytes=43570,flow_dst_total_bytes=43398
+general json_lines=573,json_bytes=509225,flow_src_total_bytes=43570,flow_dst_total_bytes=43398
 events flow_new_count=74,flow_end_count=47,flow_idle_count=27,flow_update_count=0,flow_analyse_count=33,flow_guessed_count=3,flow_detected_count=71,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=315,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=71
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=71,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ethernetIP.pcap.out b/test/results/influxd/default/ethernetIP.pcap.out
index 8532488ce..bb08724b1 100644
--- a/test/results/influxd/default/ethernetIP.pcap.out
+++ b/test/results/influxd/default/ethernetIP.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=35,json_bytes=28701,flow_src_total_bytes=6348,flow_dst_total_bytes=5528
+general json_lines=35,json_bytes=28695,flow_src_total_bytes=6348,flow_dst_total_bytes=5528
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ethersbus.pcap.out b/test/results/influxd/default/ethersbus.pcap.out
index 153b0030d..2ef88d6c5 100644
--- a/test/results/influxd/default/ethersbus.pcap.out
+++ b/test/results/influxd/default/ethersbus.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7314,flow_src_total_bytes=162,flow_dst_total_bytes=230
+general json_lines=11,json_bytes=7308,flow_src_total_bytes=162,flow_dst_total_bytes=230
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ethersio.pcap.out b/test/results/influxd/default/ethersio.pcap.out
index 314b36834..26a85b645 100644
--- a/test/results/influxd/default/ethersio.pcap.out
+++ b/test/results/influxd/default/ethersio.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9680,flow_src_total_bytes=1714,flow_dst_total_bytes=0
+general json_lines=12,json_bytes=9674,flow_src_total_bytes=1714,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/exe_download.pcap.out b/test/results/influxd/default/exe_download.pcap.out
index af6e2babd..b56e5e80e 100644
--- a/test/results/influxd/default/exe_download.pcap.out
+++ b/test/results/influxd/default/exe_download.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9960,flow_src_total_bytes=153,flow_dst_total_bytes=13620
+general json_lines=12,json_bytes=10210,flow_src_total_bytes=153,flow_dst_total_bytes=13620
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
@@ -8,4 +8,4 @@ severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=2,flow_se
 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=1,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=1,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/default/exe_download_as_png.pcap.out b/test/results/influxd/default/exe_download_as_png.pcap.out
index 902492507..0e3c90b4d 100644
--- a/test/results/influxd/default/exe_download_as_png.pcap.out
+++ b/test/results/influxd/default/exe_download_as_png.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12231,flow_src_total_bytes=149,flow_dst_total_bytes=88660
+general json_lines=13,json_bytes=12225,flow_src_total_bytes=149,flow_dst_total_bytes=88660
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/facebook.pcap.out b/test/results/influxd/default/facebook.pcap.out
index 56de8ca4e..f33f73fda 100644
--- a/test/results/influxd/default/facebook.pcap.out
+++ b/test/results/influxd/default/facebook.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=20862,flow_src_total_bytes=2145,flow_dst_total_bytes=24374
+general json_lines=23,json_bytes=20856,flow_src_total_bytes=2145,flow_dst_total_bytes=24374
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fastcgi.pcap.out b/test/results/influxd/default/fastcgi.pcap.out
index 53cc94c09..79d73f2b3 100644
--- a/test/results/influxd/default/fastcgi.pcap.out
+++ b/test/results/influxd/default/fastcgi.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10892,flow_src_total_bytes=1095,flow_dst_total_bytes=64400
+general json_lines=12,json_bytes=10886,flow_src_total_bytes=1095,flow_dst_total_bytes=64400
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fins.pcap.out b/test/results/influxd/default/fins.pcap.out
index 0ff11cb2d..1240713cb 100644
--- a/test/results/influxd/default/fins.pcap.out
+++ b/test/results/influxd/default/fins.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=50,json_bytes=28316,flow_src_total_bytes=6659,flow_dst_total_bytes=252
+general json_lines=50,json_bytes=28308,flow_src_total_bytes=6659,flow_dst_total_bytes=252
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=12,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=12,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/firefox.pcap.out b/test/results/influxd/default/firefox.pcap.out
index 201ea0eb4..a847053a6 100644
--- a/test/results/influxd/default/firefox.pcap.out
+++ b/test/results/influxd/default/firefox.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=57,json_bytes=49168,flow_src_total_bytes=7370,flow_dst_total_bytes=44229
+general json_lines=57,json_bytes=49162,flow_src_total_bytes=7370,flow_dst_total_bytes=44229
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=5,flow_state_finished=1
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fix.pcap.out b/test/results/influxd/default/fix.pcap.out
index e449793a4..046a5a910 100644
--- a/test/results/influxd/default/fix.pcap.out
+++ b/test/results/influxd/default/fix.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=104,json_bytes=80498,flow_src_total_bytes=34736,flow_dst_total_bytes=2850
+general json_lines=104,json_bytes=80492,flow_src_total_bytes=34736,flow_dst_total_bytes=2850
 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=60,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=12
 breed flow_breed_safe_count=12,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fix2.pcap.out b/test/results/influxd/default/fix2.pcap.out
index 17c2f5e3d..582d630fd 100644
--- a/test/results/influxd/default/fix2.pcap.out
+++ b/test/results/influxd/default/fix2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=17079,flow_src_total_bytes=24259,flow_dst_total_bytes=43697
+general json_lines=21,json_bytes=17073,flow_src_total_bytes=24259,flow_dst_total_bytes=43697
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/flute.pcapng.out b/test/results/influxd/default/flute.pcapng.out
index 7e5464ceb..26da738b7 100644
--- a/test/results/influxd/default/flute.pcapng.out
+++ b/test/results/influxd/default/flute.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=8219,flow_src_total_bytes=1179,flow_dst_total_bytes=0
+general json_lines=10,json_bytes=8213,flow_src_total_bytes=1179,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/forticlient.pcap.out b/test/results/influxd/default/forticlient.pcap.out
index c61f9030c..e4d412b84 100644
--- a/test/results/influxd/default/forticlient.pcap.out
+++ b/test/results/influxd/default/forticlient.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=54,json_bytes=53525,flow_src_total_bytes=73125,flow_dst_total_bytes=225634
+general json_lines=54,json_bytes=53519,flow_src_total_bytes=73125,flow_dst_total_bytes=225634
 events flow_new_count=5,flow_end_count=4,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=1
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ftp-start-tls.pcap.out b/test/results/influxd/default/ftp-start-tls.pcap.out
index 3de78ca07..73c95b1a9 100644
--- a/test/results/influxd/default/ftp-start-tls.pcap.out
+++ b/test/results/influxd/default/ftp-start-tls.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=14722,flow_src_total_bytes=856,flow_dst_total_bytes=3834
+general json_lines=15,json_bytes=14716,flow_src_total_bytes=856,flow_dst_total_bytes=3834
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ftp.pcap.out b/test/results/influxd/default/ftp.pcap.out
index 56c22a31a..2b9d6a21b 100644
--- a/test/results/influxd/default/ftp.pcap.out
+++ b/test/results/influxd/default/ftp.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=29,json_bytes=26724,flow_src_total_bytes=174,flow_dst_total_bytes=111534
-events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=2,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+general json_lines=29,json_bytes=26454,flow_src_total_bytes=174,flow_dst_total_bytes=111534
+events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=2,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=2,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=1,flow_severity_medium=1,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=1,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=3,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=3,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=3,flow_detected_count=2,flow_guessed_count=0,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=1,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=1,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=1,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=1,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=1,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/ftp_failed.pcap.out b/test/results/influxd/default/ftp_failed.pcap.out
index c0b40946f..78d2bfe19 100644
--- a/test/results/influxd/default/ftp_failed.pcap.out
+++ b/test/results/influxd/default/ftp_failed.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8112,flow_src_total_bytes=24,flow_dst_total_bytes=112
+general json_lines=11,json_bytes=8106,flow_src_total_bytes=24,flow_dst_total_bytes=112
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out b/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out
index 519d7d630..bd73afdf2 100644
--- a/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/influxd/default/fuzz-2006-06-26-2594.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=2134,json_bytes=1900503,flow_src_total_bytes=44774,flow_dst_total_bytes=16036
+general json_lines=2134,json_bytes=1900493,flow_src_total_bytes=44774,flow_dst_total_bytes=16036
 events flow_new_count=257,flow_end_count=2,flow_idle_count=255,flow_update_count=666,flow_analyse_count=2,flow_guessed_count=27,flow_detected_count=191,flow_detection_update_count=105,flow_not_detected_count=39,flow_risky_count=86,packet_count=79,packet_flow_count=427,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=6,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=37,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=1,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=175,flow_state_finished=82
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=186,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=4,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out
index 595fad997..19121f7e0 100644
--- a/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/influxd/default/fuzz-2006-09-29-28586.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=219,json_bytes=190554,flow_src_total_bytes=14756,flow_dst_total_bytes=10874
+general json_lines=219,json_bytes=190548,flow_src_total_bytes=14756,flow_dst_total_bytes=10874
 events flow_new_count=39,flow_end_count=12,flow_idle_count=27,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=23,flow_detected_count=12,flow_detection_update_count=1,flow_not_detected_count=4,flow_risky_count=11,packet_count=8,packet_flow_count=82,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=2,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=35,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out b/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out
index ce30b1233..0ead718c0 100644
--- a/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/influxd/default/fuzz-2020-02-16-11740.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=615,json_bytes=548029,flow_src_total_bytes=109463,flow_dst_total_bytes=20335
+general json_lines=615,json_bytes=548015,flow_src_total_bytes=109463,flow_dst_total_bytes=20335
 events flow_new_count=79,flow_end_count=0,flow_idle_count=79,flow_update_count=133,flow_analyse_count=1,flow_guessed_count=3,flow_detected_count=57,flow_detection_update_count=0,flow_not_detected_count=19,flow_risky_count=0,packet_count=65,packet_flow_count=107,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=11,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=27,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=27,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=22,flow_state_finished=57
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=57,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
index 5d1c979c4..1dcbed781 100644
--- a/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/influxd/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=3408,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=3402,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=1,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=1,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/fuzz-2021-10-13.pcap.out b/test/results/influxd/default/fuzz-2021-10-13.pcap.out
index d702d17e4..71356932d 100644
--- a/test/results/influxd/default/fuzz-2021-10-13.pcap.out
+++ b/test/results/influxd/default/fuzz-2021-10-13.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=5,json_bytes=2771,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=5,json_bytes=2765,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=1,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out
index 1ced12666..41c8adeda 100644
--- a/test/results/influxd/default/gaijin_mobile_mixed.pcap.out
+++ b/test/results/influxd/default/gaijin_mobile_mixed.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=24840,flow_src_total_bytes=1542,flow_dst_total_bytes=8296
+general json_lines=30,json_bytes=24832,flow_src_total_bytes=1542,flow_dst_total_bytes=8296
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gaijin_warthunder.pcap.out b/test/results/influxd/default/gaijin_warthunder.pcap.out
index 63341fbc9..c1b9db7a1 100644
--- a/test/results/influxd/default/gaijin_warthunder.pcap.out
+++ b/test/results/influxd/default/gaijin_warthunder.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=14243,flow_src_total_bytes=887,flow_dst_total_bytes=58
+general json_lines=19,json_bytes=14237,flow_src_total_bytes=887,flow_dst_total_bytes=58
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gearman.pcap.out b/test/results/influxd/default/gearman.pcap.out
index 34fc33ca2..89cbf3efd 100644
--- a/test/results/influxd/default/gearman.pcap.out
+++ b/test/results/influxd/default/gearman.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7289,flow_src_total_bytes=26,flow_dst_total_bytes=12
+general json_lines=11,json_bytes=7283,flow_src_total_bytes=26,flow_dst_total_bytes=12
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/geforcenow.pcapng.out b/test/results/influxd/default/geforcenow.pcapng.out
index a85edfc5c..f13139dfa 100644
--- a/test/results/influxd/default/geforcenow.pcapng.out
+++ b/test/results/influxd/default/geforcenow.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=27,json_bytes=32033,flow_src_total_bytes=9542,flow_dst_total_bytes=53610
+general json_lines=27,json_bytes=32027,flow_src_total_bytes=9542,flow_dst_total_bytes=53610
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/genshin-impact.pcap.out b/test/results/influxd/default/genshin-impact.pcap.out
index f856ff4cf..fb519b8e0 100644
--- a/test/results/influxd/default/genshin-impact.pcap.out
+++ b/test/results/influxd/default/genshin-impact.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=56,json_bytes=39820,flow_src_total_bytes=8247,flow_dst_total_bytes=5700
+general json_lines=56,json_bytes=39804,flow_src_total_bytes=8247,flow_dst_total_bytes=5700
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/git.pcap.out b/test/results/influxd/default/git.pcap.out
index 1c4c23362..d06f42d4f 100644
--- a/test/results/influxd/default/git.pcap.out
+++ b/test/results/influxd/default/git.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9565,flow_src_total_bytes=605,flow_dst_total_bytes=67444
+general json_lines=12,json_bytes=9559,flow_src_total_bytes=605,flow_dst_total_bytes=67444
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gnutella.pcap.out b/test/results/influxd/default/gnutella.pcap.out
index 0633e1158..6f1d4127c 100644
--- a/test/results/influxd/default/gnutella.pcap.out
+++ b/test/results/influxd/default/gnutella.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=6866,json_bytes=5752913,flow_src_total_bytes=149308,flow_dst_total_bytes=234286
+general json_lines=6866,json_bytes=5753419,flow_src_total_bytes=149308,flow_dst_total_bytes=234286
 events flow_new_count=801,flow_end_count=66,flow_idle_count=735,flow_update_count=2519,flow_analyse_count=6,flow_guessed_count=1,flow_detected_count=401,flow_detection_update_count=5,flow_not_detected_count=399,flow_risky_count=359,packet_count=1,packet_flow_count=1928,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=1,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=405,flow_state_finished=396
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=42,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=356,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
@@ -8,4 +8,4 @@ severity flow_severity_low=362,flow_severity_medium=8,flow_severity_high=0,flow_
 layer3 flow_l3_ip4_count=787,flow_l3_ip6_count=14,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=137,flow_l4_udp_count=653,flow_l4_icmp_count=5,flow_l4_other_count=6
 detection flow_active_count=801,flow_detected_count=401,flow_guessed_count=1,flow_not_detected_count=399
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=7,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=1,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=5,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=360,flow_risk_23_count=0,flow_risk_24_count=2,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=7,flow_risk_6_count=1,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=1,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=5,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=2,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=360,flow_risk_23_count=0,flow_risk_24_count=2,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=2
diff --git a/test/results/influxd/default/google_chat.pcapng.out b/test/results/influxd/default/google_chat.pcapng.out
index 66b8c11eb..226f91c40 100644
--- a/test/results/influxd/default/google_chat.pcapng.out
+++ b/test/results/influxd/default/google_chat.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9887,flow_src_total_bytes=663,flow_dst_total_bytes=2800
+general json_lines=12,json_bytes=9881,flow_src_total_bytes=663,flow_dst_total_bytes=2800
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/google_meet.pcapng.out b/test/results/influxd/default/google_meet.pcapng.out
index 5484b1aeb..dafb9d2a4 100644
--- a/test/results/influxd/default/google_meet.pcapng.out
+++ b/test/results/influxd/default/google_meet.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=22246,flow_src_total_bytes=1824,flow_dst_total_bytes=6400
+general json_lines=20,json_bytes=22240,flow_src_total_bytes=1824,flow_dst_total_bytes=6400
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/google_ssl.pcap.out b/test/results/influxd/default/google_ssl.pcap.out
index 8155de817..deed4e798 100644
--- a/test/results/influxd/default/google_ssl.pcap.out
+++ b/test/results/influxd/default/google_ssl.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7280,flow_src_total_bytes=644,flow_dst_total_bytes=6924
+general json_lines=11,json_bytes=7274,flow_src_total_bytes=644,flow_dst_total_bytes=6924
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/googledns_android10.pcap.out b/test/results/influxd/default/googledns_android10.pcap.out
index 5e9565331..b275691ed 100644
--- a/test/results/influxd/default/googledns_android10.pcap.out
+++ b/test/results/influxd/default/googledns_android10.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=77,json_bytes=70746,flow_src_total_bytes=21058,flow_dst_total_bytes=76784
+general json_lines=77,json_bytes=70740,flow_src_total_bytes=21058,flow_dst_total_bytes=76784
 events flow_new_count=8,flow_end_count=6,flow_idle_count=2,flow_update_count=2,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=6,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=36,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gquic.pcap.out b/test/results/influxd/default/gquic.pcap.out
index 65016e81e..535b5cd40 100644
--- a/test/results/influxd/default/gquic.pcap.out
+++ b/test/results/influxd/default/gquic.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=7048,flow_src_total_bytes=1350,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=7042,flow_src_total_bytes=1350,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gquic_only_from_server.pcap.out b/test/results/influxd/default/gquic_only_from_server.pcap.out
index a01c4a1d3..a84328604 100644
--- a/test/results/influxd/default/gquic_only_from_server.pcap.out
+++ b/test/results/influxd/default/gquic_only_from_server.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14745,flow_src_total_bytes=38360,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=14739,flow_src_total_bytes=38360,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gre.pcapng.out b/test/results/influxd/default/gre.pcapng.out
index 3099625c5..631d5f57c 100644
--- a/test/results/influxd/default/gre.pcapng.out
+++ b/test/results/influxd/default/gre.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5416,flow_src_total_bytes=346,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5410,flow_src_total_bytes=346,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gtp_c.pcap.out b/test/results/influxd/default/gtp_c.pcap.out
index 7bfd5af8d..c7e9668d7 100644
--- a/test/results/influxd/default/gtp_c.pcap.out
+++ b/test/results/influxd/default/gtp_c.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=7318,flow_src_total_bytes=281,flow_dst_total_bytes=235
+general json_lines=10,json_bytes=7312,flow_src_total_bytes=281,flow_dst_total_bytes=235
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gtp_false_positive.pcapng.out b/test/results/influxd/default/gtp_false_positive.pcapng.out
index 8b0f23611..3c30cf939 100644
--- a/test/results/influxd/default/gtp_false_positive.pcapng.out
+++ b/test/results/influxd/default/gtp_false_positive.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=22,json_bytes=16450,flow_src_total_bytes=552,flow_dst_total_bytes=0
+general json_lines=22,json_bytes=16440,flow_src_total_bytes=552,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/gtp_prime.pcapng.out b/test/results/influxd/default/gtp_prime.pcapng.out
index eb2041b1a..908e7ebdf 100644
--- a/test/results/influxd/default/gtp_prime.pcapng.out
+++ b/test/results/influxd/default/gtp_prime.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=5,json_bytes=2880,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=5,json_bytes=2874,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=1,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/h323-overflow.pcap.out b/test/results/influxd/default/h323-overflow.pcap.out
index eb0999072..119df191d 100644
--- a/test/results/influxd/default/h323-overflow.pcap.out
+++ b/test/results/influxd/default/h323-overflow.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5058,flow_src_total_bytes=4,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5052,flow_src_total_bytes=4,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/h323.pcap.out b/test/results/influxd/default/h323.pcap.out
index 6727be143..91338c1d6 100644
--- a/test/results/influxd/default/h323.pcap.out
+++ b/test/results/influxd/default/h323.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=16,json_bytes=12122,flow_src_total_bytes=692,flow_dst_total_bytes=605
+general json_lines=16,json_bytes=12116,flow_src_total_bytes=692,flow_dst_total_bytes=605
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/h323_tcp.pcap.out b/test/results/influxd/default/h323_tcp.pcap.out
index bbd5fa2a9..8367870d0 100644
--- a/test/results/influxd/default/h323_tcp.pcap.out
+++ b/test/results/influxd/default/h323_tcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7547,flow_src_total_bytes=225,flow_dst_total_bytes=160
+general json_lines=11,json_bytes=7541,flow_src_total_bytes=225,flow_dst_total_bytes=160
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/haproxy.pcap.out b/test/results/influxd/default/haproxy.pcap.out
index 5ab6a47f1..df6b7c63f 100644
--- a/test/results/influxd/default/haproxy.pcap.out
+++ b/test/results/influxd/default/haproxy.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5481,flow_src_total_bytes=309,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5475,flow_src_total_bytes=309,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hart_ip.pcap.out b/test/results/influxd/default/hart_ip.pcap.out
index 59f374f82..ad7d4a3c9 100644
--- a/test/results/influxd/default/hart_ip.pcap.out
+++ b/test/results/influxd/default/hart_ip.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=24,json_bytes=18169,flow_src_total_bytes=581,flow_dst_total_bytes=555
+general json_lines=24,json_bytes=18163,flow_src_total_bytes=581,flow_dst_total_bytes=555
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out
index 794017364..689e91241 100644
--- a/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out
+++ b/test/results/influxd/default/heuristic_tcp_ack_payload.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=57,json_bytes=45401,flow_src_total_bytes=14860,flow_dst_total_bytes=81741
+general json_lines=57,json_bytes=45391,flow_src_total_bytes=14860,flow_dst_total_bytes=81741
 events flow_new_count=6,flow_end_count=5,flow_idle_count=1,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=6,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hislip.pcap.out b/test/results/influxd/default/hislip.pcap.out
index 6420c60c5..76281a19f 100644
--- a/test/results/influxd/default/hislip.pcap.out
+++ b/test/results/influxd/default/hislip.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=39,json_bytes=32630,flow_src_total_bytes=830,flow_dst_total_bytes=1033
+general json_lines=39,json_bytes=32624,flow_src_total_bytes=830,flow_dst_total_bytes=1033
 events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hl7.pcap.out b/test/results/influxd/default/hl7.pcap.out
index 55214d544..cb5e79e6e 100644
--- a/test/results/influxd/default/hl7.pcap.out
+++ b/test/results/influxd/default/hl7.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8328,flow_src_total_bytes=477,flow_dst_total_bytes=168
+general json_lines=11,json_bytes=8322,flow_src_total_bytes=477,flow_dst_total_bytes=168
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hots.pcapng.out b/test/results/influxd/default/hots.pcapng.out
index 611b8561a..0e92c8775 100644
--- a/test/results/influxd/default/hots.pcapng.out
+++ b/test/results/influxd/default/hots.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=32,json_bytes=25608,flow_src_total_bytes=5321,flow_dst_total_bytes=624
+general json_lines=32,json_bytes=25598,flow_src_total_bytes=5321,flow_dst_total_bytes=624
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=1,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hpvirtgrp.pcap.out b/test/results/influxd/default/hpvirtgrp.pcap.out
index 8b79827c5..efa234bca 100644
--- a/test/results/influxd/default/hpvirtgrp.pcap.out
+++ b/test/results/influxd/default/hpvirtgrp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=82,json_bytes=57222,flow_src_total_bytes=3797,flow_dst_total_bytes=1308
+general json_lines=82,json_bytes=57202,flow_src_total_bytes=3797,flow_dst_total_bytes=1308
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=9
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hsrp0.pcap.out b/test/results/influxd/default/hsrp0.pcap.out
index 02529248e..c8b7019e3 100644
--- a/test/results/influxd/default/hsrp0.pcap.out
+++ b/test/results/influxd/default/hsrp0.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=14756,flow_src_total_bytes=80,flow_dst_total_bytes=0
+general json_lines=19,json_bytes=14750,flow_src_total_bytes=80,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hsrp2.pcap.out b/test/results/influxd/default/hsrp2.pcap.out
index 590280f8e..4d2510fe4 100644
--- a/test/results/influxd/default/hsrp2.pcap.out
+++ b/test/results/influxd/default/hsrp2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8394,flow_src_total_bytes=104,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=8388,flow_src_total_bytes=104,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/hsrp2_ipv6.pcapng.out b/test/results/influxd/default/hsrp2_ipv6.pcapng.out
index efdcb5e23..54778cf99 100644
--- a/test/results/influxd/default/hsrp2_ipv6.pcapng.out
+++ b/test/results/influxd/default/hsrp2_ipv6.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=18281,flow_src_total_bytes=1998,flow_dst_total_bytes=0
+general json_lines=23,json_bytes=18275,flow_src_total_bytes=1998,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=4,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http-crash-content-disposition.pcap.out b/test/results/influxd/default/http-crash-content-disposition.pcap.out
index bf2c65e7d..089c86030 100644
--- a/test/results/influxd/default/http-crash-content-disposition.pcap.out
+++ b/test/results/influxd/default/http-crash-content-disposition.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8328,flow_src_total_bytes=475,flow_dst_total_bytes=2369
+general json_lines=11,json_bytes=8322,flow_src_total_bytes=475,flow_dst_total_bytes=2369
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http-lines-split.pcap.out b/test/results/influxd/default/http-lines-split.pcap.out
index ee6b35ffb..8f109d38b 100644
--- a/test/results/influxd/default/http-lines-split.pcap.out
+++ b/test/results/influxd/default/http-lines-split.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9070,flow_src_total_bytes=67,flow_dst_total_bytes=1632
+general json_lines=12,json_bytes=9064,flow_src_total_bytes=67,flow_dst_total_bytes=1632
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http-manipulated.pcap.out b/test/results/influxd/default/http-manipulated.pcap.out
index ad61cfb2e..75a2b8772 100644
--- a/test/results/influxd/default/http-manipulated.pcap.out
+++ b/test/results/influxd/default/http-manipulated.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=14920,flow_src_total_bytes=797,flow_dst_total_bytes=42034
+general json_lines=20,json_bytes=14912,flow_src_total_bytes=797,flow_dst_total_bytes=42034
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http-proxy.pcapng.out b/test/results/influxd/default/http-proxy.pcapng.out
index 47aeedd7e..9b3026bf9 100644
--- a/test/results/influxd/default/http-proxy.pcapng.out
+++ b/test/results/influxd/default/http-proxy.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7933,flow_src_total_bytes=294,flow_dst_total_bytes=716
+general json_lines=11,json_bytes=7927,flow_src_total_bytes=294,flow_dst_total_bytes=716
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http.pcapng.out b/test/results/influxd/default/http.pcapng.out
index c30a65709..69fddeba7 100644
--- a/test/results/influxd/default/http.pcapng.out
+++ b/test/results/influxd/default/http.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7551,flow_src_total_bytes=74,flow_dst_total_bytes=528
+general json_lines=11,json_bytes=7545,flow_src_total_bytes=74,flow_dst_total_bytes=528
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http2.pcapng.out b/test/results/influxd/default/http2.pcapng.out
index 3a2edcf53..337918982 100644
--- a/test/results/influxd/default/http2.pcapng.out
+++ b/test/results/influxd/default/http2.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7817,flow_src_total_bytes=319,flow_dst_total_bytes=272
+general json_lines=11,json_bytes=7811,flow_src_total_bytes=319,flow_dst_total_bytes=272
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_asymmetric.pcapng.out b/test/results/influxd/default/http_asymmetric.pcapng.out
index 6f8d1d4de..3d76480a9 100644
--- a/test/results/influxd/default/http_asymmetric.pcapng.out
+++ b/test/results/influxd/default/http_asymmetric.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=20864,flow_src_total_bytes=8665,flow_dst_total_bytes=0
+general json_lines=20,json_bytes=20858,flow_src_total_bytes=8665,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_auth.pcap.out b/test/results/influxd/default/http_auth.pcap.out
index 6187ce251..89c6476b0 100644
--- a/test/results/influxd/default/http_auth.pcap.out
+++ b/test/results/influxd/default/http_auth.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12880,flow_src_total_bytes=739,flow_dst_total_bytes=17637
+general json_lines=13,json_bytes=12874,flow_src_total_bytes=739,flow_dst_total_bytes=17637
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_connect.pcap.out b/test/results/influxd/default/http_connect.pcap.out
index 4bcaac04c..214ac7df8 100644
--- a/test/results/influxd/default/http_connect.pcap.out
+++ b/test/results/influxd/default/http_connect.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=24967,flow_src_total_bytes=3644,flow_dst_total_bytes=53729
+general json_lines=28,json_bytes=24961,flow_src_total_bytes=3644,flow_dst_total_bytes=53729
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out b/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out
index 4f07c164b..24f5d0940 100644
--- a/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out
+++ b/test/results/influxd/default/http_guessed_host_and_guessed.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5537,flow_src_total_bytes=49,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5531,flow_src_total_bytes=49,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_invalid_server.pcap.out b/test/results/influxd/default/http_invalid_server.pcap.out
index 116487ec0..041606564 100644
--- a/test/results/influxd/default/http_invalid_server.pcap.out
+++ b/test/results/influxd/default/http_invalid_server.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9413,flow_src_total_bytes=82,flow_dst_total_bytes=407
+general json_lines=12,json_bytes=9407,flow_src_total_bytes=82,flow_dst_total_bytes=407
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_ipv6.pcap.out b/test/results/influxd/default/http_ipv6.pcap.out
index d10a35218..0fd0c3691 100644
--- a/test/results/influxd/default/http_ipv6.pcap.out
+++ b/test/results/influxd/default/http_ipv6.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=117,json_bytes=105893,flow_src_total_bytes=10659,flow_dst_total_bytes=40534
+general json_lines=117,json_bytes=106005,flow_src_total_bytes=10659,flow_dst_total_bytes=40534
 events flow_new_count=15,flow_end_count=3,flow_idle_count=12,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=7,flow_detected_count=8,flow_detection_update_count=13,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=55,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=13,flow_state_finished=2
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=1,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_on_sip_port.pcap.out b/test/results/influxd/default/http_on_sip_port.pcap.out
index 85b13bc09..b3278bc12 100644
--- a/test/results/influxd/default/http_on_sip_port.pcap.out
+++ b/test/results/influxd/default/http_on_sip_port.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=11319,flow_src_total_bytes=223,flow_dst_total_bytes=1360
+general json_lines=11,json_bytes=11313,flow_src_total_bytes=223,flow_dst_total_bytes=1360
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_origin_different_than_host.pcap.out b/test/results/influxd/default/http_origin_different_than_host.pcap.out
index d730232c3..6f966e288 100644
--- a/test/results/influxd/default/http_origin_different_than_host.pcap.out
+++ b/test/results/influxd/default/http_origin_different_than_host.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=6192,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=6186,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=4,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=4,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_starting_with_reply.pcapng.out b/test/results/influxd/default/http_starting_with_reply.pcapng.out
index 1af745944..ca0590863 100644
--- a/test/results/influxd/default/http_starting_with_reply.pcapng.out
+++ b/test/results/influxd/default/http_starting_with_reply.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16346,flow_src_total_bytes=7613,flow_dst_total_bytes=688
+general json_lines=14,json_bytes=16340,flow_src_total_bytes=7613,flow_dst_total_bytes=688
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out
index cbcf58f55..0b419727a 100644
--- a/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out
+++ b/test/results/influxd/default/http_ua_splitted_in_two_pkts.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=13340,flow_src_total_bytes=62424,flow_dst_total_bytes=6280
+general json_lines=13,json_bytes=13334,flow_src_total_bytes=62424,flow_dst_total_bytes=6280
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/i3d.pcap.out b/test/results/influxd/default/i3d.pcap.out
index 6b3490d03..68d2b9241 100644
--- a/test/results/influxd/default/i3d.pcap.out
+++ b/test/results/influxd/default/i3d.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=37,json_bytes=33186,flow_src_total_bytes=33668,flow_dst_total_bytes=304
+general json_lines=37,json_bytes=33176,flow_src_total_bytes=33668,flow_dst_total_bytes=304
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/iax.pcap.out b/test/results/influxd/default/iax.pcap.out
index 45ac3fe31..5d889eddc 100644
--- a/test/results/influxd/default/iax.pcap.out
+++ b/test/results/influxd/default/iax.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9447,flow_src_total_bytes=4046,flow_dst_total_bytes=3008
+general json_lines=12,json_bytes=9441,flow_src_total_bytes=4046,flow_dst_total_bytes=3008
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/icmp-tunnel.pcap.out b/test/results/influxd/default/icmp-tunnel.pcap.out
index 42855405a..e001147dd 100644
--- a/test/results/influxd/default/icmp-tunnel.pcap.out
+++ b/test/results/influxd/default/icmp-tunnel.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=39,json_bytes=39278,flow_src_total_bytes=83334,flow_dst_total_bytes=78134
+general json_lines=39,json_bytes=39270,flow_src_total_bytes=83334,flow_dst_total_bytes=78134
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=26,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/iec60780-5-104.pcap.out b/test/results/influxd/default/iec60780-5-104.pcap.out
index 4b5423ffd..b4eef3f80 100644
--- a/test/results/influxd/default/iec60780-5-104.pcap.out
+++ b/test/results/influxd/default/iec60780-5-104.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=53,json_bytes=37842,flow_src_total_bytes=413,flow_dst_total_bytes=335
+general json_lines=53,json_bytes=37834,flow_src_total_bytes=413,flow_dst_total_bytes=335
 events flow_new_count=6,flow_end_count=6,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ieee_c37118.pcap.out b/test/results/influxd/default/ieee_c37118.pcap.out
index 56ab92fc8..159cdf542 100644
--- a/test/results/influxd/default/ieee_c37118.pcap.out
+++ b/test/results/influxd/default/ieee_c37118.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=22,json_bytes=18472,flow_src_total_bytes=126,flow_dst_total_bytes=31204
+general json_lines=22,json_bytes=18464,flow_src_total_bytes=126,flow_dst_total_bytes=31204
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/imap-starttls.pcap.out b/test/results/influxd/default/imap-starttls.pcap.out
index da4cd7589..7cffdadfb 100644
--- a/test/results/influxd/default/imap-starttls.pcap.out
+++ b/test/results/influxd/default/imap-starttls.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=14697,flow_src_total_bytes=540,flow_dst_total_bytes=5653
+general json_lines=15,json_bytes=14691,flow_src_total_bytes=540,flow_dst_total_bytes=5653
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/imap.pcap.out b/test/results/influxd/default/imap.pcap.out
index bedfe6121..cc6cb5194 100644
--- a/test/results/influxd/default/imap.pcap.out
+++ b/test/results/influxd/default/imap.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10232,flow_src_total_bytes=179,flow_dst_total_bytes=1401
+general json_lines=12,json_bytes=10226,flow_src_total_bytes=179,flow_dst_total_bytes=1401
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/imaps.pcap.out b/test/results/influxd/default/imaps.pcap.out
index 21b7a88c5..ec6086131 100644
--- a/test/results/influxd/default/imaps.pcap.out
+++ b/test/results/influxd/default/imaps.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=18231,flow_src_total_bytes=1582,flow_dst_total_bytes=6084
+general json_lines=23,json_bytes=18223,flow_src_total_bytes=1582,flow_dst_total_bytes=6084
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/imo.pcap.out b/test/results/influxd/default/imo.pcap.out
index 663619f2c..9f12f6f45 100644
--- a/test/results/influxd/default/imo.pcap.out
+++ b/test/results/influxd/default/imo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=19512,flow_src_total_bytes=18943,flow_dst_total_bytes=12237
+general json_lines=21,json_bytes=19506,flow_src_total_bytes=18943,flow_dst_total_bytes=12237
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/instagram.pcap.out b/test/results/influxd/default/instagram.pcap.out
index 2a7eac6b6..eeb52856d 100644
--- a/test/results/influxd/default/instagram.pcap.out
+++ b/test/results/influxd/default/instagram.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=299,json_bytes=319254,flow_src_total_bytes=116573,flow_dst_total_bytes=413697
+general json_lines=299,json_bytes=319718,flow_src_total_bytes=116573,flow_dst_total_bytes=413697
 events flow_new_count=38,flow_end_count=6,flow_idle_count=32,flow_update_count=4,flow_analyse_count=9,flow_guessed_count=7,flow_detected_count=30,flow_detection_update_count=18,flow_not_detected_count=1,flow_risky_count=5,packet_count=0,packet_flow_count=150,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=23,flow_state_finished=15
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=3,flow_breed_fun_count=22,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ip_fragmented_garbage.pcap.out b/test/results/influxd/default/ip_fragmented_garbage.pcap.out
index 197bae2a0..5e3900034 100644
--- a/test/results/influxd/default/ip_fragmented_garbage.pcap.out
+++ b/test/results/influxd/default/ip_fragmented_garbage.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=51,json_bytes=25523,flow_src_total_bytes=8,flow_dst_total_bytes=0
+general json_lines=51,json_bytes=25517,flow_src_total_bytes=8,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=4,flow_risky_count=0,packet_count=16,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=16,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/iphone.pcap.out b/test/results/influxd/default/iphone.pcap.out
index b9966c362..bc4b49e6e 100644
--- a/test/results/influxd/default/iphone.pcap.out
+++ b/test/results/influxd/default/iphone.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=356,json_bytes=323613,flow_src_total_bytes=99351,flow_dst_total_bytes=91009
+general json_lines=356,json_bytes=323607,flow_src_total_bytes=99351,flow_dst_total_bytes=91009
 events flow_new_count=51,flow_end_count=3,flow_idle_count=48,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=1,flow_detected_count=50,flow_detection_update_count=40,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=156,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=11,flow_state_finished=40
 breed flow_breed_safe_count=17,flow_breed_acceptable_count=24,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ipp.pcap.out b/test/results/influxd/default/ipp.pcap.out
index ecaa4cf3b..0a1e6342a 100644
--- a/test/results/influxd/default/ipp.pcap.out
+++ b/test/results/influxd/default/ipp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=24124,flow_src_total_bytes=228781,flow_dst_total_bytes=1443
+general json_lines=28,json_bytes=24118,flow_src_total_bytes=228781,flow_dst_total_bytes=1443
 events flow_new_count=3,flow_end_count=3,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ipsec_isakmp_esp.pcap.out b/test/results/influxd/default/ipsec_isakmp_esp.pcap.out
index b6e5024e9..43a6d4b1d 100644
--- a/test/results/influxd/default/ipsec_isakmp_esp.pcap.out
+++ b/test/results/influxd/default/ipsec_isakmp_esp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=321,json_bytes=314822,flow_src_total_bytes=271448,flow_dst_total_bytes=145246
+general json_lines=321,json_bytes=314796,flow_src_total_bytes=271448,flow_dst_total_bytes=145246
 events flow_new_count=36,flow_end_count=0,flow_idle_count=36,flow_update_count=20,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=36,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=174,init_count=1,reconnect_count=0,shutdown_count=1,status_count=11,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=36
 breed flow_breed_safe_count=36,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ipv6_in_gtp.pcap.out b/test/results/influxd/default/ipv6_in_gtp.pcap.out
index fe67e4e54..4c419bc02 100644
--- a/test/results/influxd/default/ipv6_in_gtp.pcap.out
+++ b/test/results/influxd/default/ipv6_in_gtp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=4164,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=8,json_bytes=4156,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/irc.pcap.out b/test/results/influxd/default/irc.pcap.out
index dea661e0f..5787a876a 100644
--- a/test/results/influxd/default/irc.pcap.out
+++ b/test/results/influxd/default/irc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8026,flow_src_total_bytes=114,flow_dst_total_bytes=6901
+general json_lines=11,json_bytes=8020,flow_src_total_bytes=114,flow_dst_total_bytes=6901
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/iso9506-1-mms.pcap.out b/test/results/influxd/default/iso9506-1-mms.pcap.out
index 49dc66947..50e555e48 100644
--- a/test/results/influxd/default/iso9506-1-mms.pcap.out
+++ b/test/results/influxd/default/iso9506-1-mms.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7388,flow_src_total_bytes=374,flow_dst_total_bytes=283
+general json_lines=11,json_bytes=7382,flow_src_total_bytes=374,flow_dst_total_bytes=283
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out
index 5a227d97e..9cfa1688d 100644
--- a/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/influxd/default/ja3_lots_of_cipher_suites.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=25,json_bytes=15871,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=25,json_bytes=15865,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=11,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=11,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
index 51894c151..c7d12ad84 100644
--- a/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/influxd/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=37,json_bytes=22385,flow_src_total_bytes=2974,flow_dst_total_bytes=2858
+general json_lines=37,json_bytes=22379,flow_src_total_bytes=2974,flow_dst_total_bytes=2858
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=13,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=13,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/jabber.pcap.out b/test/results/influxd/default/jabber.pcap.out
index fe6d8ace0..038d97661 100644
--- a/test/results/influxd/default/jabber.pcap.out
+++ b/test/results/influxd/default/jabber.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=110,json_bytes=81357,flow_src_total_bytes=11121,flow_dst_total_bytes=27335
+general json_lines=110,json_bytes=81335,flow_src_total_bytes=11121,flow_dst_total_bytes=27335
 events flow_new_count=12,flow_end_count=3,flow_idle_count=9,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=60,init_count=1,reconnect_count=0,shutdown_count=1,status_count=9,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=12
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/jsonrpc.pcap.out b/test/results/influxd/default/jsonrpc.pcap.out
index 02ae8881b..282556d11 100644
--- a/test/results/influxd/default/jsonrpc.pcap.out
+++ b/test/results/influxd/default/jsonrpc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=16294,flow_src_total_bytes=1176,flow_dst_total_bytes=615
+general json_lines=20,json_bytes=16288,flow_src_total_bytes=1176,flow_dst_total_bytes=615
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kafka.pcapng.out b/test/results/influxd/default/kafka.pcapng.out
index 1f9d3d466..d4c844669 100644
--- a/test/results/influxd/default/kafka.pcapng.out
+++ b/test/results/influxd/default/kafka.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7390,flow_src_total_bytes=307,flow_dst_total_bytes=660
+general json_lines=11,json_bytes=7388,flow_src_total_bytes=307,flow_dst_total_bytes=660
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kcp.pcap.out b/test/results/influxd/default/kcp.pcap.out
index 2eeb84c10..a793c8864 100644
--- a/test/results/influxd/default/kcp.pcap.out
+++ b/test/results/influxd/default/kcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=36,json_bytes=46199,flow_src_total_bytes=28368,flow_dst_total_bytes=4816
+general json_lines=36,json_bytes=46193,flow_src_total_bytes=28368,flow_dst_total_bytes=4816
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kerberos-error.pcap.out b/test/results/influxd/default/kerberos-error.pcap.out
index 215eaed5c..ac2519a78 100644
--- a/test/results/influxd/default/kerberos-error.pcap.out
+++ b/test/results/influxd/default/kerberos-error.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=6282,flow_src_total_bytes=287,flow_dst_total_bytes=102
+general json_lines=8,json_bytes=6276,flow_src_total_bytes=287,flow_dst_total_bytes=102
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kerberos-login.pcap.out b/test/results/influxd/default/kerberos-login.pcap.out
index 6939828a8..eafe16776 100644
--- a/test/results/influxd/default/kerberos-login.pcap.out
+++ b/test/results/influxd/default/kerberos-login.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=80,json_bytes=101255,flow_src_total_bytes=17733,flow_dst_total_bytes=17509
+general json_lines=80,json_bytes=101247,flow_src_total_bytes=17733,flow_dst_total_bytes=17509
 events flow_new_count=13,flow_end_count=1,flow_idle_count=12,flow_update_count=7,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kerberos.pcap.out b/test/results/influxd/default/kerberos.pcap.out
index f62f31dbb..3b359b7ba 100644
--- a/test/results/influxd/default/kerberos.pcap.out
+++ b/test/results/influxd/default/kerberos.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=190,json_bytes=172997,flow_src_total_bytes=13668,flow_dst_total_bytes=10465
+general json_lines=190,json_bytes=174525,flow_src_total_bytes=13668,flow_dst_total_bytes=10465
 events flow_new_count=36,flow_end_count=0,flow_idle_count=36,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=23,flow_detected_count=11,flow_detection_update_count=3,flow_not_detected_count=2,flow_risky_count=0,packet_count=0,packet_flow_count=76,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=29,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kerberos_fuzz.pcapng.out b/test/results/influxd/default/kerberos_fuzz.pcapng.out
index 74ed36077..f0a5696f8 100644
--- a/test/results/influxd/default/kerberos_fuzz.pcapng.out
+++ b/test/results/influxd/default/kerberos_fuzz.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5589,flow_src_total_bytes=260,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5583,flow_src_total_bytes=260,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kismet.pcap.out b/test/results/influxd/default/kismet.pcap.out
index ef8659055..b8e3aec7d 100644
--- a/test/results/influxd/default/kismet.pcap.out
+++ b/test/results/influxd/default/kismet.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9764,flow_src_total_bytes=1045,flow_dst_total_bytes=1912
+general json_lines=12,json_bytes=9758,flow_src_total_bytes=1045,flow_dst_total_bytes=1912
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/kontiki.pcap.out b/test/results/influxd/default/kontiki.pcap.out
index 5215b70bd..b8b6a89ed 100644
--- a/test/results/influxd/default/kontiki.pcap.out
+++ b/test/results/influxd/default/kontiki.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=48,json_bytes=38397,flow_src_total_bytes=2261,flow_dst_total_bytes=33151
+general json_lines=48,json_bytes=38509,flow_src_total_bytes=2261,flow_dst_total_bytes=33151
 events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=2,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=2,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/line.pcap.out b/test/results/influxd/default/line.pcap.out
index c9acf3860..cf247194c 100644
--- a/test/results/influxd/default/line.pcap.out
+++ b/test/results/influxd/default/line.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=51,json_bytes=52145,flow_src_total_bytes=25568,flow_dst_total_bytes=23936
+general json_lines=51,json_bytes=52137,flow_src_total_bytes=25568,flow_dst_total_bytes=23936
 events flow_new_count=5,flow_end_count=1,flow_idle_count=4,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/linecall_falsepositve.pcap.out b/test/results/influxd/default/linecall_falsepositve.pcap.out
index 81ae5176e..1f9022fc5 100644
--- a/test/results/influxd/default/linecall_falsepositve.pcap.out
+++ b/test/results/influxd/default/linecall_falsepositve.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=67,json_bytes=39115,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=67,json_bytes=39109,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=32,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/lisp_registration.pcap.out b/test/results/influxd/default/lisp_registration.pcap.out
index 6e757fe97..03db581b6 100644
--- a/test/results/influxd/default/lisp_registration.pcap.out
+++ b/test/results/influxd/default/lisp_registration.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=35,json_bytes=26539,flow_src_total_bytes=1976,flow_dst_total_bytes=1814
+general json_lines=35,json_bytes=26533,flow_src_total_bytes=1976,flow_dst_total_bytes=1814
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/log4j-webapp-exploit.pcap.out b/test/results/influxd/default/log4j-webapp-exploit.pcap.out
index 8972f4976..6e679d23d 100644
--- a/test/results/influxd/default/log4j-webapp-exploit.pcap.out
+++ b/test/results/influxd/default/log4j-webapp-exploit.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=67,json_bytes=51205,flow_src_total_bytes=2128,flow_dst_total_bytes=3702
+general json_lines=67,json_bytes=51199,flow_src_total_bytes=2128,flow_dst_total_bytes=3702
 events flow_new_count=7,flow_end_count=6,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=2,flow_not_detected_count=2,flow_risky_count=5,packet_count=4,packet_flow_count=32,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=4,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/lol_wild_rift_udp.pcap.out b/test/results/influxd/default/lol_wild_rift_udp.pcap.out
index 1c50df557..866a27dc0 100644
--- a/test/results/influxd/default/lol_wild_rift_udp.pcap.out
+++ b/test/results/influxd/default/lol_wild_rift_udp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=24051,flow_src_total_bytes=251,flow_dst_total_bytes=1077
+general json_lines=30,json_bytes=24037,flow_src_total_bytes=251,flow_dst_total_bytes=1077
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/long_tls_certificate.pcap.out b/test/results/influxd/default/long_tls_certificate.pcap.out
index e35cfdbd6..30fdb1ecf 100644
--- a/test/results/influxd/default/long_tls_certificate.pcap.out
+++ b/test/results/influxd/default/long_tls_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=17333,flow_src_total_bytes=1073,flow_dst_total_bytes=11027
+general json_lines=14,json_bytes=17327,flow_src_total_bytes=1073,flow_dst_total_bytes=11027
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/lru_ipv6_caches.pcapng.out b/test/results/influxd/default/lru_ipv6_caches.pcapng.out
index 740417936..ea1c2968c 100644
--- a/test/results/influxd/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/influxd/default/lru_ipv6_caches.pcapng.out
@@ -1,11 +1,11 @@
-general json_lines=86,json_bytes=87625,flow_src_total_bytes=14408,flow_dst_total_bytes=846
-events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=6,flow_state_finished=6
+general json_lines=89,json_bytes=91461,flow_src_total_bytes=14408,flow_dst_total_bytes=846
+events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=11,packet_count=0,packet_flow_count=41,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=7,flow_state_finished=5
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=3,flow_category_social_network_count=0,flow_category_download_count=5,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=3,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=10,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=13,flow_severity_medium=8,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=0,flow_l3_ip6_count=12,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=3,flow_l4_udp_count=9,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=12,flow_detected_count=12,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=10,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=8,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/malformed_dns.pcap.out b/test/results/influxd/default/malformed_dns.pcap.out
index a1cba3662..87cb7cb42 100644
--- a/test/results/influxd/default/malformed_dns.pcap.out
+++ b/test/results/influxd/default/malformed_dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=15780,flow_src_total_bytes=56,flow_dst_total_bytes=5552
+general json_lines=12,json_bytes=15774,flow_src_total_bytes=56,flow_dst_total_bytes=5552
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/malformed_icmp.pcap.out b/test/results/influxd/default/malformed_icmp.pcap.out
index ab489de99..e3514e2a8 100644
--- a/test/results/influxd/default/malformed_icmp.pcap.out
+++ b/test/results/influxd/default/malformed_icmp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5254,flow_src_total_bytes=8,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5248,flow_src_total_bytes=8,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/malware.pcap.out b/test/results/influxd/default/malware.pcap.out
index 62862c7ae..548eacf13 100644
--- a/test/results/influxd/default/malware.pcap.out
+++ b/test/results/influxd/default/malware.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=44,json_bytes=39809,flow_src_total_bytes=3925,flow_dst_total_bytes=51588
+general json_lines=44,json_bytes=39799,flow_src_total_bytes=3925,flow_dst_total_bytes=51588
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=3
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/memcached.cap.out b/test/results/influxd/default/memcached.cap.out
index 700bfabb5..9a6ce6d4e 100644
--- a/test/results/influxd/default/memcached.cap.out
+++ b/test/results/influxd/default/memcached.cap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7354,flow_src_total_bytes=7,flow_dst_total_bytes=1028
+general json_lines=11,json_bytes=7348,flow_src_total_bytes=7,flow_dst_total_bytes=1028
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/merakicloud.pcapng.out b/test/results/influxd/default/merakicloud.pcapng.out
index c0b577aa9..4fb38219e 100644
--- a/test/results/influxd/default/merakicloud.pcapng.out
+++ b/test/results/influxd/default/merakicloud.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=17135,flow_src_total_bytes=2679,flow_dst_total_bytes=1522
+general json_lines=19,json_bytes=17129,flow_src_total_bytes=2679,flow_dst_total_bytes=1522
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=7,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mgcp.pcap.out b/test/results/influxd/default/mgcp.pcap.out
index 1ea7f9019..7fc3863b1 100644
--- a/test/results/influxd/default/mgcp.pcap.out
+++ b/test/results/influxd/default/mgcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=36,json_bytes=26350,flow_src_total_bytes=1364,flow_dst_total_bytes=393
+general json_lines=36,json_bytes=26336,flow_src_total_bytes=1364,flow_dst_total_bytes=393
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=13,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mining.pcapng.out b/test/results/influxd/default/mining.pcapng.out
index f88240197..2a0990b4d 100644
--- a/test/results/influxd/default/mining.pcapng.out
+++ b/test/results/influxd/default/mining.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=41,json_bytes=36316,flow_src_total_bytes=146948,flow_dst_total_bytes=30432
+general json_lines=41,json_bytes=36306,flow_src_total_bytes=146948,flow_dst_total_bytes=30432
 events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=4,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/modbus.pcap.out b/test/results/influxd/default/modbus.pcap.out
index a4b89dc0d..448ee4702 100644
--- a/test/results/influxd/default/modbus.pcap.out
+++ b/test/results/influxd/default/modbus.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9518,flow_src_total_bytes=612,flow_dst_total_bytes=561
+general json_lines=12,json_bytes=9512,flow_src_total_bytes=612,flow_dst_total_bytes=561
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/monero.pcap.out b/test/results/influxd/default/monero.pcap.out
index 757e69a66..b1873dc3c 100644
--- a/test/results/influxd/default/monero.pcap.out
+++ b/test/results/influxd/default/monero.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=35,json_bytes=25220,flow_src_total_bytes=1180,flow_dst_total_bytes=56628
+general json_lines=35,json_bytes=25214,flow_src_total_bytes=1180,flow_dst_total_bytes=56628
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mongo_false_positive.pcapng.out b/test/results/influxd/default/mongo_false_positive.pcapng.out
index 0fe343d77..7e7ba7582 100644
--- a/test/results/influxd/default/mongo_false_positive.pcapng.out
+++ b/test/results/influxd/default/mongo_false_positive.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=10464,flow_src_total_bytes=9246,flow_dst_total_bytes=1485
+general json_lines=11,json_bytes=10458,flow_src_total_bytes=9246,flow_dst_total_bytes=1485
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mongodb.pcap.out b/test/results/influxd/default/mongodb.pcap.out
index 779dd8fd8..8f17deb00 100644
--- a/test/results/influxd/default/mongodb.pcap.out
+++ b/test/results/influxd/default/mongodb.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=45,json_bytes=31685,flow_src_total_bytes=706,flow_dst_total_bytes=0
+general json_lines=45,json_bytes=31671,flow_src_total_bytes=706,flow_dst_total_bytes=0
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=23,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mpeg-dash.pcap.out b/test/results/influxd/default/mpeg-dash.pcap.out
index 214e82996..b4e898cca 100644
--- a/test/results/influxd/default/mpeg-dash.pcap.out
+++ b/test/results/influxd/default/mpeg-dash.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=27834,flow_src_total_bytes=2220,flow_dst_total_bytes=1591
+general json_lines=30,json_bytes=27826,flow_src_total_bytes=2220,flow_dst_total_bytes=1591
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=13,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mpeg.pcap.out b/test/results/influxd/default/mpeg.pcap.out
index 6fc5ce5d6..563b259cf 100644
--- a/test/results/influxd/default/mpeg.pcap.out
+++ b/test/results/influxd/default/mpeg.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=8754,flow_src_total_bytes=148,flow_dst_total_bytes=9215
+general json_lines=12,json_bytes=8748,flow_src_total_bytes=148,flow_dst_total_bytes=9215
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mpegts.pcap.out b/test/results/influxd/default/mpegts.pcap.out
index 732bcede0..f9958bea0 100644
--- a/test/results/influxd/default/mpegts.pcap.out
+++ b/test/results/influxd/default/mpegts.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=7348,flow_src_total_bytes=1316,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=7342,flow_src_total_bytes=1316,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mqtt.pcap.out b/test/results/influxd/default/mqtt.pcap.out
index 131876b8a..28a2eac29 100644
--- a/test/results/influxd/default/mqtt.pcap.out
+++ b/test/results/influxd/default/mqtt.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=11047,flow_src_total_bytes=383,flow_dst_total_bytes=492
+general json_lines=15,json_bytes=11041,flow_src_total_bytes=383,flow_dst_total_bytes=492
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mssql_tds.pcap.out b/test/results/influxd/default/mssql_tds.pcap.out
index ca74cfbe3..aee8ecbc9 100644
--- a/test/results/influxd/default/mssql_tds.pcap.out
+++ b/test/results/influxd/default/mssql_tds.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=65,json_bytes=64535,flow_src_total_bytes=12590,flow_dst_total_bytes=1552
+general json_lines=65,json_bytes=64525,flow_src_total_bytes=12590,flow_dst_total_bytes=1552
 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=11,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=11
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=11,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mullvad_dns.pcap.out b/test/results/influxd/default/mullvad_dns.pcap.out
index e0e8f5cc6..289d47a82 100644
--- a/test/results/influxd/default/mullvad_dns.pcap.out
+++ b/test/results/influxd/default/mullvad_dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=7023,flow_src_total_bytes=56,flow_dst_total_bytes=74
+general json_lines=9,json_bytes=7017,flow_src_total_bytes=56,flow_dst_total_bytes=74
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mullvad_wireguard.pcap.out b/test/results/influxd/default/mullvad_wireguard.pcap.out
index 6d17731f8..bd8c8f187 100644
--- a/test/results/influxd/default/mullvad_wireguard.pcap.out
+++ b/test/results/influxd/default/mullvad_wireguard.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8245,flow_src_total_bytes=576,flow_dst_total_bytes=928
+general json_lines=11,json_bytes=8239,flow_src_total_bytes=576,flow_dst_total_bytes=928
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mumble.pcapng.out b/test/results/influxd/default/mumble.pcapng.out
index 88c92098c..9d7d41a12 100644
--- a/test/results/influxd/default/mumble.pcapng.out
+++ b/test/results/influxd/default/mumble.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=22,json_bytes=17497,flow_src_total_bytes=541,flow_dst_total_bytes=1488
+general json_lines=22,json_bytes=17491,flow_src_total_bytes=541,flow_dst_total_bytes=1488
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/munin.pcap.out b/test/results/influxd/default/munin.pcap.out
index 851fbad06..febd51d8f 100644
--- a/test/results/influxd/default/munin.pcap.out
+++ b/test/results/influxd/default/munin.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=38,json_bytes=25843,flow_src_total_bytes=242,flow_dst_total_bytes=1156
+general json_lines=38,json_bytes=25831,flow_src_total_bytes=242,flow_dst_total_bytes=1156
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/mysql.pcapng.out b/test/results/influxd/default/mysql.pcapng.out
index e26efea75..76686d75b 100644
--- a/test/results/influxd/default/mysql.pcapng.out
+++ b/test/results/influxd/default/mysql.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=13762,flow_src_total_bytes=1084,flow_dst_total_bytes=3187
+general json_lines=20,json_bytes=13754,flow_src_total_bytes=1084,flow_dst_total_bytes=3187
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/natpmp.pcap.out b/test/results/influxd/default/natpmp.pcap.out
index c7580753b..bb0cd7ac0 100644
--- a/test/results/influxd/default/natpmp.pcap.out
+++ b/test/results/influxd/default/natpmp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=31,json_bytes=24155,flow_src_total_bytes=88,flow_dst_total_bytes=28
+general json_lines=31,json_bytes=24147,flow_src_total_bytes=88,flow_dst_total_bytes=28
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nats.pcap.out b/test/results/influxd/default/nats.pcap.out
index bc0f4015d..fa486f3ae 100644
--- a/test/results/influxd/default/nats.pcap.out
+++ b/test/results/influxd/default/nats.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=13447,flow_src_total_bytes=276,flow_dst_total_bytes=636
+general json_lines=19,json_bytes=13441,flow_src_total_bytes=276,flow_dst_total_bytes=636
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out
index 5cc082e2c..0f59f9a8e 100644
--- a/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/influxd/default/ndpi_match_string_subprotocol__error.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12521,flow_src_total_bytes=1648,flow_dst_total_bytes=1053
+general json_lines=13,json_bytes=12513,flow_src_total_bytes=1648,flow_dst_total_bytes=1053
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nest_log_sink.pcap.out b/test/results/influxd/default/nest_log_sink.pcap.out
index 7ef945949..44bb4effa 100644
--- a/test/results/influxd/default/nest_log_sink.pcap.out
+++ b/test/results/influxd/default/nest_log_sink.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=168,json_bytes=146447,flow_src_total_bytes=55213,flow_dst_total_bytes=20167
+general json_lines=168,json_bytes=146419,flow_src_total_bytes=55213,flow_dst_total_bytes=20167
 events flow_new_count=17,flow_end_count=12,flow_idle_count=5,flow_update_count=8,flow_analyse_count=10,flow_guessed_count=1,flow_detected_count=16,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=80,init_count=1,reconnect_count=0,shutdown_count=1,status_count=12,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=17
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=16,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/netbios.pcap.out b/test/results/influxd/default/netbios.pcap.out
index 7bc78513b..582c4ec1c 100644
--- a/test/results/influxd/default/netbios.pcap.out
+++ b/test/results/influxd/default/netbios.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=83,json_bytes=68942,flow_src_total_bytes=13027,flow_dst_total_bytes=700
+general json_lines=83,json_bytes=68936,flow_src_total_bytes=13027,flow_dst_total_bytes=700
 events flow_new_count=15,flow_end_count=0,flow_idle_count=15,flow_update_count=3,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=14,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=14
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out b/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out
index 3b23600b1..045c62ccd 100644
--- a/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/influxd/default/netbios_wildcard_dns_query.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5390,flow_src_total_bytes=50,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5384,flow_src_total_bytes=50,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/netease_games.pcapng.out b/test/results/influxd/default/netease_games.pcapng.out
index e715d20cd..d0d2c9949 100644
--- a/test/results/influxd/default/netease_games.pcapng.out
+++ b/test/results/influxd/default/netease_games.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=42,json_bytes=33521,flow_src_total_bytes=874,flow_dst_total_bytes=782
+general json_lines=42,json_bytes=33511,flow_src_total_bytes=874,flow_dst_total_bytes=782
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/netflix.pcap.out b/test/results/influxd/default/netflix.pcap.out
index 1ea8efeda..a19fa5ce7 100644
--- a/test/results/influxd/default/netflix.pcap.out
+++ b/test/results/influxd/default/netflix.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=557,json_bytes=555733,flow_src_total_bytes=117204,flow_dst_total_bytes=768140
+general json_lines=557,json_bytes=556677,flow_src_total_bytes=117204,flow_dst_total_bytes=768140
 events flow_new_count=61,flow_end_count=31,flow_idle_count=30,flow_update_count=9,flow_analyse_count=27,flow_guessed_count=1,flow_detected_count=60,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=33,packet_count=0,packet_flow_count=266,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=8,flow_state_finished=53
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=22,flow_breed_fun_count=38,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=18,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=13,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=28,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=60,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=70,flow_severity_medium=0,flow_severity_high=1,flow_severity_severe=18,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=70,flow_severity_medium=18,flow_severity_high=1,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=61,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=47,flow_l4_udp_count=13,flow_l4_icmp_count=0,flow_l4_other_count=1
 detection flow_active_count=61,flow_detected_count=60,flow_guessed_count=1,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=18,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=36,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=32,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=1,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=36,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=32,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=1,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=2,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=18
diff --git a/test/results/influxd/default/netflow-fritz.pcap.out b/test/results/influxd/default/netflow-fritz.pcap.out
index f5a40b8a9..6bfe8869a 100644
--- a/test/results/influxd/default/netflow-fritz.pcap.out
+++ b/test/results/influxd/default/netflow-fritz.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5365,flow_src_total_bytes=180,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5359,flow_src_total_bytes=180,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/netflowv9.pcap.out b/test/results/influxd/default/netflowv9.pcap.out
index 9d6f64795..ed66439da 100644
--- a/test/results/influxd/default/netflowv9.pcap.out
+++ b/test/results/influxd/default/netflowv9.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=16551,flow_src_total_bytes=13468,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=16545,flow_src_total_bytes=13468,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nfsv2.pcap.out b/test/results/influxd/default/nfsv2.pcap.out
index 37abc9490..456d49190 100644
--- a/test/results/influxd/default/nfsv2.pcap.out
+++ b/test/results/influxd/default/nfsv2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=42,json_bytes=34513,flow_src_total_bytes=10080,flow_dst_total_bytes=6512
+general json_lines=42,json_bytes=34507,flow_src_total_bytes=10080,flow_dst_total_bytes=6512
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nfsv3.pcap.out b/test/results/influxd/default/nfsv3.pcap.out
index 1b040d304..448d54bc2 100644
--- a/test/results/influxd/default/nfsv3.pcap.out
+++ b/test/results/influxd/default/nfsv3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=47,json_bytes=38784,flow_src_total_bytes=8508,flow_dst_total_bytes=8932
+general json_lines=47,json_bytes=38778,flow_src_total_bytes=8508,flow_dst_total_bytes=8932
 events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=19,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nintendo.pcap.out b/test/results/influxd/default/nintendo.pcap.out
index f9830320d..60723f7bc 100644
--- a/test/results/influxd/default/nintendo.pcap.out
+++ b/test/results/influxd/default/nintendo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=164,json_bytes=135379,flow_src_total_bytes=151475,flow_dst_total_bytes=137750
+general json_lines=164,json_bytes=135476,flow_src_total_bytes=151475,flow_dst_total_bytes=137750
 events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=6,flow_detected_count=15,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=8,flow_state_finished=13
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=2,flow_breed_fun_count=12,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nntp.pcap.out b/test/results/influxd/default/nntp.pcap.out
index 95db1cccd..d681edf6f 100644
--- a/test/results/influxd/default/nntp.pcap.out
+++ b/test/results/influxd/default/nntp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9676,flow_src_total_bytes=113,flow_dst_total_bytes=4808
+general json_lines=12,json_bytes=9670,flow_src_total_bytes=113,flow_dst_total_bytes=4808
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/no_sni.pcap.out b/test/results/influxd/default/no_sni.pcap.out
index 0ce87ca61..06b5afae1 100644
--- a/test/results/influxd/default/no_sni.pcap.out
+++ b/test/results/influxd/default/no_sni.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=79,json_bytes=71222,flow_src_total_bytes=14690,flow_dst_total_bytes=42821
+general json_lines=79,json_bytes=71216,flow_src_total_bytes=14690,flow_dst_total_bytes=42821
 events flow_new_count=8,flow_end_count=3,flow_idle_count=5,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=5
 breed flow_breed_safe_count=7,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/nomachine.pcapng.out b/test/results/influxd/default/nomachine.pcapng.out
index ddf8dd043..10522e3d3 100644
--- a/test/results/influxd/default/nomachine.pcapng.out
+++ b/test/results/influxd/default/nomachine.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=15611,flow_src_total_bytes=655,flow_dst_total_bytes=2744
+general json_lines=20,json_bytes=15605,flow_src_total_bytes=655,flow_dst_total_bytes=2744
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ocs.pcap.out b/test/results/influxd/default/ocs.pcap.out
index fb1083857..e491e7818 100644
--- a/test/results/influxd/default/ocs.pcap.out
+++ b/test/results/influxd/default/ocs.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=137,json_bytes=113495,flow_src_total_bytes=12361,flow_dst_total_bytes=0
+general json_lines=137,json_bytes=113489,flow_src_total_bytes=12361,flow_dst_total_bytes=0
 events flow_new_count=20,flow_end_count=5,flow_idle_count=15,flow_update_count=7,flow_analyse_count=2,flow_guessed_count=2,flow_detected_count=18,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=13,flow_state_finished=7
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=8,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ocsp.pcapng.out b/test/results/influxd/default/ocsp.pcapng.out
index 69edd1b17..ed7d0b50b 100644
--- a/test/results/influxd/default/ocsp.pcapng.out
+++ b/test/results/influxd/default/ocsp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=93,json_bytes=84569,flow_src_total_bytes=6995,flow_dst_total_bytes=26118
+general json_lines=93,json_bytes=84555,flow_src_total_bytes=6995,flow_dst_total_bytes=26118
 events flow_new_count=10,flow_end_count=10,flow_idle_count=0,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=10
 breed flow_breed_safe_count=9,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/oicq.pcap.out b/test/results/influxd/default/oicq.pcap.out
index 60cc30037..384a9ba7f 100644
--- a/test/results/influxd/default/oicq.pcap.out
+++ b/test/results/influxd/default/oicq.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=146,json_bytes=118301,flow_src_total_bytes=1324,flow_dst_total_bytes=0
+general json_lines=146,json_bytes=118269,flow_src_total_bytes=1324,flow_dst_total_bytes=0
 events flow_new_count=29,flow_end_count=0,flow_idle_count=29,flow_update_count=14,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=29,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=14,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=29
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=29,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ookla.pcap.out b/test/results/influxd/default/ookla.pcap.out
index a73209400..603ba4844 100644
--- a/test/results/influxd/default/ookla.pcap.out
+++ b/test/results/influxd/default/ookla.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=56,json_bytes=43520,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
+general json_lines=56,json_bytes=43512,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/opc-ua.pcap.out b/test/results/influxd/default/opc-ua.pcap.out
index 6f2eb16e4..811eb8959 100644
--- a/test/results/influxd/default/opc-ua.pcap.out
+++ b/test/results/influxd/default/opc-ua.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9463,flow_src_total_bytes=12547,flow_dst_total_bytes=11671
+general json_lines=12,json_bytes=9457,flow_src_total_bytes=12547,flow_dst_total_bytes=11671
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/openflow.pcap.out b/test/results/influxd/default/openflow.pcap.out
index d7fa01c81..f9497ccdb 100644
--- a/test/results/influxd/default/openflow.pcap.out
+++ b/test/results/influxd/default/openflow.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7388,flow_src_total_bytes=332,flow_dst_total_bytes=92
+general json_lines=11,json_bytes=7382,flow_src_total_bytes=332,flow_dst_total_bytes=92
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/openvpn-tlscrypt.pcap.out b/test/results/influxd/default/openvpn-tlscrypt.pcap.out
index f9eb18b41..bd312f769 100644
--- a/test/results/influxd/default/openvpn-tlscrypt.pcap.out
+++ b/test/results/influxd/default/openvpn-tlscrypt.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=29,json_bytes=17361,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=29,json_bytes=17355,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=13,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=13,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/openvpn.pcap.out b/test/results/influxd/default/openvpn.pcap.out
index 8c56f8dfd..0201599d2 100644
--- a/test/results/influxd/default/openvpn.pcap.out
+++ b/test/results/influxd/default/openvpn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=78,json_bytes=72468,flow_src_total_bytes=44541,flow_dst_total_bytes=41567
+general json_lines=78,json_bytes=72452,flow_src_total_bytes=44541,flow_dst_total_bytes=41567
 events flow_new_count=8,flow_end_count=1,flow_idle_count=7,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/openvpn_nohmac.pcapng.out b/test/results/influxd/default/openvpn_nohmac.pcapng.out
index 1632782c4..7a9ac834c 100644
--- a/test/results/influxd/default/openvpn_nohmac.pcapng.out
+++ b/test/results/influxd/default/openvpn_nohmac.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=10820,flow_src_total_bytes=113447,flow_dst_total_bytes=150832
+general json_lines=13,json_bytes=10814,flow_src_total_bytes=113447,flow_dst_total_bytes=150832
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out b/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out
index 6bba1c114..a36df4ce2 100644
--- a/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out
+++ b/test/results/influxd/default/openvpn_nohmac_tcp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9709,flow_src_total_bytes=6986,flow_dst_total_bytes=7709
+general json_lines=12,json_bytes=9703,flow_src_total_bytes=6986,flow_dst_total_bytes=7709
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/opera-vpn.pcapng.out b/test/results/influxd/default/opera-vpn.pcapng.out
index 7f0257c36..ab753b9dd 100644
--- a/test/results/influxd/default/opera-vpn.pcapng.out
+++ b/test/results/influxd/default/opera-vpn.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=618,json_bytes=617531,flow_src_total_bytes=206752,flow_dst_total_bytes=980038
+general json_lines=618,json_bytes=617525,flow_src_total_bytes=206752,flow_dst_total_bytes=980038
 events flow_new_count=62,flow_end_count=28,flow_idle_count=34,flow_update_count=0,flow_analyse_count=60,flow_guessed_count=1,flow_detected_count=61,flow_detection_update_count=61,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=308,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=60
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=61,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/oracle12.pcapng.out b/test/results/influxd/default/oracle12.pcapng.out
index a3f67c394..c3fd64e0a 100644
--- a/test/results/influxd/default/oracle12.pcapng.out
+++ b/test/results/influxd/default/oracle12.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7424,flow_src_total_bytes=941,flow_dst_total_bytes=441
+general json_lines=11,json_bytes=7418,flow_src_total_bytes=941,flow_dst_total_bytes=441
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/os_detected.pcapng.out b/test/results/influxd/default/os_detected.pcapng.out
index 6e4d005e0..176b1cd3e 100644
--- a/test/results/influxd/default/os_detected.pcapng.out
+++ b/test/results/influxd/default/os_detected.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=7700,flow_src_total_bytes=1252,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=7694,flow_src_total_bytes=1252,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out b/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out
index b81634eaa..b764734a9 100644
--- a/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out
+++ b/test/results/influxd/default/ospfv2_add_new_prefix.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=5737,flow_src_total_bytes=88,flow_dst_total_bytes=44
+general json_lines=8,json_bytes=5731,flow_src_total_bytes=88,flow_dst_total_bytes=44
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out
index 6d8234c67..33cf49582 100644
--- a/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=59,json_bytes=48788,flow_src_total_bytes=2613,flow_dst_total_bytes=28
+general json_lines=59,json_bytes=48772,flow_src_total_bytes=2613,flow_dst_total_bytes=28
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=3,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=7,packet_count=0,packet_flow_count=18,init_count=1,reconnect_count=0,shutdown_count=1,status_count=6,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=9
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=2,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out
index 9b8343bde..93bb85914 100644
--- a/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=65,json_bytes=49019,flow_src_total_bytes=13912,flow_dst_total_bytes=15230
+general json_lines=65,json_bytes=49007,flow_src_total_bytes=13912,flow_dst_total_bytes=15230
 events flow_new_count=8,flow_end_count=3,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=1,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=34,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out
index 4c7702b6d..71eaabd00 100644
--- a/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out
+++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_3.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=7091,flow_src_total_bytes=82,flow_dst_total_bytes=0
+general json_lines=10,json_bytes=7085,flow_src_total_bytes=82,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out
index f39f541a8..9f4b3b914 100644
--- a/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/test/results/influxd/default/ossfuzz_seed_fake_traces_4.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=5447,flow_src_total_bytes=4,flow_dst_total_bytes=8
+general json_lines=8,json_bytes=5441,flow_src_total_bytes=4,flow_dst_total_bytes=8
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/path_of_exile.pcapng.out b/test/results/influxd/default/path_of_exile.pcapng.out
index 280e9453d..12e2b7b7a 100644
--- a/test/results/influxd/default/path_of_exile.pcapng.out
+++ b/test/results/influxd/default/path_of_exile.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=6897,flow_src_total_bytes=31,flow_dst_total_bytes=0
+general json_lines=10,json_bytes=6891,flow_src_total_bytes=31,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pfcp.pcapng.out b/test/results/influxd/default/pfcp.pcapng.out
index 2e3eca164..e760152c3 100644
--- a/test/results/influxd/default/pfcp.pcapng.out
+++ b/test/results/influxd/default/pfcp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8377,flow_src_total_bytes=2395,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=8371,flow_src_total_bytes=2395,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pgm.pcap.out b/test/results/influxd/default/pgm.pcap.out
index 2fc09047e..30a6c2d12 100644
--- a/test/results/influxd/default/pgm.pcap.out
+++ b/test/results/influxd/default/pgm.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=11556,flow_src_total_bytes=162302,flow_dst_total_bytes=0
+general json_lines=12,json_bytes=11550,flow_src_total_bytes=162302,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pgsql.pcap.out b/test/results/influxd/default/pgsql.pcap.out
index 9ae15f8b6..796b9a848 100644
--- a/test/results/influxd/default/pgsql.pcap.out
+++ b/test/results/influxd/default/pgsql.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=52,json_bytes=35501,flow_src_total_bytes=1157,flow_dst_total_bytes=1836
+general json_lines=52,json_bytes=35493,flow_src_total_bytes=1157,flow_dst_total_bytes=1836
 events flow_new_count=6,flow_end_count=3,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pia.pcap.out b/test/results/influxd/default/pia.pcap.out
index e4acd80ec..66b040a08 100644
--- a/test/results/influxd/default/pia.pcap.out
+++ b/test/results/influxd/default/pia.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12165,flow_src_total_bytes=610,flow_dst_total_bytes=2622
+general json_lines=13,json_bytes=12159,flow_src_total_bytes=610,flow_dst_total_bytes=2622
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pim.pcap.out b/test/results/influxd/default/pim.pcap.out
index 7462d7c6e..3fad10cc2 100644
--- a/test/results/influxd/default/pim.pcap.out
+++ b/test/results/influxd/default/pim.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7317,flow_src_total_bytes=580,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=7311,flow_src_total_bytes=580,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pinterest.pcap.out b/test/results/influxd/default/pinterest.pcap.out
index 6cfb769f4..0e38b118e 100644
--- a/test/results/influxd/default/pinterest.pcap.out
+++ b/test/results/influxd/default/pinterest.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=297,json_bytes=297367,flow_src_total_bytes=30054,flow_dst_total_bytes=337815
+general json_lines=297,json_bytes=297361,flow_src_total_bytes=30054,flow_dst_total_bytes=337815
 events flow_new_count=37,flow_end_count=5,flow_idle_count=32,flow_update_count=0,flow_analyse_count=13,flow_guessed_count=16,flow_detected_count=21,flow_detection_update_count=33,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=137,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=24,flow_state_finished=13
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=6,flow_breed_fun_count=11,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pluralsight.pcap.out b/test/results/influxd/default/pluralsight.pcap.out
index 18ea1eb8b..be6a6ed17 100644
--- a/test/results/influxd/default/pluralsight.pcap.out
+++ b/test/results/influxd/default/pluralsight.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=59,json_bytes=73347,flow_src_total_bytes=3540,flow_dst_total_bytes=23176
+general json_lines=59,json_bytes=73341,flow_src_total_bytes=3540,flow_dst_total_bytes=23176
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pop3.pcap.out b/test/results/influxd/default/pop3.pcap.out
index 4ea89d53b..dcc45e737 100644
--- a/test/results/influxd/default/pop3.pcap.out
+++ b/test/results/influxd/default/pop3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=53,json_bytes=39538,flow_src_total_bytes=417,flow_dst_total_bytes=22283
+general json_lines=53,json_bytes=39530,flow_src_total_bytes=417,flow_dst_total_bytes=22283
 events flow_new_count=6,flow_end_count=6,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=6,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=6,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pop3_stls.pcap.out b/test/results/influxd/default/pop3_stls.pcap.out
index 7f79756c5..587f6aeab 100644
--- a/test/results/influxd/default/pop3_stls.pcap.out
+++ b/test/results/influxd/default/pop3_stls.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=13668,flow_src_total_bytes=805,flow_dst_total_bytes=7462
+general json_lines=15,json_bytes=13662,flow_src_total_bytes=805,flow_dst_total_bytes=7462
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/pops.pcapng.out b/test/results/influxd/default/pops.pcapng.out
index fea9aa0bc..47955cee4 100644
--- a/test/results/influxd/default/pops.pcapng.out
+++ b/test/results/influxd/default/pops.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=12204,flow_src_total_bytes=184,flow_dst_total_bytes=2520
+general json_lines=12,json_bytes=12198,flow_src_total_bytes=184,flow_dst_total_bytes=2520
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/portable_executable.pcap.out b/test/results/influxd/default/portable_executable.pcap.out
new file mode 100644
index 000000000..631ebe65d
--- /dev/null
+++ b/test/results/influxd/default/portable_executable.pcap.out
@@ -0,0 +1,11 @@
+general json_lines=19,json_bytes=18073,flow_src_total_bytes=11308,flow_dst_total_bytes=11308
+events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=2,flow_state_finished=0
+breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
+category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
+confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
+severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+layer3 flow_l3_ip4_count=2,flow_l3_ip6_count=0,flow_l3_other_count=0
+layer4 flow_l4_tcp_count=2,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
+detection flow_active_count=2,flow_detected_count=0,flow_guessed_count=1,flow_not_detected_count=1
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/pps.pcap.out b/test/results/influxd/default/pps.pcap.out
index 477c7aa40..641333b2f 100644
--- a/test/results/influxd/default/pps.pcap.out
+++ b/test/results/influxd/default/pps.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=701,json_bytes=728606,flow_src_total_bytes=122772,flow_dst_total_bytes=232827
+general json_lines=701,json_bytes=729652,flow_src_total_bytes=122772,flow_dst_total_bytes=232827
 events flow_new_count=107,flow_end_count=2,flow_idle_count=105,flow_update_count=35,flow_analyse_count=5,flow_guessed_count=2,flow_detected_count=76,flow_detection_update_count=49,flow_not_detected_count=29,flow_risky_count=47,packet_count=0,packet_flow_count=288,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=38,flow_state_finished=69
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=55,flow_breed_fun_count=20,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=25,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=39,flow_category_system_count=10,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=1,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=76,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=11,flow_severity_medium=33,flow_severity_high=10,flow_severity_severe=9,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=13,flow_severity_medium=40,flow_severity_high=10,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=107,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=63,flow_l4_udp_count=44,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=107,flow_detected_count=76,flow_guessed_count=2,flow_not_detected_count=29
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=9,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=11,flow_risk_12_count=4,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=7,flow_risk_47_count=35,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=11,flow_risk_12_count=4,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=7,flow_risk_47_count=35,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=11
diff --git a/test/results/influxd/default/pptp.pcap.out b/test/results/influxd/default/pptp.pcap.out
index 74247170e..aba08c3a7 100644
--- a/test/results/influxd/default/pptp.pcap.out
+++ b/test/results/influxd/default/pptp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7513,flow_src_total_bytes=356,flow_dst_total_bytes=384
+general json_lines=11,json_bytes=7507,flow_src_total_bytes=356,flow_dst_total_bytes=384
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/profinet-io-le.pcap.out b/test/results/influxd/default/profinet-io-le.pcap.out
index f4774672b..a24166335 100644
--- a/test/results/influxd/default/profinet-io-le.pcap.out
+++ b/test/results/influxd/default/profinet-io-le.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=6551,flow_src_total_bytes=164,flow_dst_total_bytes=268
+general json_lines=8,json_bytes=6545,flow_src_total_bytes=164,flow_dst_total_bytes=268
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/protobuf.pcap.out b/test/results/influxd/default/protobuf.pcap.out
index afcf693b2..9500d14ba 100644
--- a/test/results/influxd/default/protobuf.pcap.out
+++ b/test/results/influxd/default/protobuf.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=47,json_bytes=32576,flow_src_total_bytes=1086,flow_dst_total_bytes=0
+general json_lines=47,json_bytes=32562,flow_src_total_bytes=1086,flow_dst_total_bytes=0
 events flow_new_count=5,flow_end_count=5,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/protonvpn.pcap.out b/test/results/influxd/default/protonvpn.pcap.out
index a3a928fd6..17f636596 100644
--- a/test/results/influxd/default/protonvpn.pcap.out
+++ b/test/results/influxd/default/protonvpn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=25,json_bytes=19871,flow_src_total_bytes=1624,flow_dst_total_bytes=6451
+general json_lines=25,json_bytes=19865,flow_src_total_bytes=1624,flow_dst_total_bytes=6451
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/psiphon3.pcap.out b/test/results/influxd/default/psiphon3.pcap.out
index c04d1e80a..7c158ec17 100644
--- a/test/results/influxd/default/psiphon3.pcap.out
+++ b/test/results/influxd/default/psiphon3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=13634,flow_src_total_bytes=3700,flow_dst_total_bytes=5574
+general json_lines=14,json_bytes=13628,flow_src_total_bytes=3700,flow_dst_total_bytes=5574
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ptpv2.pcap.out b/test/results/influxd/default/ptpv2.pcap.out
index 0dd485260..b935b2cbd 100644
--- a/test/results/influxd/default/ptpv2.pcap.out
+++ b/test/results/influxd/default/ptpv2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=16994,flow_src_total_bytes=796,flow_dst_total_bytes=0
+general json_lines=23,json_bytes=16988,flow_src_total_bytes=796,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/punycode-idn.pcap.out b/test/results/influxd/default/punycode-idn.pcap.out
index 40b13d5d2..c3391bd72 100644
--- a/test/results/influxd/default/punycode-idn.pcap.out
+++ b/test/results/influxd/default/punycode-idn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=24,json_bytes=20074,flow_src_total_bytes=232,flow_dst_total_bytes=836
+general json_lines=24,json_bytes=20068,flow_src_total_bytes=232,flow_dst_total_bytes=836
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=9,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-23.pcap.out b/test/results/influxd/default/quic-23.pcap.out
index b6e1fbe32..0b3686741 100644
--- a/test/results/influxd/default/quic-23.pcap.out
+++ b/test/results/influxd/default/quic-23.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=13168,flow_src_total_bytes=1993,flow_dst_total_bytes=3958
+general json_lines=11,json_bytes=13162,flow_src_total_bytes=1993,flow_dst_total_bytes=3958
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-24.pcap.out b/test/results/influxd/default/quic-24.pcap.out
index 85705e565..8970ec7b4 100644
--- a/test/results/influxd/default/quic-24.pcap.out
+++ b/test/results/influxd/default/quic-24.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=12876,flow_src_total_bytes=4378,flow_dst_total_bytes=2992
+general json_lines=11,json_bytes=12870,flow_src_total_bytes=4378,flow_dst_total_bytes=2992
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-27.pcap.out b/test/results/influxd/default/quic-27.pcap.out
index dc9c22298..128a4a703 100644
--- a/test/results/influxd/default/quic-27.pcap.out
+++ b/test/results/influxd/default/quic-27.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=16842,flow_src_total_bytes=5523,flow_dst_total_bytes=6124
+general json_lines=11,json_bytes=16836,flow_src_total_bytes=5523,flow_dst_total_bytes=6124
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-28.pcap.out b/test/results/influxd/default/quic-28.pcap.out
index c5d396803..86b0ed066 100644
--- a/test/results/influxd/default/quic-28.pcap.out
+++ b/test/results/influxd/default/quic-28.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=13270,flow_src_total_bytes=5428,flow_dst_total_bytes=230739
+general json_lines=12,json_bytes=13264,flow_src_total_bytes=5428,flow_dst_total_bytes=230739
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-29.pcap.out b/test/results/influxd/default/quic-29.pcap.out
index a010aa860..e76326a28 100644
--- a/test/results/influxd/default/quic-29.pcap.out
+++ b/test/results/influxd/default/quic-29.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=12869,flow_src_total_bytes=4303,flow_dst_total_bytes=4453
+general json_lines=11,json_bytes=12863,flow_src_total_bytes=4303,flow_dst_total_bytes=4453
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-33.pcapng.out b/test/results/influxd/default/quic-33.pcapng.out
index c837484ba..b55c82330 100644
--- a/test/results/influxd/default/quic-33.pcapng.out
+++ b/test/results/influxd/default/quic-33.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14747,flow_src_total_bytes=1432,flow_dst_total_bytes=3470
+general json_lines=11,json_bytes=14741,flow_src_total_bytes=1432,flow_dst_total_bytes=3470
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-34.pcap.out b/test/results/influxd/default/quic-34.pcap.out
index 2a1dc85fd..65f751d8d 100644
--- a/test/results/influxd/default/quic-34.pcap.out
+++ b/test/results/influxd/default/quic-34.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=14125,flow_src_total_bytes=1252,flow_dst_total_bytes=3416
+general json_lines=10,json_bytes=14119,flow_src_total_bytes=1252,flow_dst_total_bytes=3416
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out b/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out
index f8270b848..bc356fa20 100644
--- a/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out
+++ b/test/results/influxd/default/quic-forcing-vn-with-data.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=14641,flow_src_total_bytes=5466,flow_dst_total_bytes=2691
+general json_lines=12,json_bytes=14635,flow_src_total_bytes=5466,flow_dst_total_bytes=2691
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-fuzz-overflow.pcapng.out b/test/results/influxd/default/quic-fuzz-overflow.pcapng.out
index e7f652d63..b0de6bf13 100644
--- a/test/results/influxd/default/quic-fuzz-overflow.pcapng.out
+++ b/test/results/influxd/default/quic-fuzz-overflow.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=8266,flow_src_total_bytes=1252,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=8260,flow_src_total_bytes=1252,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-mvfst-22.pcap.out b/test/results/influxd/default/quic-mvfst-22.pcap.out
index b6fc7e7ad..a606f6789 100644
--- a/test/results/influxd/default/quic-mvfst-22.pcap.out
+++ b/test/results/influxd/default/quic-mvfst-22.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=15285,flow_src_total_bytes=72648,flow_dst_total_bytes=195075
+general json_lines=12,json_bytes=15281,flow_src_total_bytes=72648,flow_dst_total_bytes=195075
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out
index 9a12ad61a..f834baedd 100644
--- a/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/influxd/default/quic-mvfst-22_decryption_error.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=10266,flow_src_total_bytes=3572,flow_dst_total_bytes=38
+general json_lines=11,json_bytes=10260,flow_src_total_bytes=3572,flow_dst_total_bytes=38
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-mvfst-27.pcapng.out b/test/results/influxd/default/quic-mvfst-27.pcapng.out
index 6dab4d774..6c9783b55 100644
--- a/test/results/influxd/default/quic-mvfst-27.pcapng.out
+++ b/test/results/influxd/default/quic-mvfst-27.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=15580,flow_src_total_bytes=2538,flow_dst_total_bytes=6981
+general json_lines=10,json_bytes=15576,flow_src_total_bytes=2538,flow_dst_total_bytes=6981
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-mvfst-exp.pcap.out b/test/results/influxd/default/quic-mvfst-exp.pcap.out
index 21bb8a35d..c8b80f3ac 100644
--- a/test/results/influxd/default/quic-mvfst-exp.pcap.out
+++ b/test/results/influxd/default/quic-mvfst-exp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=15355,flow_src_total_bytes=3496,flow_dst_total_bytes=20953
+general json_lines=11,json_bytes=15349,flow_src_total_bytes=3496,flow_dst_total_bytes=20953
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic-v2.pcapng.out b/test/results/influxd/default/quic-v2.pcapng.out
index 25d37d2aa..e38364a79 100644
--- a/test/results/influxd/default/quic-v2.pcapng.out
+++ b/test/results/influxd/default/quic-v2.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14511,flow_src_total_bytes=2222,flow_dst_total_bytes=9532
+general json_lines=11,json_bytes=14505,flow_src_total_bytes=2222,flow_dst_total_bytes=9532
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic.pcap.out b/test/results/influxd/default/quic.pcap.out
index af77595b1..d2e8aca1f 100644
--- a/test/results/influxd/default/quic.pcap.out
+++ b/test/results/influxd/default/quic.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=80,json_bytes=115600,flow_src_total_bytes=41486,flow_dst_total_bytes=285324
+general json_lines=80,json_bytes=115588,flow_src_total_bytes=41486,flow_dst_total_bytes=285324
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=42,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=9
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic046.pcap.out b/test/results/influxd/default/quic046.pcap.out
index a0f416538..97feec41f 100644
--- a/test/results/influxd/default/quic046.pcap.out
+++ b/test/results/influxd/default/quic046.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=12575,flow_src_total_bytes=5170,flow_dst_total_bytes=81927
+general json_lines=12,json_bytes=12569,flow_src_total_bytes=5170,flow_dst_total_bytes=81927
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_0RTT.pcap.out b/test/results/influxd/default/quic_0RTT.pcap.out
index 6360e8bb6..17a3a2260 100644
--- a/test/results/influxd/default/quic_0RTT.pcap.out
+++ b/test/results/influxd/default/quic_0RTT.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=17,json_bytes=20112,flow_src_total_bytes=3106,flow_dst_total_bytes=3906
+general json_lines=17,json_bytes=20104,flow_src_total_bytes=3106,flow_dst_total_bytes=3906
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_cc_ack.pcapng.out b/test/results/influxd/default/quic_cc_ack.pcapng.out
index 562d7d5e0..d188f8a5d 100644
--- a/test/results/influxd/default/quic_cc_ack.pcapng.out
+++ b/test/results/influxd/default/quic_cc_ack.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=12110,flow_src_total_bytes=2700,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=12104,flow_src_total_bytes=2700,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out b/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out
index de944488f..c7f40a50f 100644
--- a/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out
+++ b/test/results/influxd/default/quic_crypto_aes_auth_size.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=12786,flow_src_total_bytes=2700,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=12780,flow_src_total_bytes=2700,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out
index ab232cd46..abcea65ec 100644
--- a/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/influxd/default/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14576,flow_src_total_bytes=2464,flow_dst_total_bytes=1286
+general json_lines=11,json_bytes=14570,flow_src_total_bytes=2464,flow_dst_total_bytes=1286
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index 75f8631a2..46987baf9 100644
--- a/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/influxd/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=667,json_bytes=941886,flow_src_total_bytes=241650,flow_dst_total_bytes=0
+general json_lines=667,json_bytes=941834,flow_src_total_bytes=241650,flow_dst_total_bytes=0
 events flow_new_count=113,flow_end_count=0,flow_idle_count=113,flow_update_count=123,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=113,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=179,init_count=1,reconnect_count=0,shutdown_count=1,status_count=24,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=113
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=88,flow_breed_fun_count=22,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_frags_different_dcid.pcapng.out b/test/results/influxd/default/quic_frags_different_dcid.pcapng.out
index 2baa7be28..6545c6b01 100644
--- a/test/results/influxd/default/quic_frags_different_dcid.pcapng.out
+++ b/test/results/influxd/default/quic_frags_different_dcid.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=13591,flow_src_total_bytes=2500,flow_dst_total_bytes=1200
+general json_lines=11,json_bytes=13585,flow_src_total_bytes=2500,flow_dst_total_bytes=1200
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_interop_V.pcapng.out b/test/results/influxd/default/quic_interop_V.pcapng.out
index d2a6e25f6..ba91b15a4 100644
--- a/test/results/influxd/default/quic_interop_V.pcapng.out
+++ b/test/results/influxd/default/quic_interop_V.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=471,json_bytes=631383,flow_src_total_bytes=229418,flow_dst_total_bytes=1702
+general json_lines=471,json_bytes=631377,flow_src_total_bytes=229418,flow_dst_total_bytes=1702
 events flow_new_count=77,flow_end_count=0,flow_idle_count=77,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=77,flow_detection_update_count=30,flow_not_detected_count=0,flow_risky_count=58,packet_count=0,packet_flow_count=207,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=33,flow_state_finished=44
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=77,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_q39.pcap.out b/test/results/influxd/default/quic_q39.pcap.out
index 1d2934f03..2781f9df6 100644
--- a/test/results/influxd/default/quic_q39.pcap.out
+++ b/test/results/influxd/default/quic_q39.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=14826,flow_src_total_bytes=18965,flow_dst_total_bytes=2686
+general json_lines=12,json_bytes=14820,flow_src_total_bytes=18965,flow_dst_total_bytes=2686
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_q43.pcap.out b/test/results/influxd/default/quic_q43.pcap.out
index 232b32552..d385cdfb1 100644
--- a/test/results/influxd/default/quic_q43.pcap.out
+++ b/test/results/influxd/default/quic_q43.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=8,json_bytes=7547,flow_src_total_bytes=1350,flow_dst_total_bytes=30
+general json_lines=8,json_bytes=7541,flow_src_total_bytes=1350,flow_dst_total_bytes=30
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_q46.pcap.out b/test/results/influxd/default/quic_q46.pcap.out
index b1bc09bcd..500b94d0a 100644
--- a/test/results/influxd/default/quic_q46.pcap.out
+++ b/test/results/influxd/default/quic_q46.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14673,flow_src_total_bytes=1465,flow_dst_total_bytes=18936
+general json_lines=11,json_bytes=14667,flow_src_total_bytes=1465,flow_dst_total_bytes=18936
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_q46_b.pcap.out b/test/results/influxd/default/quic_q46_b.pcap.out
index f144e2056..9ca1ae117 100644
--- a/test/results/influxd/default/quic_q46_b.pcap.out
+++ b/test/results/influxd/default/quic_q46_b.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=11481,flow_src_total_bytes=2376,flow_dst_total_bytes=2844
+general json_lines=11,json_bytes=11475,flow_src_total_bytes=2376,flow_dst_total_bytes=2844
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_q50.pcap.out b/test/results/influxd/default/quic_q50.pcap.out
index 56ddee7fd..cfd6b30c8 100644
--- a/test/results/influxd/default/quic_q50.pcap.out
+++ b/test/results/influxd/default/quic_q50.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=12961,flow_src_total_bytes=3327,flow_dst_total_bytes=16267
+general json_lines=11,json_bytes=12955,flow_src_total_bytes=3327,flow_dst_total_bytes=16267
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_t50.pcap.out b/test/results/influxd/default/quic_t50.pcap.out
index 12ac1df31..a0f0e5a64 100644
--- a/test/results/influxd/default/quic_t50.pcap.out
+++ b/test/results/influxd/default/quic_t50.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=15377,flow_src_total_bytes=2894,flow_dst_total_bytes=5022
+general json_lines=11,json_bytes=15371,flow_src_total_bytes=2894,flow_dst_total_bytes=5022
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quic_t51.pcap.out b/test/results/influxd/default/quic_t51.pcap.out
index 85761e6fa..f116776cf 100644
--- a/test/results/influxd/default/quic_t51.pcap.out
+++ b/test/results/influxd/default/quic_t51.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=16728,flow_src_total_bytes=2888,flow_dst_total_bytes=5904
+general json_lines=11,json_bytes=16722,flow_src_total_bytes=2888,flow_dst_total_bytes=5904
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/quickplay.pcap.out b/test/results/influxd/default/quickplay.pcap.out
index a37f3af7e..d9b42525d 100644
--- a/test/results/influxd/default/quickplay.pcap.out
+++ b/test/results/influxd/default/quickplay.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=145,json_bytes=170573,flow_src_total_bytes=37682,flow_dst_total_bytes=58185
+general json_lines=145,json_bytes=170719,flow_src_total_bytes=37682,flow_dst_total_bytes=58185
 events flow_new_count=21,flow_end_count=2,flow_idle_count=19,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=21,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=68,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=8,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=8,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=3,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=11,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=3,flow_severity_medium=11,flow_severity_high=0,flow_severity_severe=4,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=3,flow_severity_medium=15,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=21,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=21,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=21,flow_detected_count=21,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=4,flow_risk_5_count=11,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=3,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=11,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=3,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=4
diff --git a/test/results/influxd/default/radius_false_positive.pcapng.out b/test/results/influxd/default/radius_false_positive.pcapng.out
index c84782eb0..cc7062bcb 100644
--- a/test/results/influxd/default/radius_false_positive.pcapng.out
+++ b/test/results/influxd/default/radius_false_positive.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=11593,flow_src_total_bytes=6859,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=11587,flow_src_total_bytes=6859,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/radmin3.pcapng.out b/test/results/influxd/default/radmin3.pcapng.out
index 850fc67c6..971c21378 100644
--- a/test/results/influxd/default/radmin3.pcapng.out
+++ b/test/results/influxd/default/radmin3.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=13305,flow_src_total_bytes=24,flow_dst_total_bytes=60
+general json_lines=19,json_bytes=13299,flow_src_total_bytes=24,flow_dst_total_bytes=60
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/raft.pcap.out b/test/results/influxd/default/raft.pcap.out
index 4e0ca4fa6..fa68beee2 100644
--- a/test/results/influxd/default/raft.pcap.out
+++ b/test/results/influxd/default/raft.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=17037,flow_src_total_bytes=2000,flow_dst_total_bytes=0
+general json_lines=21,json_bytes=17031,flow_src_total_bytes=2000,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/raknet.pcap.out b/test/results/influxd/default/raknet.pcap.out
index d8b0b0525..876e6cc8b 100644
--- a/test/results/influxd/default/raknet.pcap.out
+++ b/test/results/influxd/default/raknet.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=95,json_bytes=80650,flow_src_total_bytes=5863,flow_dst_total_bytes=753
+general json_lines=95,json_bytes=80642,flow_src_total_bytes=5863,flow_dst_total_bytes=753
 events flow_new_count=12,flow_end_count=0,flow_idle_count=12,flow_update_count=19,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=12,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=36,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=12
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=12,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rdp.pcap.out b/test/results/influxd/default/rdp.pcap.out
index ba322d80e..fa46ef268 100644
--- a/test/results/influxd/default/rdp.pcap.out
+++ b/test/results/influxd/default/rdp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7478,flow_src_total_bytes=1081,flow_dst_total_bytes=1661
+general json_lines=11,json_bytes=7472,flow_src_total_bytes=1081,flow_dst_total_bytes=1661
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rdp2.pcap.out b/test/results/influxd/default/rdp2.pcap.out
index 70f8a8dd4..17d82f4b6 100644
--- a/test/results/influxd/default/rdp2.pcap.out
+++ b/test/results/influxd/default/rdp2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=29,json_bytes=29548,flow_src_total_bytes=5097,flow_dst_total_bytes=4480
+general json_lines=29,json_bytes=29538,flow_src_total_bytes=5097,flow_dst_total_bytes=4480
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rdp3.pcap.out b/test/results/influxd/default/rdp3.pcap.out
index faa2299fd..edbbb16a1 100644
--- a/test/results/influxd/default/rdp3.pcap.out
+++ b/test/results/influxd/default/rdp3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7558,flow_src_total_bytes=1629,flow_dst_total_bytes=862
+general json_lines=11,json_bytes=7552,flow_src_total_bytes=1629,flow_dst_total_bytes=862
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/reasm_crash_anon.pcapng.out b/test/results/influxd/default/reasm_crash_anon.pcapng.out
index 5afb5f4df..6ab440bad 100644
--- a/test/results/influxd/default/reasm_crash_anon.pcapng.out
+++ b/test/results/influxd/default/reasm_crash_anon.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=10719,flow_src_total_bytes=979,flow_dst_total_bytes=5441
+general json_lines=14,json_bytes=10709,flow_src_total_bytes=979,flow_dst_total_bytes=5441
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/reasm_segv_anon.pcapng.out b/test/results/influxd/default/reasm_segv_anon.pcapng.out
index 83bda2c31..50c9eb455 100644
--- a/test/results/influxd/default/reasm_segv_anon.pcapng.out
+++ b/test/results/influxd/default/reasm_segv_anon.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=44,json_bytes=27013,flow_src_total_bytes=2008,flow_dst_total_bytes=72488
+general json_lines=44,json_bytes=27007,flow_src_total_bytes=2008,flow_dst_total_bytes=72488
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=16,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=16,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/reddit.pcap.out b/test/results/influxd/default/reddit.pcap.out
index c3428cc28..c6dc71798 100644
--- a/test/results/influxd/default/reddit.pcap.out
+++ b/test/results/influxd/default/reddit.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=582,json_bytes=564378,flow_src_total_bytes=64920,flow_dst_total_bytes=481968
+general json_lines=582,json_bytes=564372,flow_src_total_bytes=64920,flow_dst_total_bytes=481968
 events flow_new_count=60,flow_end_count=23,flow_idle_count=37,flow_update_count=0,flow_analyse_count=17,flow_guessed_count=1,flow_detected_count=59,flow_detection_update_count=84,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=298,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=39,flow_state_finished=21
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=26,flow_breed_fun_count=26,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/resp.pcap.out b/test/results/influxd/default/resp.pcap.out
index 59c2c65c5..e9192962a 100644
--- a/test/results/influxd/default/resp.pcap.out
+++ b/test/results/influxd/default/resp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9533,flow_src_total_bytes=96,flow_dst_total_bytes=90212
+general json_lines=12,json_bytes=9527,flow_src_total_bytes=96,flow_dst_total_bytes=90212
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/riot.pcapng.out b/test/results/influxd/default/riot.pcapng.out
index b823497c5..d967b3dad 100644
--- a/test/results/influxd/default/riot.pcapng.out
+++ b/test/results/influxd/default/riot.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=18,json_bytes=25237,flow_src_total_bytes=8202,flow_dst_total_bytes=0
+general json_lines=18,json_bytes=25334,flow_src_total_bytes=8202,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/riotgames.pcap.out b/test/results/influxd/default/riotgames.pcap.out
index faccd9d41..88bd15faf 100644
--- a/test/results/influxd/default/riotgames.pcap.out
+++ b/test/results/influxd/default/riotgames.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=62,json_bytes=45140,flow_src_total_bytes=1342,flow_dst_total_bytes=743
+general json_lines=62,json_bytes=45118,flow_src_total_bytes=1342,flow_dst_total_bytes=743
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=24,init_count=1,reconnect_count=0,shutdown_count=1,status_count=9,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=9
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=9,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rmcp.pcap.out b/test/results/influxd/default/rmcp.pcap.out
index a38dd2464..5b8c1e518 100644
--- a/test/results/influxd/default/rmcp.pcap.out
+++ b/test/results/influxd/default/rmcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=29,json_bytes=22445,flow_src_total_bytes=116,flow_dst_total_bytes=0
+general json_lines=29,json_bytes=22435,flow_src_total_bytes=116,flow_dst_total_bytes=0
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=6
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/roblox.pcapng.out b/test/results/influxd/default/roblox.pcapng.out
index 5117cb08c..e5041f929 100644
--- a/test/results/influxd/default/roblox.pcapng.out
+++ b/test/results/influxd/default/roblox.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=39,json_bytes=43165,flow_src_total_bytes=17844,flow_dst_total_bytes=11993
+general json_lines=39,json_bytes=43155,flow_src_total_bytes=17844,flow_dst_total_bytes=11993
 events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/roughtime.pcap.out b/test/results/influxd/default/roughtime.pcap.out
index 84fa234e5..a4dcf0db6 100644
--- a/test/results/influxd/default/roughtime.pcap.out
+++ b/test/results/influxd/default/roughtime.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=19260,flow_src_total_bytes=2768,flow_dst_total_bytes=0
+general json_lines=20,json_bytes=19252,flow_src_total_bytes=2768,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rsh-syslog-false-positive.pcap.out b/test/results/influxd/default/rsh-syslog-false-positive.pcap.out
index 2c14dd9fa..2537510b3 100644
--- a/test/results/influxd/default/rsh-syslog-false-positive.pcap.out
+++ b/test/results/influxd/default/rsh-syslog-false-positive.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=14744,flow_src_total_bytes=4939,flow_dst_total_bytes=0
+general json_lines=15,json_bytes=14738,flow_src_total_bytes=4939,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=2,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rsh.pcap.out b/test/results/influxd/default/rsh.pcap.out
index 16d861b46..1605254a5 100644
--- a/test/results/influxd/default/rsh.pcap.out
+++ b/test/results/influxd/default/rsh.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=13832,flow_src_total_bytes=66,flow_dst_total_bytes=39
+general json_lines=19,json_bytes=13826,flow_src_total_bytes=66,flow_dst_total_bytes=39
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=2,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rsync.pcap.out b/test/results/influxd/default/rsync.pcap.out
index efac62332..48e39e050 100644
--- a/test/results/influxd/default/rsync.pcap.out
+++ b/test/results/influxd/default/rsync.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7322,flow_src_total_bytes=86,flow_dst_total_bytes=411
+general json_lines=11,json_bytes=7316,flow_src_total_bytes=86,flow_dst_total_bytes=411
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
index a75cb8e12..e7eefcd1f 100644
--- a/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
+++ b/test/results/influxd/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8241,flow_src_total_bytes=336,flow_dst_total_bytes=184
+general json_lines=11,json_bytes=8235,flow_src_total_bytes=336,flow_dst_total_bytes=184
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtmp.pcap.out b/test/results/influxd/default/rtmp.pcap.out
index ae2a4143c..24172438b 100644
--- a/test/results/influxd/default/rtmp.pcap.out
+++ b/test/results/influxd/default/rtmp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9233,flow_src_total_bytes=3452,flow_dst_total_bytes=3496
+general json_lines=11,json_bytes=9227,flow_src_total_bytes=3452,flow_dst_total_bytes=3496
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtp.pcapng.out b/test/results/influxd/default/rtp.pcapng.out
index ba3065d39..9d851ad1f 100644
--- a/test/results/influxd/default/rtp.pcapng.out
+++ b/test/results/influxd/default/rtp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=27803,flow_src_total_bytes=19602,flow_dst_total_bytes=13839
+general json_lines=28,json_bytes=27795,flow_src_total_bytes=19602,flow_dst_total_bytes=13839
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtps.pcap.out b/test/results/influxd/default/rtps.pcap.out
index 811272c36..11abec8ea 100644
--- a/test/results/influxd/default/rtps.pcap.out
+++ b/test/results/influxd/default/rtps.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=20361,flow_src_total_bytes=21164,flow_dst_total_bytes=0
+general json_lines=19,json_bytes=20355,flow_src_total_bytes=21164,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=8,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtsp.pcap.out b/test/results/influxd/default/rtsp.pcap.out
index 35a81ed71..6cebd2256 100644
--- a/test/results/influxd/default/rtsp.pcap.out
+++ b/test/results/influxd/default/rtsp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=65,json_bytes=55816,flow_src_total_bytes=22024,flow_dst_total_bytes=45372
+general json_lines=65,json_bytes=55810,flow_src_total_bytes=22024,flow_dst_total_bytes=45372
 events flow_new_count=7,flow_end_count=6,flow_idle_count=1,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rtsp_setup_http.pcapng.out b/test/results/influxd/default/rtsp_setup_http.pcapng.out
index a0ee96dfd..a0d4c63d7 100644
--- a/test/results/influxd/default/rtsp_setup_http.pcapng.out
+++ b/test/results/influxd/default/rtsp_setup_http.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=5646,flow_src_total_bytes=179,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=5640,flow_src_total_bytes=179,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/rx.pcap.out b/test/results/influxd/default/rx.pcap.out
index 6ead68d2a..998a9ac5d 100644
--- a/test/results/influxd/default/rx.pcap.out
+++ b/test/results/influxd/default/rx.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=40,json_bytes=33264,flow_src_total_bytes=8248,flow_dst_total_bytes=12683
+general json_lines=40,json_bytes=33258,flow_src_total_bytes=8248,flow_dst_total_bytes=12683
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=21,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/s7comm-plus.pcap.out b/test/results/influxd/default/s7comm-plus.pcap.out
index c4487599b..62f0818c8 100644
--- a/test/results/influxd/default/s7comm-plus.pcap.out
+++ b/test/results/influxd/default/s7comm-plus.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9495,flow_src_total_bytes=3254,flow_dst_total_bytes=2655
+general json_lines=12,json_bytes=9489,flow_src_total_bytes=3254,flow_dst_total_bytes=2655
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/s7comm.pcap.out b/test/results/influxd/default/s7comm.pcap.out
index 50e5d1f9f..0e6833a4d 100644
--- a/test/results/influxd/default/s7comm.pcap.out
+++ b/test/results/influxd/default/s7comm.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9520,flow_src_total_bytes=1202,flow_dst_total_bytes=1088
+general json_lines=12,json_bytes=9514,flow_src_total_bytes=1202,flow_dst_total_bytes=1088
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/safari.pcap.out b/test/results/influxd/default/safari.pcap.out
index 04dbc2985..993d5558c 100644
--- a/test/results/influxd/default/safari.pcap.out
+++ b/test/results/influxd/default/safari.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=69,json_bytes=59779,flow_src_total_bytes=7006,flow_dst_total_bytes=65156
+general json_lines=69,json_bytes=59773,flow_src_total_bytes=7006,flow_dst_total_bytes=65156
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=5
 breed flow_breed_safe_count=7,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/salesforce.pcap.out b/test/results/influxd/default/salesforce.pcap.out
index 09f6a06d0..229699c66 100644
--- a/test/results/influxd/default/salesforce.pcap.out
+++ b/test/results/influxd/default/salesforce.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=11289,flow_src_total_bytes=610,flow_dst_total_bytes=3585
+general json_lines=13,json_bytes=11283,flow_src_total_bytes=610,flow_dst_total_bytes=3585
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sccp_hw_conf_register.pcapng.out b/test/results/influxd/default/sccp_hw_conf_register.pcapng.out
index 1f50ddfb5..59adc3e1e 100644
--- a/test/results/influxd/default/sccp_hw_conf_register.pcapng.out
+++ b/test/results/influxd/default/sccp_hw_conf_register.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7621,flow_src_total_bytes=496,flow_dst_total_bytes=100
+general json_lines=11,json_bytes=7615,flow_src_total_bytes=496,flow_dst_total_bytes=100
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sctp.cap.out b/test/results/influxd/default/sctp.cap.out
index b6c3151d1..426cbf643 100644
--- a/test/results/influxd/default/sctp.cap.out
+++ b/test/results/influxd/default/sctp.cap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=9272,flow_src_total_bytes=140,flow_dst_total_bytes=64
+general json_lines=13,json_bytes=9266,flow_src_total_bytes=140,flow_dst_total_bytes=64
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/selfsigned.pcap.out b/test/results/influxd/default/selfsigned.pcap.out
index 5b25e6c3c..fa5d21702 100644
--- a/test/results/influxd/default/selfsigned.pcap.out
+++ b/test/results/influxd/default/selfsigned.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10436,flow_src_total_bytes=849,flow_dst_total_bytes=1785
+general json_lines=12,json_bytes=10430,flow_src_total_bytes=849,flow_dst_total_bytes=1785
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sflow.pcap.out b/test/results/influxd/default/sflow.pcap.out
index a9a178b81..f6577c4ad 100644
--- a/test/results/influxd/default/sflow.pcap.out
+++ b/test/results/influxd/default/sflow.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9116,flow_src_total_bytes=1324,flow_dst_total_bytes=0
+general json_lines=12,json_bytes=9110,flow_src_total_bytes=1324,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/shadowsocks.pcap.out b/test/results/influxd/default/shadowsocks.pcap.out
index a9b050b99..0a43b79dc 100644
--- a/test/results/influxd/default/shadowsocks.pcap.out
+++ b/test/results/influxd/default/shadowsocks.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=12908,flow_src_total_bytes=201,flow_dst_total_bytes=134662
+general json_lines=19,json_bytes=12902,flow_src_total_bytes=201,flow_dst_total_bytes=134662
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/shell.pcap.out b/test/results/influxd/default/shell.pcap.out
new file mode 100644
index 000000000..d7f208abd
--- /dev/null
+++ b/test/results/influxd/default/shell.pcap.out
@@ -0,0 +1,11 @@
+general json_lines=27,json_bytes=35278,flow_src_total_bytes=12250,flow_dst_total_bytes=0
+events flow_new_count=4,flow_end_count=2,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=4,flow_risky_count=0,packet_count=0,packet_flow_count=12,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=4,flow_state_finished=0
+breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
+category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
+confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=0,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
+severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+layer3 flow_l3_ip4_count=4,flow_l3_ip6_count=0,flow_l3_other_count=0
+layer4 flow_l4_tcp_count=2,flow_l4_udp_count=2,flow_l4_icmp_count=0,flow_l4_other_count=0
+detection flow_active_count=4,flow_detected_count=0,flow_guessed_count=0,flow_not_detected_count=4
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/signal.pcap.out b/test/results/influxd/default/signal.pcap.out
index 2d83d78fb..51a5dec01 100644
--- a/test/results/influxd/default/signal.pcap.out
+++ b/test/results/influxd/default/signal.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=175,json_bytes=160815,flow_src_total_bytes=219449,flow_dst_total_bytes=54393
+general json_lines=175,json_bytes=160809,flow_src_total_bytes=219449,flow_dst_total_bytes=54393
 events flow_new_count=19,flow_end_count=9,flow_idle_count=10,flow_update_count=0,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=19,flow_detection_update_count=27,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=84,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=16
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=3,flow_breed_fun_count=13,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/simple-dnscrypt.pcap.out b/test/results/influxd/default/simple-dnscrypt.pcap.out
index 282c91be3..09b3c41ad 100644
--- a/test/results/influxd/default/simple-dnscrypt.pcap.out
+++ b/test/results/influxd/default/simple-dnscrypt.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=45,json_bytes=42109,flow_src_total_bytes=2480,flow_dst_total_bytes=36106
+general json_lines=45,json_bytes=42103,flow_src_total_bytes=2480,flow_dst_total_bytes=36106
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=2
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sip.pcap.out b/test/results/influxd/default/sip.pcap.out
index 38e1cedc2..687f68c29 100644
--- a/test/results/influxd/default/sip.pcap.out
+++ b/test/results/influxd/default/sip.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=59,json_bytes=57867,flow_src_total_bytes=28304,flow_dst_total_bytes=16151
+general json_lines=59,json_bytes=57857,flow_src_total_bytes=28304,flow_dst_total_bytes=16151
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=25,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sip_hello.pcapng.out b/test/results/influxd/default/sip_hello.pcapng.out
index 524af0586..08da706f2 100644
--- a/test/results/influxd/default/sip_hello.pcapng.out
+++ b/test/results/influxd/default/sip_hello.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=15571,flow_src_total_bytes=1962,flow_dst_total_bytes=2172
+general json_lines=20,json_bytes=15565,flow_src_total_bytes=1962,flow_dst_total_bytes=2172
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=9,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sites.pcapng.out b/test/results/influxd/default/sites.pcapng.out
index cae0ea180..062979bab 100644
--- a/test/results/influxd/default/sites.pcapng.out
+++ b/test/results/influxd/default/sites.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=488,json_bytes=535678,flow_src_total_bytes=42344,flow_dst_total_bytes=251837
+general json_lines=488,json_bytes=535642,flow_src_total_bytes=42344,flow_dst_total_bytes=251837
 events flow_new_count=56,flow_end_count=9,flow_idle_count=47,flow_update_count=1,flow_analyse_count=2,flow_guessed_count=4,flow_detected_count=52,flow_detection_update_count=58,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=241,init_count=1,reconnect_count=0,shutdown_count=1,status_count=16,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=50,flow_state_finished=6
 breed flow_breed_safe_count=8,flow_breed_acceptable_count=20,flow_breed_fun_count=23,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=1,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/skinny.pcap.out b/test/results/influxd/default/skinny.pcap.out
index a571d3183..8c316f6cf 100644
--- a/test/results/influxd/default/skinny.pcap.out
+++ b/test/results/influxd/default/skinny.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=61,json_bytes=50806,flow_src_total_bytes=19224,flow_dst_total_bytes=7540
+general json_lines=61,json_bytes=50800,flow_src_total_bytes=19224,flow_dst_total_bytes=7540
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=35,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/skype-conference-call.pcap.out b/test/results/influxd/default/skype-conference-call.pcap.out
index 496700da5..b87fcb392 100644
--- a/test/results/influxd/default/skype-conference-call.pcap.out
+++ b/test/results/influxd/default/skype-conference-call.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10595,flow_src_total_bytes=19259,flow_dst_total_bytes=12028
+general json_lines=12,json_bytes=10589,flow_src_total_bytes=19259,flow_dst_total_bytes=12028
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smb_deletefile.pcap.out b/test/results/influxd/default/smb_deletefile.pcap.out
index 4c369920a..44de36b8f 100644
--- a/test/results/influxd/default/smb_deletefile.pcap.out
+++ b/test/results/influxd/default/smb_deletefile.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=11914,flow_src_total_bytes=11034,flow_dst_total_bytes=14218
+general json_lines=12,json_bytes=11908,flow_src_total_bytes=11034,flow_dst_total_bytes=14218
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smb_frags.pcap.out b/test/results/influxd/default/smb_frags.pcap.out
index acb158d02..98c747f7c 100644
--- a/test/results/influxd/default/smb_frags.pcap.out
+++ b/test/results/influxd/default/smb_frags.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=10318,flow_src_total_bytes=1651,flow_dst_total_bytes=536
+general json_lines=11,json_bytes=10312,flow_src_total_bytes=1651,flow_dst_total_bytes=536
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smbv1.pcap.out b/test/results/influxd/default/smbv1.pcap.out
index 44e8db566..15b75d32c 100644
--- a/test/results/influxd/default/smbv1.pcap.out
+++ b/test/results/influxd/default/smbv1.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8872,flow_src_total_bytes=453,flow_dst_total_bytes=366
+general json_lines=11,json_bytes=8866,flow_src_total_bytes=453,flow_dst_total_bytes=366
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smpp_in_general.pcap.out b/test/results/influxd/default/smpp_in_general.pcap.out
index fef035a72..b98a3e31d 100644
--- a/test/results/influxd/default/smpp_in_general.pcap.out
+++ b/test/results/influxd/default/smpp_in_general.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7424,flow_src_total_bytes=122,flow_dst_total_bytes=78
+general json_lines=11,json_bytes=7418,flow_src_total_bytes=122,flow_dst_total_bytes=78
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smtp-starttls.pcap.out b/test/results/influxd/default/smtp-starttls.pcap.out
index 584cfdb62..4bb37b206 100644
--- a/test/results/influxd/default/smtp-starttls.pcap.out
+++ b/test/results/influxd/default/smtp-starttls.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=26291,flow_src_total_bytes=3118,flow_dst_total_bytes=6724
+general json_lines=28,json_bytes=26283,flow_src_total_bytes=3118,flow_dst_total_bytes=6724
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smtp.pcap.out b/test/results/influxd/default/smtp.pcap.out
index d080e1968..ba839db68 100644
--- a/test/results/influxd/default/smtp.pcap.out
+++ b/test/results/influxd/default/smtp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9538,flow_src_total_bytes=16527,flow_dst_total_bytes=1428
+general json_lines=12,json_bytes=9532,flow_src_total_bytes=16527,flow_dst_total_bytes=1428
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/smtps.pcapng.out b/test/results/influxd/default/smtps.pcapng.out
index 912407456..de94cab1b 100644
--- a/test/results/influxd/default/smtps.pcapng.out
+++ b/test/results/influxd/default/smtps.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9321,flow_src_total_bytes=517,flow_dst_total_bytes=179
+general json_lines=11,json_bytes=9315,flow_src_total_bytes=517,flow_dst_total_bytes=179
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/snapchat.pcap.out b/test/results/influxd/default/snapchat.pcap.out
index 63229a189..534693be6 100644
--- a/test/results/influxd/default/snapchat.pcap.out
+++ b/test/results/influxd/default/snapchat.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=25012,flow_src_total_bytes=4919,flow_dst_total_bytes=2196
+general json_lines=30,json_bytes=25006,flow_src_total_bytes=4919,flow_dst_total_bytes=2196
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/snapchat_call.pcapng.out b/test/results/influxd/default/snapchat_call.pcapng.out
index e53a75194..419d7543d 100644
--- a/test/results/influxd/default/snapchat_call.pcapng.out
+++ b/test/results/influxd/default/snapchat_call.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=19123,flow_src_total_bytes=4245,flow_dst_total_bytes=6427
+general json_lines=13,json_bytes=19117,flow_src_total_bytes=4245,flow_dst_total_bytes=6427
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/snapchat_call_v1.pcapng.out b/test/results/influxd/default/snapchat_call_v1.pcapng.out
index 30f5cf62d..a535f43eb 100644
--- a/test/results/influxd/default/snapchat_call_v1.pcapng.out
+++ b/test/results/influxd/default/snapchat_call_v1.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=18212,flow_src_total_bytes=337357,flow_dst_total_bytes=7923
+general json_lines=13,json_bytes=18206,flow_src_total_bytes=337357,flow_dst_total_bytes=7923
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/snmp.pcap.out b/test/results/influxd/default/snmp.pcap.out
index 5d678aa5a..bcfe32419 100644
--- a/test/results/influxd/default/snmp.pcap.out
+++ b/test/results/influxd/default/snmp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=139,json_bytes=115549,flow_src_total_bytes=7241,flow_dst_total_bytes=4130
+general json_lines=139,json_bytes=115537,flow_src_total_bytes=7241,flow_dst_total_bytes=4130
 events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=15
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/soap.pcap.out b/test/results/influxd/default/soap.pcap.out
index b13111a44..5e8380590 100644
--- a/test/results/influxd/default/soap.pcap.out
+++ b/test/results/influxd/default/soap.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=24,json_bytes=27572,flow_src_total_bytes=8109,flow_dst_total_bytes=1637
+general json_lines=24,json_bytes=27564,flow_src_total_bytes=8109,flow_dst_total_bytes=1637
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/socks.pcap.out b/test/results/influxd/default/socks.pcap.out
index 7209dc889..3fdc8c54f 100644
--- a/test/results/influxd/default/socks.pcap.out
+++ b/test/results/influxd/default/socks.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=36,json_bytes=24629,flow_src_total_bytes=905,flow_dst_total_bytes=5743
+general json_lines=36,json_bytes=24621,flow_src_total_bytes=905,flow_dst_total_bytes=5743
 events flow_new_count=4,flow_end_count=4,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/softether.pcap.out b/test/results/influxd/default/softether.pcap.out
index ad0a668ae..9a82bb2b6 100644
--- a/test/results/influxd/default/softether.pcap.out
+++ b/test/results/influxd/default/softether.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=107,json_bytes=91835,flow_src_total_bytes=7165,flow_dst_total_bytes=6576
+general json_lines=107,json_bytes=91807,flow_src_total_bytes=7165,flow_dst_total_bytes=6576
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=40,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=5,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=29,init_count=1,reconnect_count=0,shutdown_count=1,status_count=12,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=6,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/someip-tp.pcap.out b/test/results/influxd/default/someip-tp.pcap.out
index 08fce5dfe..d3856b8c5 100644
--- a/test/results/influxd/default/someip-tp.pcap.out
+++ b/test/results/influxd/default/someip-tp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=17014,flow_src_total_bytes=12472,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=17008,flow_src_total_bytes=12472,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/someip-udp-method-call.pcapng.out b/test/results/influxd/default/someip-udp-method-call.pcapng.out
index e3b4a3c70..20b3bda42 100644
--- a/test/results/influxd/default/someip-udp-method-call.pcapng.out
+++ b/test/results/influxd/default/someip-udp-method-call.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10038,flow_src_total_bytes=353,flow_dst_total_bytes=25
+general json_lines=12,json_bytes=10032,flow_src_total_bytes=353,flow_dst_total_bytes=25
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/someip_sd_sample.pcap.out b/test/results/influxd/default/someip_sd_sample.pcap.out
index 4b5334286..8657140aa 100644
--- a/test/results/influxd/default/someip_sd_sample.pcap.out
+++ b/test/results/influxd/default/someip_sd_sample.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=6558,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=15,json_bytes=6552,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=0,flow_end_count=0,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=6,packet_flow_count=0,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=6,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/source_engine.pcap.out b/test/results/influxd/default/source_engine.pcap.out
index e8b502f7a..89d813dc5 100644
--- a/test/results/influxd/default/source_engine.pcap.out
+++ b/test/results/influxd/default/source_engine.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=85,json_bytes=68671,flow_src_total_bytes=425,flow_dst_total_bytes=0
+general json_lines=85,json_bytes=68647,flow_src_total_bytes=425,flow_dst_total_bytes=0
 events flow_new_count=17,flow_end_count=0,flow_idle_count=17,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=17,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=17
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=17,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/spotify_tcp.pcap.out b/test/results/influxd/default/spotify_tcp.pcap.out
index d705b8310..271768c87 100644
--- a/test/results/influxd/default/spotify_tcp.pcap.out
+++ b/test/results/influxd/default/spotify_tcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=6894,flow_src_total_bytes=792,flow_dst_total_bytes=2002
+general json_lines=10,json_bytes=6890,flow_src_total_bytes=792,flow_dst_total_bytes=2002
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/sql_injection.pcap.out b/test/results/influxd/default/sql_injection.pcap.out
index da488f641..0c46d1f8c 100644
--- a/test/results/influxd/default/sql_injection.pcap.out
+++ b/test/results/influxd/default/sql_injection.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=11382,flow_src_total_bytes=691,flow_dst_total_bytes=1727
+general json_lines=11,json_bytes=11376,flow_src_total_bytes=691,flow_dst_total_bytes=1727
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/srvloc-v1.pcapng.out b/test/results/influxd/default/srvloc-v1.pcapng.out
index 7963e2a34..f049c5660 100644
--- a/test/results/influxd/default/srvloc-v1.pcapng.out
+++ b/test/results/influxd/default/srvloc-v1.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=8958,flow_src_total_bytes=406,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=8952,flow_src_total_bytes=406,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/srvloc.pcap.out b/test/results/influxd/default/srvloc.pcap.out
index 7730aaf1e..64c77f68d 100644
--- a/test/results/influxd/default/srvloc.pcap.out
+++ b/test/results/influxd/default/srvloc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=3001,json_bytes=2440231,flow_src_total_bytes=30707,flow_dst_total_bytes=0
+general json_lines=3001,json_bytes=2439419,flow_src_total_bytes=30707,flow_dst_total_bytes=0
 events flow_new_count=621,flow_end_count=0,flow_idle_count=621,flow_update_count=103,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=621,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=629,init_count=1,reconnect_count=0,shutdown_count=1,status_count=404,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=621
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=621,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ssdp-m-search-ua.pcap.out b/test/results/influxd/default/ssdp-m-search-ua.pcap.out
index c0d43d634..c93ad0141 100644
--- a/test/results/influxd/default/ssdp-m-search-ua.pcap.out
+++ b/test/results/influxd/default/ssdp-m-search-ua.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=7720,flow_src_total_bytes=696,flow_dst_total_bytes=0
+general json_lines=10,json_bytes=7714,flow_src_total_bytes=696,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ssdp-m-search.pcap.out b/test/results/influxd/default/ssdp-m-search.pcap.out
index fa51107ac..fc9488e90 100644
--- a/test/results/influxd/default/ssdp-m-search.pcap.out
+++ b/test/results/influxd/default/ssdp-m-search.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=8402,flow_src_total_bytes=399,flow_dst_total_bytes=0
+general json_lines=12,json_bytes=8396,flow_src_total_bytes=399,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ssh.pcap.out b/test/results/influxd/default/ssh.pcap.out
index 637aec0b2..a334bd03b 100644
--- a/test/results/influxd/default/ssh.pcap.out
+++ b/test/results/influxd/default/ssh.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=16,json_bytes=15535,flow_src_total_bytes=5109,flow_dst_total_bytes=13389
+general json_lines=16,json_bytes=15529,flow_src_total_bytes=5109,flow_dst_total_bytes=13389
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out b/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out
index b6c93033d..00705a858 100644
--- a/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/influxd/default/ssl-cert-name-mismatch.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=10908,flow_src_total_bytes=402,flow_dst_total_bytes=3608
+general json_lines=13,json_bytes=10902,flow_src_total_bytes=402,flow_dst_total_bytes=3608
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/starcraft_battle.pcap.out b/test/results/influxd/default/starcraft_battle.pcap.out
index 9cefd3286..d358745f0 100644
--- a/test/results/influxd/default/starcraft_battle.pcap.out
+++ b/test/results/influxd/default/starcraft_battle.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=383,json_bytes=296740,flow_src_total_bytes=11037,flow_dst_total_bytes=305631
+general json_lines=383,json_bytes=296791,flow_src_total_bytes=11037,flow_dst_total_bytes=305631
 events flow_new_count=52,flow_end_count=26,flow_idle_count=26,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=13,flow_detected_count=39,flow_detection_update_count=16,flow_not_detected_count=0,flow_risky_count=8,packet_count=1,packet_flow_count=203,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=1,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=16,flow_state_finished=36
 breed flow_breed_safe_count=9,flow_breed_acceptable_count=28,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=27,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=2,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=1,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=39,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=9,flow_severity_medium=1,flow_severity_high=7,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=9,flow_severity_medium=2,flow_severity_high=7,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=52,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=38,flow_l4_udp_count=13,flow_l4_icmp_count=0,flow_l4_other_count=1
 detection flow_active_count=52,flow_detected_count=39,flow_guessed_count=13,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=5,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=1,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=6,flow_risk_47_count=1,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=2,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=5,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=1,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=6,flow_risk_47_count=1,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/default/steam.pcapng.out b/test/results/influxd/default/steam.pcapng.out
index 1812ed822..d6ec64373 100644
--- a/test/results/influxd/default/steam.pcapng.out
+++ b/test/results/influxd/default/steam.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=59,json_bytes=50697,flow_src_total_bytes=5134,flow_dst_total_bytes=4588
+general json_lines=59,json_bytes=50691,flow_src_total_bytes=5134,flow_dst_total_bytes=4588
 events flow_new_count=7,flow_end_count=1,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=7,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stomp.pcapng.out b/test/results/influxd/default/stomp.pcapng.out
index 5219649bb..cf0462a8c 100644
--- a/test/results/influxd/default/stomp.pcapng.out
+++ b/test/results/influxd/default/stomp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7378,flow_src_total_bytes=195,flow_dst_total_bytes=291
+general json_lines=11,json_bytes=7372,flow_src_total_bytes=195,flow_dst_total_bytes=291
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun.pcap.out b/test/results/influxd/default/stun.pcap.out
index 00b64fd5e..c69f71099 100644
--- a/test/results/influxd/default/stun.pcap.out
+++ b/test/results/influxd/default/stun.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=89,json_bytes=76168,flow_src_total_bytes=9540,flow_dst_total_bytes=9072
+general json_lines=89,json_bytes=76148,flow_src_total_bytes=9540,flow_dst_total_bytes=9072
 events flow_new_count=9,flow_end_count=1,flow_idle_count=8,flow_update_count=3,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=37,init_count=1,reconnect_count=0,shutdown_count=1,status_count=8,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_classic.pcap.out b/test/results/influxd/default/stun_classic.pcap.out
index f8796852c..0d0beaea5 100644
--- a/test/results/influxd/default/stun_classic.pcap.out
+++ b/test/results/influxd/default/stun_classic.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=8806,flow_src_total_bytes=284,flow_dst_total_bytes=416
+general json_lines=12,json_bytes=8800,flow_src_total_bytes=284,flow_dst_total_bytes=416
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_dtls_rtp.pcapng.out b/test/results/influxd/default/stun_dtls_rtp.pcapng.out
index 3dae82b1b..554b99cb8 100644
--- a/test/results/influxd/default/stun_dtls_rtp.pcapng.out
+++ b/test/results/influxd/default/stun_dtls_rtp.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=12223,flow_src_total_bytes=3152,flow_dst_total_bytes=3623
+general json_lines=12,json_bytes=12217,flow_src_total_bytes=3152,flow_dst_total_bytes=3623
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out
index 3af09b012..6bc0392ee 100644
--- a/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/influxd/default/stun_dtls_rtp_unidir.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=17361,flow_src_total_bytes=8552,flow_dst_total_bytes=0
+general json_lines=21,json_bytes=17355,flow_src_total_bytes=8552,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out b/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out
index 5f45b6fdd..dc2944aea 100644
--- a/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out
+++ b/test/results/influxd/default/stun_dtls_unidirectional_client.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12062,flow_src_total_bytes=1456,flow_dst_total_bytes=0
+general json_lines=13,json_bytes=12056,flow_src_total_bytes=1456,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out b/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out
index 77c4ce15b..ba47f8074 100644
--- a/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out
+++ b/test/results/influxd/default/stun_dtls_unidirectional_server.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12217,flow_src_total_bytes=1311,flow_dst_total_bytes=0
+general json_lines=13,json_bytes=12211,flow_src_total_bytes=1311,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_google_meet.pcapng.out b/test/results/influxd/default/stun_google_meet.pcapng.out
index 0d6ac61f2..248120b2a 100644
--- a/test/results/influxd/default/stun_google_meet.pcapng.out
+++ b/test/results/influxd/default/stun_google_meet.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=71,json_bytes=63366,flow_src_total_bytes=13243,flow_dst_total_bytes=43190
+general json_lines=71,json_bytes=63358,flow_src_total_bytes=13243,flow_dst_total_bytes=43190
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=6,flow_analyse_count=4,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=34,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_msteams_unidir.pcapng.out b/test/results/influxd/default/stun_msteams_unidir.pcapng.out
index def4a92f9..92e1a62f3 100644
--- a/test/results/influxd/default/stun_msteams_unidir.pcapng.out
+++ b/test/results/influxd/default/stun_msteams_unidir.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=11199,flow_src_total_bytes=5440,flow_dst_total_bytes=0
+general json_lines=11,json_bytes=11193,flow_src_total_bytes=5440,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_signal.pcapng.out b/test/results/influxd/default/stun_signal.pcapng.out
index f04cd7306..08e2e88d6 100644
--- a/test/results/influxd/default/stun_signal.pcapng.out
+++ b/test/results/influxd/default/stun_signal.pcapng.out
@@ -1,11 +1,11 @@
-general json_lines=211,json_bytes=169746,flow_src_total_bytes=13408,flow_dst_total_bytes=16192
-events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=15,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=0,flow_state_finished=23
+general json_lines=229,json_bytes=190798,flow_src_total_bytes=13408,flow_dst_total_bytes=16192
+events flow_new_count=23,flow_end_count=0,flow_idle_count=23,flow_update_count=15,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=23,flow_detection_update_count=26,flow_not_detected_count=0,flow_risky_count=17,packet_count=0,packet_flow_count=113,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=2,flow_state_finished=21
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=23,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=15,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=15,flow_confidence_dpi=8,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=4,flow_severity_medium=21,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=14,flow_severity_medium=35,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=23,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=21,flow_l4_icmp_count=2,flow_l4_other_count=0
 detection flow_active_count=23,flow_detected_count=23,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=21,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=6,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=35,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=16,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
index a3ad2d3f4..4bda40c65 100644
--- a/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
+++ b/test/results/influxd/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7830,flow_src_total_bytes=0,flow_dst_total_bytes=168
+general json_lines=11,json_bytes=7824,flow_src_total_bytes=0,flow_dst_total_bytes=168
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/stun_wa_call.pcapng.out b/test/results/influxd/default/stun_wa_call.pcapng.out
index 6e73b8f07..314841897 100644
--- a/test/results/influxd/default/stun_wa_call.pcapng.out
+++ b/test/results/influxd/default/stun_wa_call.pcapng.out
@@ -1,11 +1,11 @@
-general json_lines=130,json_bytes=113256,flow_src_total_bytes=44019,flow_dst_total_bytes=64856
-events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=20,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=61,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+general json_lines=132,json_bytes=115689,flow_src_total_bytes=44019,flow_dst_total_bytes=64856
+events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=5,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=22,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=61,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=12,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=10,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=11,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=13,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=0,flow_l4_udp_count=12,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=13,flow_detected_count=13,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=2,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=10,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=4,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=11,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/stun_zoom.pcapng.out b/test/results/influxd/default/stun_zoom.pcapng.out
index 74242742e..87f136cf7 100644
--- a/test/results/influxd/default/stun_zoom.pcapng.out
+++ b/test/results/influxd/default/stun_zoom.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=27,json_bytes=25766,flow_src_total_bytes=4671,flow_dst_total_bytes=10647
+general json_lines=27,json_bytes=25760,flow_src_total_bytes=4671,flow_dst_total_bytes=10647
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/syncthing.pcap.out b/test/results/influxd/default/syncthing.pcap.out
index 0fca6bff3..da83603e6 100644
--- a/test/results/influxd/default/syncthing.pcap.out
+++ b/test/results/influxd/default/syncthing.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=40,json_bytes=37389,flow_src_total_bytes=13912,flow_dst_total_bytes=0
+general json_lines=40,json_bytes=37383,flow_src_total_bytes=13912,flow_dst_total_bytes=0
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=11,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=14,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/synscan.pcap.out b/test/results/influxd/default/synscan.pcap.out
index b4d79ca6a..2446101e8 100644
--- a/test/results/influxd/default/synscan.pcap.out
+++ b/test/results/influxd/default/synscan.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7996,json_bytes=6243798,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=7996,json_bytes=6243792,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=1994,flow_end_count=5,flow_idle_count=1989,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=136,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1858,flow_risky_count=0,packet_count=0,packet_flow_count=2011,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1994,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/syslog.pcap.out b/test/results/influxd/default/syslog.pcap.out
index c1aa213f1..75eda4658 100644
--- a/test/results/influxd/default/syslog.pcap.out
+++ b/test/results/influxd/default/syslog.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=148,json_bytes=120580,flow_src_total_bytes=13199,flow_dst_total_bytes=0
+general json_lines=148,json_bytes=120556,flow_src_total_bytes=13199,flow_dst_total_bytes=0
 events flow_new_count=19,flow_end_count=1,flow_idle_count=18,flow_update_count=10,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=2,flow_risky_count=1,packet_count=6,packet_flow_count=57,init_count=1,reconnect_count=0,shutdown_count=1,status_count=10,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=6,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=17
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tailscale.pcap.out b/test/results/influxd/default/tailscale.pcap.out
index 3e812a9db..c1a4bf864 100644
--- a/test/results/influxd/default/tailscale.pcap.out
+++ b/test/results/influxd/default/tailscale.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10198,flow_src_total_bytes=5700,flow_dst_total_bytes=6322
+general json_lines=12,json_bytes=10192,flow_src_total_bytes=5700,flow_dst_total_bytes=6322
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/targusdataspeed_false_positives.pcap.out b/test/results/influxd/default/targusdataspeed_false_positives.pcap.out
index 39952e34b..6641e2e25 100644
--- a/test/results/influxd/default/targusdataspeed_false_positives.pcap.out
+++ b/test/results/influxd/default/targusdataspeed_false_positives.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10301,flow_src_total_bytes=196,flow_dst_total_bytes=575
+general json_lines=12,json_bytes=10297,flow_src_total_bytes=196,flow_dst_total_bytes=575
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=4,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tcp_scan.pcapng.out b/test/results/influxd/default/tcp_scan.pcapng.out
index 1c4b1de55..b4fda7302 100644
--- a/test/results/influxd/default/tcp_scan.pcapng.out
+++ b/test/results/influxd/default/tcp_scan.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=42,json_bytes=30210,flow_src_total_bytes=0,flow_dst_total_bytes=0
+general json_lines=42,json_bytes=30204,flow_src_total_bytes=0,flow_dst_total_bytes=0
 events flow_new_count=7,flow_end_count=7,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=4,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=3,flow_risky_count=0,packet_count=0,packet_flow_count=18,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=7,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/teams.pcap.out b/test/results/influxd/default/teams.pcap.out
index 7c981dc44..cc539bdaa 100644
--- a/test/results/influxd/default/teams.pcap.out
+++ b/test/results/influxd/default/teams.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=674,json_bytes=638720,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
-events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=57,flow_not_detected_count=1,flow_risky_count=27,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=16,flow_state_finished=67
+general json_lines=682,json_bytes=647764,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
+events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=65,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=20,flow_state_finished=63
 breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=38,flow_severity_medium=10,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=42,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=42,flow_l4_udp_count=40,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=83,flow_detected_count=80,flow_guessed_count=2,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=10,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=1,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=12,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/teamspeak3.pcap.out b/test/results/influxd/default/teamspeak3.pcap.out
index 4c669c787..f13bd50ca 100644
--- a/test/results/influxd/default/teamspeak3.pcap.out
+++ b/test/results/influxd/default/teamspeak3.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=260,json_bytes=218572,flow_src_total_bytes=4245,flow_dst_total_bytes=1872
+general json_lines=260,json_bytes=218370,flow_src_total_bytes=4245,flow_dst_total_bytes=1872
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=142,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=99,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/teamviewer.pcap.out b/test/results/influxd/default/teamviewer.pcap.out
index 75dd57771..89d59bd93 100644
--- a/test/results/influxd/default/teamviewer.pcap.out
+++ b/test/results/influxd/default/teamviewer.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=22135,flow_src_total_bytes=60849,flow_dst_total_bytes=93607
+general json_lines=23,json_bytes=22129,flow_src_total_bytes=60849,flow_dst_total_bytes=93607
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=2,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/telegram.pcap.out b/test/results/influxd/default/telegram.pcap.out
index 92a910c3f..6285dcfb7 100644
--- a/test/results/influxd/default/telegram.pcap.out
+++ b/test/results/influxd/default/telegram.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=340,json_bytes=290997,flow_src_total_bytes=159435,flow_dst_total_bytes=109098
+general json_lines=340,json_bytes=290991,flow_src_total_bytes=159435,flow_dst_total_bytes=109098
 events flow_new_count=48,flow_end_count=0,flow_idle_count=48,flow_update_count=10,flow_analyse_count=6,flow_guessed_count=0,flow_detected_count=45,flow_detection_update_count=14,flow_not_detected_count=3,flow_risky_count=4,packet_count=0,packet_flow_count=163,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=42
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=39,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/telegram_videocall.pcapng.out b/test/results/influxd/default/telegram_videocall.pcapng.out
index 6127b35d2..6ce032c55 100644
--- a/test/results/influxd/default/telegram_videocall.pcapng.out
+++ b/test/results/influxd/default/telegram_videocall.pcapng.out
@@ -1,9 +1,9 @@
-general json_lines=258,json_bytes=214813,flow_src_total_bytes=59877,flow_dst_total_bytes=270358
+general json_lines=258,json_bytes=215025,flow_src_total_bytes=59877,flow_dst_total_bytes=270358
 events flow_new_count=34,flow_end_count=6,flow_idle_count=28,flow_update_count=1,flow_analyse_count=4,flow_guessed_count=2,flow_detected_count=32,flow_detection_update_count=14,flow_not_detected_count=0,flow_risky_count=16,packet_count=0,packet_flow_count=134,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=5,flow_state_finished=29
+state flow_state_info=11,flow_state_finished=23
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=31,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
-category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=23,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
-confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=25,flow_confidence_nbpf=0,flow_confidence_by_ip=7,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
+category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=7,flow_category_voip_count=4,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=19,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
+confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=21,flow_confidence_nbpf=0,flow_confidence_by_ip=7,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
 severity flow_severity_low=2,flow_severity_medium=30,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=31,flow_l3_ip6_count=3,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=10,flow_l4_udp_count=19,flow_l4_icmp_count=3,flow_l4_other_count=2
diff --git a/test/results/influxd/default/telnet.pcap.out b/test/results/influxd/default/telnet.pcap.out
index b0a3d88b9..2d3d236a1 100644
--- a/test/results/influxd/default/telnet.pcap.out
+++ b/test/results/influxd/default/telnet.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=12113,flow_src_total_bytes=289,flow_dst_total_bytes=1371
+general json_lines=14,json_bytes=12107,flow_src_total_bytes=289,flow_dst_total_bytes=1371
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=1,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tencent_games.pcap.out b/test/results/influxd/default/tencent_games.pcap.out
index 03ae7437e..5b835c473 100644
--- a/test/results/influxd/default/tencent_games.pcap.out
+++ b/test/results/influxd/default/tencent_games.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=37,json_bytes=26104,flow_src_total_bytes=1572,flow_dst_total_bytes=2654
+general json_lines=37,json_bytes=26094,flow_src_total_bytes=1572,flow_dst_total_bytes=2654
 events flow_new_count=4,flow_end_count=1,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/teredo.pcap.out b/test/results/influxd/default/teredo.pcap.out
index 78fcfab6b..c4070207d 100644
--- a/test/results/influxd/default/teredo.pcap.out
+++ b/test/results/influxd/default/teredo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=33,json_bytes=24813,flow_src_total_bytes=815,flow_dst_total_bytes=751
+general json_lines=33,json_bytes=24807,flow_src_total_bytes=815,flow_dst_total_bytes=751
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tftp.pcap.out b/test/results/influxd/default/tftp.pcap.out
index 997fa6e4d..943ec966a 100644
--- a/test/results/influxd/default/tftp.pcap.out
+++ b/test/results/influxd/default/tftp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=50,json_bytes=43169,flow_src_total_bytes=24961,flow_dst_total_bytes=1228
+general json_lines=50,json_bytes=43157,flow_src_total_bytes=24961,flow_dst_total_bytes=1228
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=2,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=3,packet_count=0,packet_flow_count=16,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/threema.pcap.out b/test/results/influxd/default/threema.pcap.out
index 05a3a0a70..ac9b3d3b6 100644
--- a/test/results/influxd/default/threema.pcap.out
+++ b/test/results/influxd/default/threema.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=54,json_bytes=37701,flow_src_total_bytes=3785,flow_dst_total_bytes=2219
+general json_lines=54,json_bytes=37689,flow_src_total_bytes=3785,flow_dst_total_bytes=2219
 events flow_new_count=6,flow_end_count=4,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=2,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/thrift.pcap.out b/test/results/influxd/default/thrift.pcap.out
index 96fd041a1..c68a64234 100644
--- a/test/results/influxd/default/thrift.pcap.out
+++ b/test/results/influxd/default/thrift.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=18,json_bytes=26122,flow_src_total_bytes=23624,flow_dst_total_bytes=71295
+general json_lines=18,json_bytes=26114,flow_src_total_bytes=23624,flow_dst_total_bytes=71295
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=7,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tinc.pcap.out b/test/results/influxd/default/tinc.pcap.out
index d623a6bb0..60af06741 100644
--- a/test/results/influxd/default/tinc.pcap.out
+++ b/test/results/influxd/default/tinc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=37,json_bytes=40959,flow_src_total_bytes=166919,flow_dst_total_bytes=171310
+general json_lines=37,json_bytes=40953,flow_src_total_bytes=166919,flow_dst_total_bytes=171310
 events flow_new_count=4,flow_end_count=2,flow_idle_count=2,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=4
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tk.pcap.out b/test/results/influxd/default/tk.pcap.out
index d2e37bf48..dd84dfdf3 100644
--- a/test/results/influxd/default/tk.pcap.out
+++ b/test/results/influxd/default/tk.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=16948,flow_src_total_bytes=90,flow_dst_total_bytes=224
+general json_lines=21,json_bytes=16942,flow_src_total_bytes=90,flow_dst_total_bytes=224
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls-appdata.pcap.out b/test/results/influxd/default/tls-appdata.pcap.out
index 87ef4fc80..b02f6a705 100644
--- a/test/results/influxd/default/tls-appdata.pcap.out
+++ b/test/results/influxd/default/tls-appdata.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=27,json_bytes=29026,flow_src_total_bytes=12205,flow_dst_total_bytes=101176
+general json_lines=27,json_bytes=29012,flow_src_total_bytes=12205,flow_dst_total_bytes=101176
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls-esni-fuzzed.pcap.out b/test/results/influxd/default/tls-esni-fuzzed.pcap.out
index 5420f9ec5..6a3086677 100644
--- a/test/results/influxd/default/tls-esni-fuzzed.pcap.out
+++ b/test/results/influxd/default/tls-esni-fuzzed.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=15864,flow_src_total_bytes=2148,flow_dst_total_bytes=0
+general json_lines=15,json_bytes=15858,flow_src_total_bytes=2148,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=0
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls-rdn-extract.pcap.out b/test/results/influxd/default/tls-rdn-extract.pcap.out
index 39ef53ecf..9eee2c02b 100644
--- a/test/results/influxd/default/tls-rdn-extract.pcap.out
+++ b/test/results/influxd/default/tls-rdn-extract.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=21041,flow_src_total_bytes=127,flow_dst_total_bytes=6754
+general json_lines=13,json_bytes=21035,flow_src_total_bytes=127,flow_dst_total_bytes=6754
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_2_reasms.pcapng.out b/test/results/influxd/default/tls_2_reasms.pcapng.out
index 5cbc08694..44894d1b0 100644
--- a/test/results/influxd/default/tls_2_reasms.pcapng.out
+++ b/test/results/influxd/default/tls_2_reasms.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=11815,flow_src_total_bytes=3685,flow_dst_total_bytes=2290
+general json_lines=12,json_bytes=11809,flow_src_total_bytes=3685,flow_dst_total_bytes=2290
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_2_reasms_b.pcapng.out b/test/results/influxd/default/tls_2_reasms_b.pcapng.out
index 44558024b..8dc936d25 100644
--- a/test/results/influxd/default/tls_2_reasms_b.pcapng.out
+++ b/test/results/influxd/default/tls_2_reasms_b.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=11804,flow_src_total_bytes=10270,flow_dst_total_bytes=2179
+general json_lines=12,json_bytes=11798,flow_src_total_bytes=10270,flow_dst_total_bytes=2179
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_alert.pcap.out b/test/results/influxd/default/tls_alert.pcap.out
index d980b5aed..44efdc081 100644
--- a/test/results/influxd/default/tls_alert.pcap.out
+++ b/test/results/influxd/default/tls_alert.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=15940,flow_src_total_bytes=354,flow_dst_total_bytes=7
+general json_lines=21,json_bytes=15932,flow_src_total_bytes=354,flow_dst_total_bytes=7
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_certificate_too_long.pcap.out b/test/results/influxd/default/tls_certificate_too_long.pcap.out
index 47dfb37c6..e748bb861 100644
--- a/test/results/influxd/default/tls_certificate_too_long.pcap.out
+++ b/test/results/influxd/default/tls_certificate_too_long.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=252,json_bytes=252748,flow_src_total_bytes=37396,flow_dst_total_bytes=58312
+general json_lines=252,json_bytes=253372,flow_src_total_bytes=37396,flow_dst_total_bytes=58312
 events flow_new_count=35,flow_end_count=11,flow_idle_count=24,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=1,flow_detected_count=33,flow_detection_update_count=26,flow_not_detected_count=1,flow_risky_count=14,packet_count=0,packet_flow_count=116,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=13,flow_state_finished=22
 breed flow_breed_safe_count=19,flow_breed_acceptable_count=14,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=4,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=10,flow_category_network_count=15,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=4,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=7,flow_severity_medium=8,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=7,flow_severity_medium=10,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=34,flow_l3_ip6_count=1,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=16,flow_l4_udp_count=17,flow_l4_icmp_count=0,flow_l4_other_count=2
 detection flow_active_count=35,flow_detected_count=33,flow_guessed_count=1,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=2,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=8,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=2,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=8,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=2,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=2
diff --git a/test/results/influxd/default/tls_cipher_lens.pcap.out b/test/results/influxd/default/tls_cipher_lens.pcap.out
index 7667477a8..40c54ea81 100644
--- a/test/results/influxd/default/tls_cipher_lens.pcap.out
+++ b/test/results/influxd/default/tls_cipher_lens.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=23,json_bytes=21465,flow_src_total_bytes=895,flow_dst_total_bytes=0
+general json_lines=23,json_bytes=21459,flow_src_total_bytes=895,flow_dst_total_bytes=0
 events flow_new_count=5,flow_end_count=0,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=5,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=5,flow_state_finished=0
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out
index f80f6f266..fc3958f84 100644
--- a/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/test/results/influxd/default/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=19808,flow_src_total_bytes=2997,flow_dst_total_bytes=1383
+general json_lines=20,json_bytes=19802,flow_src_total_bytes=2997,flow_dst_total_bytes=1383
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_ech.pcapng.out b/test/results/influxd/default/tls_ech.pcapng.out
index 53c690a13..ea28f61a0 100644
--- a/test/results/influxd/default/tls_ech.pcapng.out
+++ b/test/results/influxd/default/tls_ech.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=10058,flow_src_total_bytes=648,flow_dst_total_bytes=2702
+general json_lines=12,json_bytes=10052,flow_src_total_bytes=648,flow_dst_total_bytes=2702
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_esni_sni_both.pcap.out b/test/results/influxd/default/tls_esni_sni_both.pcap.out
index 13eb73286..e65734fc4 100644
--- a/test/results/influxd/default/tls_esni_sni_both.pcap.out
+++ b/test/results/influxd/default/tls_esni_sni_both.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=19162,flow_src_total_bytes=1691,flow_dst_total_bytes=12084
+general json_lines=21,json_bytes=19156,flow_src_total_bytes=1691,flow_dst_total_bytes=12084
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_false_positives.pcapng.out b/test/results/influxd/default/tls_false_positives.pcapng.out
index e396d7d3f..101d2335e 100644
--- a/test/results/influxd/default/tls_false_positives.pcapng.out
+++ b/test/results/influxd/default/tls_false_positives.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=9705,flow_src_total_bytes=33806,flow_dst_total_bytes=1875
+general json_lines=11,json_bytes=9699,flow_src_total_bytes=33806,flow_dst_total_bytes=1875
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=0,flow_detection_update_count=0,flow_not_detected_count=1,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_invalid_reads.pcap.out b/test/results/influxd/default/tls_invalid_reads.pcap.out
index 29ccb9b77..5b169887d 100644
--- a/test/results/influxd/default/tls_invalid_reads.pcap.out
+++ b/test/results/influxd/default/tls_invalid_reads.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=25,json_bytes=17528,flow_src_total_bytes=112,flow_dst_total_bytes=1329
+general json_lines=25,json_bytes=17518,flow_src_total_bytes=112,flow_dst_total_bytes=1329
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=3,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=3,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_long_cert.pcap.out b/test/results/influxd/default/tls_long_cert.pcap.out
index 61ecbad4c..f0a8bfeaa 100644
--- a/test/results/influxd/default/tls_long_cert.pcap.out
+++ b/test/results/influxd/default/tls_long_cert.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=14677,flow_src_total_bytes=2858,flow_dst_total_bytes=102711
+general json_lines=14,json_bytes=14671,flow_src_total_bytes=2858,flow_dst_total_bytes=102711
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_malicious_sha1.pcapng.out b/test/results/influxd/default/tls_malicious_sha1.pcapng.out
index 4a0aef152..c855a5b35 100644
--- a/test/results/influxd/default/tls_malicious_sha1.pcapng.out
+++ b/test/results/influxd/default/tls_malicious_sha1.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=11074,flow_src_total_bytes=534,flow_dst_total_bytes=4762
+general json_lines=13,json_bytes=11068,flow_src_total_bytes=534,flow_dst_total_bytes=4762
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_missing_ch_frag.pcap.out b/test/results/influxd/default/tls_missing_ch_frag.pcap.out
index c24cdd316..b01e3a1a7 100644
--- a/test/results/influxd/default/tls_missing_ch_frag.pcap.out
+++ b/test/results/influxd/default/tls_missing_ch_frag.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=14627,flow_src_total_bytes=6121,flow_dst_total_bytes=3029
+general json_lines=11,json_bytes=14621,flow_src_total_bytes=6121,flow_dst_total_bytes=3029
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out
index ef204de31..9a1d3fb0e 100644
--- a/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out
+++ b/test/results/influxd/default/tls_multiple_synack_different_seq.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12083,flow_src_total_bytes=5427,flow_dst_total_bytes=517
+general json_lines=13,json_bytes=12077,flow_src_total_bytes=5427,flow_dst_total_bytes=517
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_port_80.pcapng.out b/test/results/influxd/default/tls_port_80.pcapng.out
index 8c2ccb026..b6ff77dee 100644
--- a/test/results/influxd/default/tls_port_80.pcapng.out
+++ b/test/results/influxd/default/tls_port_80.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9816,flow_src_total_bytes=245,flow_dst_total_bytes=1360
+general json_lines=12,json_bytes=9810,flow_src_total_bytes=245,flow_dst_total_bytes=1360
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_torrent.pcapng.out b/test/results/influxd/default/tls_torrent.pcapng.out
index 23cca40ce..9d0844324 100644
--- a/test/results/influxd/default/tls_torrent.pcapng.out
+++ b/test/results/influxd/default/tls_torrent.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=15057,flow_src_total_bytes=5574,flow_dst_total_bytes=332
+general json_lines=13,json_bytes=15051,flow_src_total_bytes=5574,flow_dst_total_bytes=332
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_unidirectional.pcap.out b/test/results/influxd/default/tls_unidirectional.pcap.out
index 8e0a37917..300b62936 100644
--- a/test/results/influxd/default/tls_unidirectional.pcap.out
+++ b/test/results/influxd/default/tls_unidirectional.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=27002,flow_src_total_bytes=12447,flow_dst_total_bytes=0
+general json_lines=21,json_bytes=26994,flow_src_total_bytes=12447,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=0
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tls_verylong_certificate.pcap.out b/test/results/influxd/default/tls_verylong_certificate.pcap.out
index f12dc5612..2af0a1346 100644
--- a/test/results/influxd/default/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/default/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=15966,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=15960,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/toca-boca.pcap.out b/test/results/influxd/default/toca-boca.pcap.out
index 5d3d9b3e9..c4ea462da 100644
--- a/test/results/influxd/default/toca-boca.pcap.out
+++ b/test/results/influxd/default/toca-boca.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=118,json_bytes=97740,flow_src_total_bytes=8377,flow_dst_total_bytes=3960
+general json_lines=118,json_bytes=97714,flow_src_total_bytes=8377,flow_dst_total_bytes=3960
 events flow_new_count=21,flow_end_count=0,flow_idle_count=21,flow_update_count=5,flow_analyse_count=0,flow_guessed_count=4,flow_detected_count=17,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=37,init_count=1,reconnect_count=0,shutdown_count=1,status_count=11,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=4,flow_state_finished=17
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=17,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tor.pcap.out b/test/results/influxd/default/tor.pcap.out
index 601f5b091..759bf3dea 100644
--- a/test/results/influxd/default/tor.pcap.out
+++ b/test/results/influxd/default/tor.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=166,json_bytes=117275,flow_src_total_bytes=42783,flow_dst_total_bytes=74483
+general json_lines=166,json_bytes=117267,flow_src_total_bytes=42783,flow_dst_total_bytes=74483
 events flow_new_count=11,flow_end_count=6,flow_idle_count=5,flow_update_count=6,flow_analyse_count=5,flow_guessed_count=1,flow_detected_count=10,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=8,packet_count=32,packet_flow_count=47,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=32,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=10
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=3,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=1,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tplink_shp.pcap.out b/test/results/influxd/default/tplink_shp.pcap.out
index 6275b6c41..0e249d253 100644
--- a/test/results/influxd/default/tplink_shp.pcap.out
+++ b/test/results/influxd/default/tplink_shp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=314,json_bytes=295308,flow_src_total_bytes=7279,flow_dst_total_bytes=0
+general json_lines=314,json_bytes=295296,flow_src_total_bytes=7279,flow_dst_total_bytes=0
 events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=241,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=40,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/trickbot.pcap.out b/test/results/influxd/default/trickbot.pcap.out
index 9bcceb1bf..476bf414a 100644
--- a/test/results/influxd/default/trickbot.pcap.out
+++ b/test/results/influxd/default/trickbot.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=14086,flow_src_total_bytes=1277,flow_dst_total_bytes=56713
+general json_lines=13,json_bytes=14080,flow_src_total_bytes=1277,flow_dst_total_bytes=56713
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tumblr.pcap.out b/test/results/influxd/default/tumblr.pcap.out
index 31bf3edb1..ac4376e2f 100644
--- a/test/results/influxd/default/tumblr.pcap.out
+++ b/test/results/influxd/default/tumblr.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=329,json_bytes=283654,flow_src_total_bytes=19532,flow_dst_total_bytes=275102
+general json_lines=329,json_bytes=283648,flow_src_total_bytes=19532,flow_dst_total_bytes=275102
 events flow_new_count=47,flow_end_count=1,flow_idle_count=46,flow_update_count=0,flow_analyse_count=9,flow_guessed_count=28,flow_detected_count=19,flow_detection_update_count=25,flow_not_detected_count=0,flow_risky_count=8,packet_count=0,packet_flow_count=151,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=36,flow_state_finished=11
 breed flow_breed_safe_count=13,flow_breed_acceptable_count=2,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tunnelbear.pcap.out b/test/results/influxd/default/tunnelbear.pcap.out
index 5ec9a6103..b56bc3b91 100644
--- a/test/results/influxd/default/tunnelbear.pcap.out
+++ b/test/results/influxd/default/tunnelbear.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=193,json_bytes=171321,flow_src_total_bytes=29747,flow_dst_total_bytes=62330
+general json_lines=193,json_bytes=171315,flow_src_total_bytes=29747,flow_dst_total_bytes=62330
 events flow_new_count=21,flow_end_count=13,flow_idle_count=8,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=1,flow_detected_count=20,flow_detection_update_count=19,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=105,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=12,flow_state_finished=9
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=17,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=2,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/tuya_lp.pcap.out b/test/results/influxd/default/tuya_lp.pcap.out
index 27573511e..e406e7ee8 100644
--- a/test/results/influxd/default/tuya_lp.pcap.out
+++ b/test/results/influxd/default/tuya_lp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=107,json_bytes=88255,flow_src_total_bytes=17832,flow_dst_total_bytes=0
+general json_lines=107,json_bytes=88249,flow_src_total_bytes=17832,flow_dst_total_bytes=0
 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ubntac2.pcap.out b/test/results/influxd/default/ubntac2.pcap.out
index a4df32994..d4a629391 100644
--- a/test/results/influxd/default/ubntac2.pcap.out
+++ b/test/results/influxd/default/ubntac2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=37,json_bytes=32053,flow_src_total_bytes=1400,flow_dst_total_bytes=0
+general json_lines=37,json_bytes=32047,flow_src_total_bytes=1400,flow_dst_total_bytes=0
 events flow_new_count=8,flow_end_count=0,flow_idle_count=8,flow_update_count=2,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=8,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=8
 breed flow_breed_safe_count=8,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/uftp_v4_v5.pcap.out b/test/results/influxd/default/uftp_v4_v5.pcap.out
index 1c0e25fb7..97da2bb42 100644
--- a/test/results/influxd/default/uftp_v4_v5.pcap.out
+++ b/test/results/influxd/default/uftp_v4_v5.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=29,json_bytes=26913,flow_src_total_bytes=285420,flow_dst_total_bytes=0
+general json_lines=29,json_bytes=26905,flow_src_total_bytes=285420,flow_dst_total_bytes=0
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=3,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/ultrasurf.pcap.out b/test/results/influxd/default/ultrasurf.pcap.out
index 537d1e405..b3bdbcdb2 100644
--- a/test/results/influxd/default/ultrasurf.pcap.out
+++ b/test/results/influxd/default/ultrasurf.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=32,json_bytes=46228,flow_src_total_bytes=139720,flow_dst_total_bytes=62485
+general json_lines=32,json_bytes=46222,flow_src_total_bytes=139720,flow_dst_total_bytes=62485
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/umas.pcap.out b/test/results/influxd/default/umas.pcap.out
index c6fc33d29..c6504e497 100644
--- a/test/results/influxd/default/umas.pcap.out
+++ b/test/results/influxd/default/umas.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=12,json_bytes=9476,flow_src_total_bytes=1788,flow_dst_total_bytes=16862
+general json_lines=12,json_bytes=9470,flow_src_total_bytes=1788,flow_dst_total_bytes=16862
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/upnp.pcap.out b/test/results/influxd/default/upnp.pcap.out
index 5eb159ff8..904334cf5 100644
--- a/test/results/influxd/default/upnp.pcap.out
+++ b/test/results/influxd/default/upnp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=19,json_bytes=21383,flow_src_total_bytes=9184,flow_dst_total_bytes=0
+general json_lines=19,json_bytes=21377,flow_src_total_bytes=9184,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/viber.pcap.out b/test/results/influxd/default/viber.pcap.out
index 4112e54e3..079c9381c 100644
--- a/test/results/influxd/default/viber.pcap.out
+++ b/test/results/influxd/default/viber.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=222,json_bytes=186421,flow_src_total_bytes=25565,flow_dst_total_bytes=100804
+general json_lines=222,json_bytes=186409,flow_src_total_bytes=25565,flow_dst_total_bytes=100804
 events flow_new_count=29,flow_end_count=6,flow_idle_count=23,flow_update_count=4,flow_analyse_count=4,flow_guessed_count=4,flow_detected_count=25,flow_detection_update_count=19,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=102,init_count=1,reconnect_count=0,shutdown_count=1,status_count=4,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=8,flow_state_finished=21
 breed flow_breed_safe_count=4,flow_breed_acceptable_count=8,flow_breed_fun_count=12,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/vk.pcapng.out b/test/results/influxd/default/vk.pcapng.out
index 698200c9f..2f417cfc3 100644
--- a/test/results/influxd/default/vk.pcapng.out
+++ b/test/results/influxd/default/vk.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=84,json_bytes=75002,flow_src_total_bytes=66779,flow_dst_total_bytes=0
+general json_lines=84,json_bytes=74996,flow_src_total_bytes=66779,flow_dst_total_bytes=0
 events flow_new_count=10,flow_end_count=0,flow_idle_count=10,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=10,flow_detection_update_count=6,flow_not_detected_count=0,flow_risky_count=10,packet_count=0,packet_flow_count=43,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=8,flow_state_finished=2
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=0,flow_breed_fun_count=4,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/vnc.pcap.out b/test/results/influxd/default/vnc.pcap.out
index e3062a326..f34aaeae9 100644
--- a/test/results/influxd/default/vnc.pcap.out
+++ b/test/results/influxd/default/vnc.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=18484,flow_src_total_bytes=81754,flow_dst_total_bytes=512
+general json_lines=21,json_bytes=18478,flow_src_total_bytes=81754,flow_dst_total_bytes=512
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/vrrp3.pcapng.out b/test/results/influxd/default/vrrp3.pcapng.out
index a03b76b5f..fd3895787 100644
--- a/test/results/influxd/default/vrrp3.pcapng.out
+++ b/test/results/influxd/default/vrrp3.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=15,json_bytes=10441,flow_src_total_bytes=240,flow_dst_total_bytes=0
+general json_lines=15,json_bytes=10435,flow_src_total_bytes=240,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=6,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/vxlan.pcap.out b/test/results/influxd/default/vxlan.pcap.out
index 1c0ef63a3..dba90dab2 100644
--- a/test/results/influxd/default/vxlan.pcap.out
+++ b/test/results/influxd/default/vxlan.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=63,json_bytes=59704,flow_src_total_bytes=79480,flow_dst_total_bytes=0
+general json_lines=63,json_bytes=59698,flow_src_total_bytes=79480,flow_dst_total_bytes=0
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=31,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=9
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/wa_video.pcap.out b/test/results/influxd/default/wa_video.pcap.out
index aa01c4f92..d5b38109b 100644
--- a/test/results/influxd/default/wa_video.pcap.out
+++ b/test/results/influxd/default/wa_video.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=108,json_bytes=94242,flow_src_total_bytes=264122,flow_dst_total_bytes=47653
-events flow_new_count=14,flow_end_count=0,flow_idle_count=14,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=1,flow_detected_count=13,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
-state flow_state_info=4,flow_state_finished=10
+general json_lines=111,json_bytes=98039,flow_src_total_bytes=264122,flow_dst_total_bytes=47653
+events flow_new_count=14,flow_end_count=0,flow_idle_count=14,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=1,flow_detected_count=13,flow_detection_update_count=13,flow_not_detected_count=0,flow_risky_count=7,packet_count=0,packet_flow_count=50,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=1,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=12,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=1,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=3,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=11,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=5,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=7,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=14,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=13,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=14,flow_detected_count=13,flow_guessed_count=1,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=2,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=7,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/wa_voice.pcap.out b/test/results/influxd/default/wa_voice.pcap.out
index 88224328c..64baadcbc 100644
--- a/test/results/influxd/default/wa_voice.pcap.out
+++ b/test/results/influxd/default/wa_voice.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=217,json_bytes=188017,flow_src_total_bytes=34223,flow_dst_total_bytes=94669
-events flow_new_count=28,flow_end_count=2,flow_idle_count=26,flow_update_count=4,flow_analyse_count=5,flow_guessed_count=0,flow_detected_count=27,flow_detection_update_count=18,flow_not_detected_count=1,flow_risky_count=7,packet_count=0,packet_flow_count=103,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+general json_lines=220,json_bytes=191684,flow_src_total_bytes=34223,flow_dst_total_bytes=94669
+events flow_new_count=28,flow_end_count=2,flow_idle_count=26,flow_update_count=4,flow_analyse_count=5,flow_guessed_count=0,flow_detected_count=27,flow_detection_update_count=21,flow_not_detected_count=1,flow_risky_count=7,packet_count=0,packet_flow_count=103,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=3,flow_state_finished=25
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=25,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=1,flow_category_social_network_count=0,flow_category_download_count=1,flow_category_game_count=0,flow_category_chat_count=2,flow_category_voip_count=7,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=5,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=2,flow_confidence_dpi=25,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=5,flow_severity_medium=2,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=7,flow_severity_medium=5,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=27,flow_l3_ip6_count=1,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=6,flow_l4_udp_count=21,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=28,flow_detected_count=27,flow_guessed_count=0,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=2,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=7,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/waze.pcap.out b/test/results/influxd/default/waze.pcap.out
index d62442f55..daf8343ce 100644
--- a/test/results/influxd/default/waze.pcap.out
+++ b/test/results/influxd/default/waze.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=282,json_bytes=228975,flow_src_total_bytes=19999,flow_dst_total_bytes=306184
+general json_lines=282,json_bytes=229026,flow_src_total_bytes=19999,flow_dst_total_bytes=306184
 events flow_new_count=33,flow_end_count=30,flow_idle_count=3,flow_update_count=0,flow_analyse_count=5,flow_guessed_count=9,flow_detected_count=23,flow_detection_update_count=22,flow_not_detected_count=1,flow_risky_count=14,packet_count=0,packet_flow_count=153,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=18,flow_state_finished=15
 breed flow_breed_safe_count=13,flow_breed_acceptable_count=10,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=21,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=1,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=23,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=38,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=0,flow_severity_medium=1,flow_severity_high=38,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=33,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=32,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=33,flow_detected_count=23,flow_guessed_count=9,flow_not_detected_count=1
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=34,flow_risk_8_count=6,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=34,flow_risk_8_count=6,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/default/webdav.pcap.out b/test/results/influxd/default/webdav.pcap.out
index b1d2c9a2a..1525a09b1 100644
--- a/test/results/influxd/default/webdav.pcap.out
+++ b/test/results/influxd/default/webdav.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7921,flow_src_total_bytes=337,flow_dst_total_bytes=1633
+general json_lines=11,json_bytes=7915,flow_src_total_bytes=337,flow_dst_total_bytes=1633
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/webex.pcap.out b/test/results/influxd/default/webex.pcap.out
index 638fdaa31..7cbbdf0b4 100644
--- a/test/results/influxd/default/webex.pcap.out
+++ b/test/results/influxd/default/webex.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=500,json_bytes=422984,flow_src_total_bytes=67701,flow_dst_total_bytes=426653
+general json_lines=500,json_bytes=422978,flow_src_total_bytes=67701,flow_dst_total_bytes=426653
 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=38,flow_state_finished=19
 breed flow_breed_safe_count=45,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/websocket.pcap.out b/test/results/influxd/default/websocket.pcap.out
index b78a28fda..e5f95dfd5 100644
--- a/test/results/influxd/default/websocket.pcap.out
+++ b/test/results/influxd/default/websocket.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7496,flow_src_total_bytes=132,flow_dst_total_bytes=39
+general json_lines=11,json_bytes=7490,flow_src_total_bytes=132,flow_dst_total_bytes=39
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/wechat.pcap.out b/test/results/influxd/default/wechat.pcap.out
index f8887fe93..ace01e251 100644
--- a/test/results/influxd/default/wechat.pcap.out
+++ b/test/results/influxd/default/wechat.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=888,json_bytes=774934,flow_src_total_bytes=184490,flow_dst_total_bytes=376782
+general json_lines=888,json_bytes=775044,flow_src_total_bytes=184490,flow_dst_total_bytes=376782
 events flow_new_count=109,flow_end_count=52,flow_idle_count=57,flow_update_count=77,flow_analyse_count=17,flow_guessed_count=25,flow_detected_count=84,flow_detection_update_count=69,flow_not_detected_count=0,flow_risky_count=12,packet_count=0,packet_flow_count=394,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=57,flow_state_finished=52
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=42,flow_breed_fun_count=34,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/weibo.pcap.out b/test/results/influxd/default/weibo.pcap.out
index 91b304cf8..a2b6140a5 100644
--- a/test/results/influxd/default/weibo.pcap.out
+++ b/test/results/influxd/default/weibo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=267,json_bytes=221068,flow_src_total_bytes=9449,flow_dst_total_bytes=225426
+general json_lines=267,json_bytes=221298,flow_src_total_bytes=9449,flow_dst_total_bytes=225426
 events flow_new_count=44,flow_end_count=1,flow_idle_count=43,flow_update_count=0,flow_analyse_count=6,flow_guessed_count=21,flow_detected_count=23,flow_detection_update_count=9,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=117,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=27,flow_state_finished=17
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=5,flow_breed_fun_count=18,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/whatsapp.pcap.out b/test/results/influxd/default/whatsapp.pcap.out
index f127d3284..bb6058c5b 100644
--- a/test/results/influxd/default/whatsapp.pcap.out
+++ b/test/results/influxd/default/whatsapp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=751,json_bytes=562535,flow_src_total_bytes=50635,flow_dst_total_bytes=0
+general json_lines=751,json_bytes=562409,flow_src_total_bytes=50635,flow_dst_total_bytes=0
 events flow_new_count=86,flow_end_count=0,flow_idle_count=86,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=86,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=86,packet_count=0,packet_flow_count=430,init_count=1,reconnect_count=0,shutdown_count=1,status_count=61,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=86
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=86,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/whatsapp_login_call.pcap.out b/test/results/influxd/default/whatsapp_login_call.pcap.out
index 4b2fc04d0..c30c8f277 100644
--- a/test/results/influxd/default/whatsapp_login_call.pcap.out
+++ b/test/results/influxd/default/whatsapp_login_call.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=493,json_bytes=412024,flow_src_total_bytes=81240,flow_dst_total_bytes=51420
-events flow_new_count=57,flow_end_count=24,flow_idle_count=33,flow_update_count=45,flow_analyse_count=6,flow_guessed_count=20,flow_detected_count=37,flow_detection_update_count=42,flow_not_detected_count=0,flow_risky_count=24,packet_count=0,packet_flow_count=226,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+general json_lines=496,json_bytes=416115,flow_src_total_bytes=81240,flow_dst_total_bytes=51420
+events flow_new_count=57,flow_end_count=24,flow_idle_count=33,flow_update_count=45,flow_analyse_count=6,flow_guessed_count=20,flow_detected_count=37,flow_detection_update_count=45,flow_not_detected_count=0,flow_risky_count=24,packet_count=0,packet_flow_count=226,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=20,flow_state_finished=37
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=30,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=1,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=1,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=2,flow_category_network_count=8,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=2,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=4,flow_confidence_dpi=33,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=23,flow_severity_medium=4,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=25,flow_severity_medium=7,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=55,flow_l3_ip6_count=2,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=27,flow_l4_udp_count=29,flow_l4_icmp_count=1,flow_l4_other_count=0
 detection flow_active_count=57,flow_detected_count=37,flow_guessed_count=20,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=4,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=6,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=17,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=7,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=6,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=19,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/default/whatsapp_login_chat.pcap.out b/test/results/influxd/default/whatsapp_login_chat.pcap.out
index e6119ed07..25b091cd6 100644
--- a/test/results/influxd/default/whatsapp_login_chat.pcap.out
+++ b/test/results/influxd/default/whatsapp_login_chat.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=61,json_bytes=57110,flow_src_total_bytes=19160,flow_dst_total_bytes=5639
+general json_lines=61,json_bytes=57104,flow_src_total_bytes=19160,flow_dst_total_bytes=5639
 events flow_new_count=9,flow_end_count=2,flow_idle_count=7,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=27,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=7
 breed flow_breed_safe_count=2,flow_breed_acceptable_count=6,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/whatsapp_voice_and_message.pcap.out b/test/results/influxd/default/whatsapp_voice_and_message.pcap.out
index c6145b872..e529f04dd 100644
--- a/test/results/influxd/default/whatsapp_voice_and_message.pcap.out
+++ b/test/results/influxd/default/whatsapp_voice_and_message.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=126,json_bytes=102778,flow_src_total_bytes=8982,flow_dst_total_bytes=5407
+general json_lines=126,json_bytes=102772,flow_src_total_bytes=8982,flow_dst_total_bytes=5407
 events flow_new_count=13,flow_end_count=4,flow_idle_count=9,flow_update_count=16,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=13,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=65,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=13
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=13,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/whatsappfiles.pcap.out b/test/results/influxd/default/whatsappfiles.pcap.out
index 55f51954e..6becd4422 100644
--- a/test/results/influxd/default/whatsappfiles.pcap.out
+++ b/test/results/influxd/default/whatsappfiles.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=24,json_bytes=23408,flow_src_total_bytes=179714,flow_dst_total_bytes=230629
+general json_lines=24,json_bytes=23402,flow_src_total_bytes=179714,flow_dst_total_bytes=230629
 events flow_new_count=2,flow_end_count=1,flow_idle_count=1,flow_update_count=0,flow_analyse_count=2,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=3,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/whois.pcapng.out b/test/results/influxd/default/whois.pcapng.out
index 0965be234..ccbf6c608 100644
--- a/test/results/influxd/default/whois.pcapng.out
+++ b/test/results/influxd/default/whois.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=26518,flow_src_total_bytes=3467,flow_dst_total_bytes=1453
+general json_lines=30,json_bytes=26508,flow_src_total_bytes=3467,flow_dst_total_bytes=1453
 events flow_new_count=3,flow_end_count=2,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/windowsupdate_over_http.pcap.out b/test/results/influxd/default/windowsupdate_over_http.pcap.out
index 4f361fd55..252b033b6 100644
--- a/test/results/influxd/default/windowsupdate_over_http.pcap.out
+++ b/test/results/influxd/default/windowsupdate_over_http.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=11,json_bytes=9634,flow_src_total_bytes=479,flow_dst_total_bytes=14400
+general json_lines=11,json_bytes=9668,flow_src_total_bytes=479,flow_dst_total_bytes=14400
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=1,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=2,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=2,flow_severity_medium=1,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=1,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/default/wireguard.pcap.out b/test/results/influxd/default/wireguard.pcap.out
index a4b1435a5..485d6711a 100644
--- a/test/results/influxd/default/wireguard.pcap.out
+++ b/test/results/influxd/default/wireguard.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=16913,flow_src_total_bytes=7268,flow_dst_total_bytes=3288
+general json_lines=21,json_bytes=16905,flow_src_total_bytes=7268,flow_dst_total_bytes=3288
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=1,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/wow.pcap.out b/test/results/influxd/default/wow.pcap.out
index 0be130296..c521cd450 100644
--- a/test/results/influxd/default/wow.pcap.out
+++ b/test/results/influxd/default/wow.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=45,json_bytes=32042,flow_src_total_bytes=2812,flow_dst_total_bytes=1774
+general json_lines=45,json_bytes=32034,flow_src_total_bytes=2812,flow_dst_total_bytes=1774
 events flow_new_count=5,flow_end_count=2,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=5,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=25,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=5
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=5,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/xdmcp.pcap.out b/test/results/influxd/default/xdmcp.pcap.out
index 7bf45ee21..80cfe32a5 100644
--- a/test/results/influxd/default/xdmcp.pcap.out
+++ b/test/results/influxd/default/xdmcp.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7532,flow_src_total_bytes=254,flow_dst_total_bytes=81
+general json_lines=11,json_bytes=7526,flow_src_total_bytes=254,flow_dst_total_bytes=81
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/xiaomi.pcap.out b/test/results/influxd/default/xiaomi.pcap.out
index aabc07e92..b7ca6d40b 100644
--- a/test/results/influxd/default/xiaomi.pcap.out
+++ b/test/results/influxd/default/xiaomi.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=58,json_bytes=47194,flow_src_total_bytes=3913,flow_dst_total_bytes=4078
+general json_lines=58,json_bytes=47180,flow_src_total_bytes=3913,flow_dst_total_bytes=4078
 events flow_new_count=7,flow_end_count=0,flow_idle_count=7,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=7,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=5,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=6
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=7,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/xss.pcap.out b/test/results/influxd/default/xss.pcap.out
index 554f88f60..a06c13f9b 100644
--- a/test/results/influxd/default/xss.pcap.out
+++ b/test/results/influxd/default/xss.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=17,json_bytes=12975,flow_src_total_bytes=608,flow_dst_total_bytes=1843
+general json_lines=17,json_bytes=12969,flow_src_total_bytes=608,flow_dst_total_bytes=1843
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=8,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/yandex.pcapng.out b/test/results/influxd/default/yandex.pcapng.out
index a9ccf436d..2c4ea13c7 100644
--- a/test/results/influxd/default/yandex.pcapng.out
+++ b/test/results/influxd/default/yandex.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=84,json_bytes=73661,flow_src_total_bytes=19090,flow_dst_total_bytes=29801
+general json_lines=84,json_bytes=73651,flow_src_total_bytes=19090,flow_dst_total_bytes=29801
 events flow_new_count=9,flow_end_count=0,flow_idle_count=9,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=9,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=45,init_count=1,reconnect_count=0,shutdown_count=1,status_count=3,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=9,flow_state_finished=0
 breed flow_breed_safe_count=7,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=1,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/yojimbo.pcap.out b/test/results/influxd/default/yojimbo.pcap.out
index 4d8a20e17..a19306ec9 100644
--- a/test/results/influxd/default/yojimbo.pcap.out
+++ b/test/results/influxd/default/yojimbo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=7,json_bytes=6515,flow_src_total_bytes=1078,flow_dst_total_bytes=0
+general json_lines=7,json_bytes=6509,flow_src_total_bytes=1078,flow_dst_total_bytes=0
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/youtube_quic.pcap.out b/test/results/influxd/default/youtube_quic.pcap.out
index 0df7f006b..7bda3d88e 100644
--- a/test/results/influxd/default/youtube_quic.pcap.out
+++ b/test/results/influxd/default/youtube_quic.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=28,json_bytes=38667,flow_src_total_bytes=16934,flow_dst_total_bytes=162567
+general json_lines=28,json_bytes=38661,flow_src_total_bytes=16934,flow_dst_total_bytes=162567
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/youtubeupload.pcap.out b/test/results/influxd/default/youtubeupload.pcap.out
index 1b772032a..d5fa164e9 100644
--- a/test/results/influxd/default/youtubeupload.pcap.out
+++ b/test/results/influxd/default/youtubeupload.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=30,json_bytes=40637,flow_src_total_bytes=105513,flow_dst_total_bytes=15573
+general json_lines=30,json_bytes=40631,flow_src_total_bytes=105513,flow_dst_total_bytes=15573
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=3,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=15,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=3,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/z3950.pcapng.out b/test/results/influxd/default/z3950.pcapng.out
index b010f233f..c1ca0430f 100644
--- a/test/results/influxd/default/z3950.pcapng.out
+++ b/test/results/influxd/default/z3950.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=13685,flow_src_total_bytes=445,flow_dst_total_bytes=4117
+general json_lines=20,json_bytes=13677,flow_src_total_bytes=445,flow_dst_total_bytes=4117
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/zabbix.pcap.out b/test/results/influxd/default/zabbix.pcap.out
index cd6dc08d0..28688048c 100644
--- a/test/results/influxd/default/zabbix.pcap.out
+++ b/test/results/influxd/default/zabbix.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=196,json_bytes=141616,flow_src_total_bytes=5346,flow_dst_total_bytes=3265
+general json_lines=196,json_bytes=141608,flow_src_total_bytes=5346,flow_dst_total_bytes=3265
 events flow_new_count=24,flow_end_count=24,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=24,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=120,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=24
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=24,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/zattoo.pcap.out b/test/results/influxd/default/zattoo.pcap.out
index 58c9c1e0e..0bde6eb71 100644
--- a/test/results/influxd/default/zattoo.pcap.out
+++ b/test/results/influxd/default/zattoo.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=18076,flow_src_total_bytes=7381,flow_dst_total_bytes=4290
+general json_lines=20,json_bytes=18070,flow_src_total_bytes=7381,flow_dst_total_bytes=4290
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=2,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/zoom.pcap.out b/test/results/influxd/default/zoom.pcap.out
index ac8af303e..32557c0bd 100644
--- a/test/results/influxd/default/zoom.pcap.out
+++ b/test/results/influxd/default/zoom.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=317,json_bytes=243590,flow_src_total_bytes=69672,flow_dst_total_bytes=259806
+general json_lines=317,json_bytes=243700,flow_src_total_bytes=69672,flow_dst_total_bytes=259806
 events flow_new_count=33,flow_end_count=6,flow_idle_count=27,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=2,flow_detected_count=31,flow_detection_update_count=26,flow_not_detected_count=0,flow_risky_count=11,packet_count=35,packet_flow_count=115,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=35,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=11,flow_state_finished=22
 breed flow_breed_safe_count=3,flow_breed_acceptable_count=27,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/zoom2.pcap.out b/test/results/influxd/default/zoom2.pcap.out
index 4bb0d55cc..2169b35d0 100644
--- a/test/results/influxd/default/zoom2.pcap.out
+++ b/test/results/influxd/default/zoom2.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=46,json_bytes=42077,flow_src_total_bytes=14983,flow_dst_total_bytes=82787
+general json_lines=46,json_bytes=42071,flow_src_total_bytes=14983,flow_dst_total_bytes=82787
 events flow_new_count=4,flow_end_count=0,flow_idle_count=4,flow_update_count=0,flow_analyse_count=3,flow_guessed_count=0,flow_detected_count=4,flow_detection_update_count=8,flow_not_detected_count=0,flow_risky_count=4,packet_count=0,packet_flow_count=20,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=1,flow_state_finished=3
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=4,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/default/zoom_p2p.pcapng.out b/test/results/influxd/default/zoom_p2p.pcapng.out
index 4b4852238..48616f6c6 100644
--- a/test/results/influxd/default/zoom_p2p.pcapng.out
+++ b/test/results/influxd/default/zoom_p2p.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=131,json_bytes=107242,flow_src_total_bytes=137033,flow_dst_total_bytes=103149
+general json_lines=131,json_bytes=107236,flow_src_total_bytes=137033,flow_dst_total_bytes=103149
 events flow_new_count=13,flow_end_count=0,flow_idle_count=13,flow_update_count=27,flow_analyse_count=4,flow_guessed_count=4,flow_detected_count=9,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=58,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=7
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=9,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_aggressiveness/ookla.pcap.out b/test/results/influxd/disable_aggressiveness/ookla.pcap.out
index 28f0fc871..c86156e54 100644
--- a/test/results/influxd/disable_aggressiveness/ookla.pcap.out
+++ b/test/results/influxd/disable_aggressiveness/ookla.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=56,json_bytes=44360,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
+general json_lines=56,json_bytes=44352,flow_src_total_bytes=22732,flow_dst_total_bytes=8117
 events flow_new_count=6,flow_end_count=1,flow_idle_count=5,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=5,flow_detection_update_count=4,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=30,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=4
 breed flow_breed_safe_count=5,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out
index f0cef8266..9cbd5fb6e 100644
--- a/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/disable_metadata/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16092,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=16086,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out b/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out
index cb6ee0fcd..271387658 100644
--- a/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out
+++ b/test/results/influxd/disable_protocols/dns_long_domainname.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=9,json_bytes=7495,flow_src_total_bytes=61,flow_dst_total_bytes=117
+general json_lines=9,json_bytes=7489,flow_src_total_bytes=61,flow_dst_total_bytes=117
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=2,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_protocols/pluralsight.pcap.out b/test/results/influxd/disable_protocols/pluralsight.pcap.out
index 1cfdb0f32..d87e2de5c 100644
--- a/test/results/influxd/disable_protocols/pluralsight.pcap.out
+++ b/test/results/influxd/disable_protocols/pluralsight.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=59,json_bytes=73937,flow_src_total_bytes=3540,flow_dst_total_bytes=23176
+general json_lines=59,json_bytes=73931,flow_src_total_bytes=3540,flow_dst_total_bytes=23176
 events flow_new_count=6,flow_end_count=0,flow_idle_count=6,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=6,flow_detection_update_count=10,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=28,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=6,flow_state_finished=0
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=6,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out
index 14a9dd436..bce13a51e 100644
--- a/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out
+++ b/test/results/influxd/disable_protocols/quic-mvfst-27.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=10,json_bytes=15680,flow_src_total_bytes=2538,flow_dst_total_bytes=6981
+general json_lines=10,json_bytes=15676,flow_src_total_bytes=2538,flow_dst_total_bytes=6981
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=0,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=0,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/disable_protocols/soap.pcap.out b/test/results/influxd/disable_protocols/soap.pcap.out
index 9b796a6cd..858d0e71f 100644
--- a/test/results/influxd/disable_protocols/soap.pcap.out
+++ b/test/results/influxd/disable_protocols/soap.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=24,json_bytes=27812,flow_src_total_bytes=8109,flow_dst_total_bytes=1637
+general json_lines=24,json_bytes=27804,flow_src_total_bytes=8109,flow_dst_total_bytes=1637
 events flow_new_count=3,flow_end_count=1,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/dns_process_response_disable/dns.pcap.out b/test/results/influxd/dns_process_response_disable/dns.pcap.out
index d93c3dcf3..0b1bba41f 100644
--- a/test/results/influxd/dns_process_response_disable/dns.pcap.out
+++ b/test/results/influxd/dns_process_response_disable/dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=8895,flow_src_total_bytes=67,flow_dst_total_bytes=33
+general json_lines=14,json_bytes=8887,flow_src_total_bytes=67,flow_dst_total_bytes=33
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out
index f3843e185..69458912a 100644
--- a/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out
+++ b/test/results/influxd/dns_subclassification_and_process_response_disable/dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=9203,flow_src_total_bytes=67,flow_dst_total_bytes=33
+general json_lines=14,json_bytes=9195,flow_src_total_bytes=67,flow_dst_total_bytes=33
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/dns_subclassification_disable/dns.pcap.out b/test/results/influxd/dns_subclassification_disable/dns.pcap.out
index 5ccf79ee3..144384a4a 100644
--- a/test/results/influxd/dns_subclassification_disable/dns.pcap.out
+++ b/test/results/influxd/dns_subclassification_disable/dns.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=8909,flow_src_total_bytes=67,flow_dst_total_bytes=33
+general json_lines=14,json_bytes=8901,flow_src_total_bytes=67,flow_dst_total_bytes=33
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=2,packet_flow_count=3,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=2,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/enable_doh_heuristic/doh.pcapng.out b/test/results/influxd/enable_doh_heuristic/doh.pcapng.out
index b965f83cb..3adc522cb 100644
--- a/test/results/influxd/enable_doh_heuristic/doh.pcapng.out
+++ b/test/results/influxd/enable_doh_heuristic/doh.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=13,json_bytes=12398,flow_src_total_bytes=1881,flow_dst_total_bytes=5821
+general json_lines=13,json_bytes=12392,flow_src_total_bytes=1881,flow_dst_total_bytes=5821
 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=1,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/enable_payload_stat/1kxun.pcap.out b/test/results/influxd/enable_payload_stat/1kxun.pcap.out
index 40de81662..30b16fe6d 100644
--- a/test/results/influxd/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/influxd/enable_payload_stat/1kxun.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=1303,json_bytes=1558432,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
+general json_lines=1303,json_bytes=1558580,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=35,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=27,flow_state_finished=170
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=34,flow_severity_medium=5,flow_severity_high=20,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=34,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out
index 2988ef3bd..89f6cfcc2 100644
--- a/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out
+++ b/test/results/influxd/flow_risk_lists_disable/protonvpn.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=25,json_bytes=20271,flow_src_total_bytes=1624,flow_dst_total_bytes=6451
+general json_lines=25,json_bytes=20265,flow_src_total_bytes=1624,flow_dst_total_bytes=6451
 events flow_new_count=3,flow_end_count=0,flow_idle_count=3,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=1,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=11,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=2,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/guessing_disable/webex.pcap.out b/test/results/influxd/guessing_disable/webex.pcap.out
index 731f76ae5..af4c26a8d 100644
--- a/test/results/influxd/guessing_disable/webex.pcap.out
+++ b/test/results/influxd/guessing_disable/webex.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=500,json_bytes=427484,flow_src_total_bytes=67701,flow_dst_total_bytes=426653
+general json_lines=500,json_bytes=427478,flow_src_total_bytes=67701,flow_dst_total_bytes=426653
 events flow_new_count=57,flow_end_count=45,flow_idle_count=12,flow_update_count=2,flow_analyse_count=6,flow_guessed_count=4,flow_detected_count=53,flow_detection_update_count=39,flow_not_detected_count=0,flow_risky_count=51,packet_count=0,packet_flow_count=279,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=38,flow_state_finished=19
 breed flow_breed_safe_count=45,flow_breed_acceptable_count=8,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/http_process_response_disable/http.pcapng.out b/test/results/influxd/http_process_response_disable/http.pcapng.out
index 169481528..fae4e431b 100644
--- a/test/results/influxd/http_process_response_disable/http.pcapng.out
+++ b/test/results/influxd/http_process_response_disable/http.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=11,json_bytes=7793,flow_src_total_bytes=74,flow_dst_total_bytes=528
+general json_lines=11,json_bytes=7787,flow_src_total_bytes=74,flow_dst_total_bytes=528
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out
index 77d13af50..0f0f1466e 100644
--- a/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out
+++ b/test/results/influxd/http_process_response_disable/http_asymmetric.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=20,json_bytes=21304,flow_src_total_bytes=8665,flow_dst_total_bytes=0
+general json_lines=20,json_bytes=21298,flow_src_total_bytes=8665,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=2,flow_idle_count=0,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=1,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/ip_lists_disable/1kxun.pcap.out b/test/results/influxd/ip_lists_disable/1kxun.pcap.out
index 297eed530..84fd27e79 100644
--- a/test/results/influxd/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/influxd/ip_lists_disable/1kxun.pcap.out
@@ -1,11 +1,11 @@
-general json_lines=1303,json_bytes=1554523,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
+general json_lines=1303,json_bytes=1554671,flow_src_total_bytes=156501,flow_dst_total_bytes=2270815
 events flow_new_count=197,flow_end_count=9,flow_idle_count=188,flow_update_count=38,flow_analyse_count=13,flow_guessed_count=6,flow_detected_count=177,flow_detection_update_count=33,flow_not_detected_count=14,flow_risky_count=35,packet_count=0,packet_flow_count=624,init_count=1,reconnect_count=0,shutdown_count=1,status_count=2,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=27,flow_state_finished=170
 breed flow_breed_safe_count=6,flow_breed_acceptable_count=116,flow_breed_fun_count=53,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=2,flow_breed_unrated_count=0,flow_breed_unknown_count=0
 category flow_category_unspecified_count=0,flow_category_media_count=1,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=39,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=5,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=63,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=45,flow_category_system_count=22,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=2,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
 confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=177,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
-severity flow_severity_low=34,flow_severity_medium=5,flow_severity_high=20,flow_severity_severe=1,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+severity flow_severity_low=34,flow_severity_medium=6,flow_severity_high=20,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
 layer3 flow_l3_ip4_count=172,flow_l3_ip6_count=25,flow_l3_other_count=0
 layer4 flow_l4_tcp_count=98,flow_l4_udp_count=99,flow_l4_icmp_count=0,flow_l4_other_count=0
 detection flow_active_count=197,flow_detected_count=177,flow_guessed_count=6,flow_not_detected_count=14
-risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=1,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=5,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=4,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=10,flow_risk_12_count=13,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=8,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=2,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=6,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=3,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=13,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=1
diff --git a/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out
index 86737c331..fc91da642 100644
--- a/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/packets_limit_per_flow/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16176,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=16170,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
index 224063959..aa3aae5e5 100644
--- a/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/influxd/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=21,json_bytes=17655,flow_src_total_bytes=8552,flow_dst_total_bytes=0
+general json_lines=21,json_bytes=17649,flow_src_total_bytes=8552,flow_dst_total_bytes=0
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out
index 8cea24907..d59efb37f 100644
--- a/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out
+++ b/test/results/influxd/stun_extra_dissection/stun_zoom.pcapng.out
@@ -1,4 +1,4 @@
-general json_lines=27,json_bytes=26144,flow_src_total_bytes=4671,flow_dst_total_bytes=10647
+general json_lines=27,json_bytes=26138,flow_src_total_bytes=4671,flow_dst_total_bytes=10647
 events flow_new_count=2,flow_end_count=0,flow_idle_count=2,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=2,flow_detection_update_count=7,flow_not_detected_count=0,flow_risky_count=2,packet_count=0,packet_flow_count=10,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=2
 breed flow_breed_safe_count=0,flow_breed_acceptable_count=2,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/stun_mapped_address_disabled/teams.pcap.out b/test/results/influxd/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..0013c7b97
--- /dev/null
+++ b/test/results/influxd/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,11 @@
+general json_lines=682,json_bytes=662086,flow_src_total_bytes=293772,flow_dst_total_bytes=293323
+events flow_new_count=83,flow_end_count=17,flow_idle_count=66,flow_update_count=0,flow_analyse_count=16,flow_guessed_count=2,flow_detected_count=80,flow_detection_update_count=65,flow_not_detected_count=1,flow_risky_count=29,packet_count=16,packet_flow_count=317,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=16,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
+state flow_state_info=20,flow_state_finished=63
+breed flow_breed_safe_count=42,flow_breed_acceptable_count=37,flow_breed_fun_count=1,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
+category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=2,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=20,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=11,flow_category_network_count=27,flow_category_collaborative_count=19,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=1,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0
+confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=6,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=74,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0
+severity flow_severity_low=42,flow_severity_medium=12,flow_severity_high=2,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0
+layer3 flow_l3_ip4_count=83,flow_l3_ip6_count=0,flow_l3_other_count=0
+layer4 flow_l4_tcp_count=42,flow_l4_udp_count=40,flow_l4_icmp_count=1,flow_l4_other_count=0
+detection flow_active_count=83,flow_detected_count=80,flow_guessed_count=2,flow_not_detected_count=1
+risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=12,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=2,flow_risk_11_count=0,flow_risk_12_count=2,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=33,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=1,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=5,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=1,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0
diff --git a/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
index d05435418..bf8a32f07 100644
--- a/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16106,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=16100,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
index d05435418..bf8a32f07 100644
--- a/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16106,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=16100,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
index d05435418..bf8a32f07 100644
--- a/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/influxd/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
@@ -1,4 +1,4 @@
-general json_lines=14,json_bytes=16106,flow_src_total_bytes=844,flow_dst_total_bytes=18233
+general json_lines=14,json_bytes=16100,flow_src_total_bytes=844,flow_dst_total_bytes=18233
 events flow_new_count=1,flow_end_count=1,flow_idle_count=0,flow_update_count=0,flow_analyse_count=1,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=2,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=5,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0
 state flow_state_info=0,flow_state_finished=1
 breed flow_breed_safe_count=1,flow_breed_acceptable_count=0,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0
diff --git a/test/results/ip_lists_disable/1kxun.pcap.out b/test/results/ip_lists_disable/1kxun.pcap.out
index 9cc3b2c63..5397261ec 100644
--- a/test/results/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/ip_lists_disable/1kxun.pcap.out
@@ -1,5 +1,5 @@
-00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
+00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824}
 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -689,7 +689,7 @@
 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01129{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
+00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":19,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":692,"global_ts_usec":1654385119050609}
 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
 01478{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}}
@@ -709,7 +709,7 @@
 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1654385127293052,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"}
 01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1040,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385127293052,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127293052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":270,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385127293052,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","proto_id":"7.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cgi.connect.qq.com","http": {"url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}}}
 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_usec":1654385127425884,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
+01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1041,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385127425884,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download","hostname":"kankan.1kxun.mobi","http": {"url":"kankan.1kxun.mobi\/api.domain.conf","code":200,"content_type":"application\/octet-stream","user_agent":"okhttp\/3.10.0"}}}
 01160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1654385127293052,"flow_dst_last_pkt_time":1654385127488169,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_usec":1654385127488169,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="}
 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":880,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878259,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":1654385128878259,"flow_dst_last_pkt_time":1654385128878259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_usec":1654385128878259,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="}
@@ -838,7 +838,7 @@
 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00943{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01061{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 01224{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1470104382053678,"flow_src_last_pkt_time":1470104382199024,"flow_dst_last_pkt_time":1470104382198662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":2329,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}}
@@ -1291,7 +1291,7 @@
 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385184928623,"flow_src_last_pkt_time":1654385184928623,"flow_dst_last_pkt_time":1654385184928623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}}
 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":33,"flow_first_seen":1654385136207603,"flow_src_last_pkt_time":1654385137102946,"flow_dst_last_pkt_time":1654385137795047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":179545,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":13,"flow_first_seen":1654385136206220,"flow_src_last_pkt_time":1654385137480116,"flow_dst_last_pkt_time":1654385137451797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":23040,"flow_src_tot_l4_payload_len":631,"flow_dst_tot_l4_payload_len":72797,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
+01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385127244156,"flow_src_last_pkt_time":1654385127244156,"flow_dst_last_pkt_time":1654385127425884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":157,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":264,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"54": {"risk":"Binary file\/data transfer (attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}}
 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1654385229374771,"flow_src_last_pkt_time":1654385236365099,"flow_dst_last_pkt_time":1654385236412092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":8181,"flow_dst_tot_l4_payload_len":423,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":18,"flow_first_seen":1654385136215384,"flow_src_last_pkt_time":1654385137106944,"flow_dst_last_pkt_time":1654385137458576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":21600,"flow_src_tot_l4_payload_len":424,"flow_dst_tot_l4_payload_len":81501,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1654385128878259,"flow_src_last_pkt_time":1654385129990203,"flow_dst_last_pkt_time":1654385130178547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":860,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":880,"flow_dst_max_l4_payload_len":2746,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":3242,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
@@ -1300,7 +1300,7 @@
 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}}
-00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
+00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/ip_lists_disable\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":33,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1303,"global_ts_usec":1654385236487007}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1723/1723
 ~~ skipped flows.............: 0
@@ -1309,9 +1309,9 @@
 ~~ total active/idle flows...: 197/197
 ~~ total timeout flows.......: 20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6054376 bytes
-~~ total memory freed........: 6054376 bytes
-~~ total allocations/frees...: 90515/90515
+~~ total memory allocated....: 6057552 bytes
+~~ total memory freed........: 6057552 bytes
+~~ total allocations/frees...: 90516/90516
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 538 chars
 ~~ json message max len.......: 11861 chars
diff --git a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out
index cd4953893..f77894606 100644
--- a/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out
+++ b/test/results/packets_limit_per_flow/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00596{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03991{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00669{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00667{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/packets_limit_per_flow\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 577 chars
diff --git a/test/results/stats/caches_cfg/ookla.pcap.out b/test/results/stats/caches_cfg/ookla.pcap.out
index c89b0a8c8..11f3a8ee7 100644
--- a/test/results/stats/caches_cfg/ookla.pcap.out
+++ b/test/results/stats/caches_cfg/ookla.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:56
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43688
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43680
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/caches_cfg/teams.pcap.out b/test/results/stats/caches_cfg/teams.pcap.out
index 8a691724c..223ac4781 100644
--- a/test/results/stats/caches_cfg/teams.pcap.out
+++ b/test/results/stats/caches_cfg/teams.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:674
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:640742
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:682
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:649810
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:57
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:65
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:293772
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:293323
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:317
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1
diff --git a/test/results/stats/caches_global/bittorrent.pcap.out b/test/results/stats/caches_global/bittorrent.pcap.out
index 78ba0c009..95efeb57d 100644
--- a/test/results/stats/caches_global/bittorrent.pcap.out
+++ b/test/results/stats/caches_global/bittorrent.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:164
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:149968
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:149962
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:24
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
diff --git a/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out b/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out
index d29a227c7..c4b8dc005 100644
--- a/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/stats/caches_global/lru_ipv6_caches.pcapng.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:86
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:88141
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91995
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:14408
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:846
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:41
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,7 +94,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/caches_global/mining.pcapng.out b/test/results/stats/caches_global/mining.pcapng.out
index 60737b9d2..d20e43be4 100644
--- a/test/results/stats/caches_global/mining.pcapng.out
+++ b/test/results/stats/caches_global/mining.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:41
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36562
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36552
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/caches_global/ookla.pcap.out b/test/results/stats/caches_global/ookla.pcap.out
index 42b6a4805..1429d27a4 100644
--- a/test/results/stats/caches_global/ookla.pcap.out
+++ b/test/results/stats/caches_global/ookla.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:56
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43856
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43848
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/caches_global/teams.pcap.out b/test/results/stats/caches_global/teams.pcap.out
index 77b0ef0c4..012f118b0 100644
--- a/test/results/stats/caches_global/teams.pcap.out
+++ b/test/results/stats/caches_global/teams.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:674
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:642764
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:682
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:651856
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:57
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:65
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:293772
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:293323
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:317
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1
diff --git a/test/results/stats/caches_global/zoom_p2p.pcapng.out b/test/results/stats/caches_global/zoom_p2p.pcapng.out
index 2343401d2..1fcd5943e 100644
--- a/test/results/stats/caches_global/zoom_p2p.pcapng.out
+++ b/test/results/stats/caches_global/zoom_p2p.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:131
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:108028
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:108022
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
diff --git a/test/results/stats/default/1kxun.pcap.out b/test/results/stats/default/1kxun.pcap.out
index 578dd3e64..9e5431def 100644
--- a/test/results/stats/default/1kxun.pcap.out
+++ b/test/results/stats/default/1kxun.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1542796
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1542944
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:34
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/default/443-chrome.pcap.out b/test/results/stats/default/443-chrome.pcap.out
index 3ac961da3..81d64de20 100644
--- a/test/results/stats/default/443-chrome.pcap.out
+++ b/test/results/stats/default/443-chrome.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7032
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7129
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/443-curl.pcap.out b/test/results/stats/default/443-curl.pcap.out
index ef644e459..c7c989a92 100644
--- a/test/results/stats/default/443-curl.pcap.out
+++ b/test/results/stats/default/443-curl.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13192
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13186
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/443-firefox.pcap.out b/test/results/stats/default/443-firefox.pcap.out
index c38fd214d..52dd75ce5 100644
--- a/test/results/stats/default/443-firefox.pcap.out
+++ b/test/results/stats/default/443-firefox.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13440
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13434
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/443-git.pcap.out b/test/results/stats/default/443-git.pcap.out
index 187b08772..f53648ae6 100644
--- a/test/results/stats/default/443-git.pcap.out
+++ b/test/results/stats/default/443-git.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15245
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15239
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/443-opvn.pcap.out b/test/results/stats/default/443-opvn.pcap.out
index 48c90b43c..1aa6b04f9 100644
--- a/test/results/stats/default/443-opvn.pcap.out
+++ b/test/results/stats/default/443-opvn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9624
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9618
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/443-safari.pcap.out b/test/results/stats/default/443-safari.pcap.out
index dc1533545..e36c1eced 100644
--- a/test/results/stats/default/443-safari.pcap.out
+++ b/test/results/stats/default/443-safari.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12951
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12945
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/4in4tunnel.pcap.out b/test/results/stats/default/4in4tunnel.pcap.out
index 84bbf0a42..e0ee8f401 100644
--- a/test/results/stats/default/4in4tunnel.pcap.out
+++ b/test/results/stats/default/4in4tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8627
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8613
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/4in6tunnel.pcap.out b/test/results/stats/default/4in6tunnel.pcap.out
index b340cdd53..ee14865e2 100644
--- a/test/results/stats/default/4in6tunnel.pcap.out
+++ b/test/results/stats/default/4in6tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9401
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9395
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/6in4tunnel.pcap.out b/test/results/stats/default/6in4tunnel.pcap.out
index 49ce318c8..cbff24721 100644
--- a/test/results/stats/default/6in4tunnel.pcap.out
+++ b/test/results/stats/default/6in4tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9752
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9746
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/6in6tunnel.pcap.out b/test/results/stats/default/6in6tunnel.pcap.out
index 2eb03bffb..3cfb69171 100644
--- a/test/results/stats/default/6in6tunnel.pcap.out
+++ b/test/results/stats/default/6in6tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8148
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8142
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out
index 31c51fbf0..e65cd6caa 100644
--- a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7392
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7386
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/BGP_redist.pcap.out b/test/results/stats/default/BGP_redist.pcap.out
index dac80d053..555e4cb5d 100644
--- a/test/results/stats/default/BGP_redist.pcap.out
+++ b/test/results/stats/default/BGP_redist.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6102
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6096
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/EAQ.pcap.out b/test/results/stats/default/EAQ.pcap.out
index 871c175d1..4b31f91dc 100644
--- a/test/results/stats/default/EAQ.pcap.out
+++ b/test/results/stats/default/EAQ.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:269
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:193281
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:193275
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:31
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:29
diff --git a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
index ab690873e..77ad3b6df 100644
--- a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:52
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:54935
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:54929
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/IEC104.pcap.out b/test/results/stats/default/IEC104.pcap.out
index 822fb1af0..a4ad4dd60 100644
--- a/test/results/stats/default/IEC104.pcap.out
+++ b/test/results/stats/default/IEC104.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12102
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12096
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/KakaoTalk_chat.pcap.out b/test/results/stats/default/KakaoTalk_chat.pcap.out
index f1b521f6a..33a34654a 100644
--- a/test/results/stats/default/KakaoTalk_chat.pcap.out
+++ b/test/results/stats/default/KakaoTalk_chat.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:270
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:238298
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:238410
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30
diff --git a/test/results/stats/default/KakaoTalk_talk.pcap.out b/test/results/stats/default/KakaoTalk_talk.pcap.out
index 608fe79bb..198e980be 100644
--- a/test/results/stats/default/KakaoTalk_talk.pcap.out
+++ b/test/results/stats/default/KakaoTalk_talk.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:144
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:120158
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:120270
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:14
diff --git a/test/results/stats/default/NTPv2.pcap.out b/test/results/stats/default/NTPv2.pcap.out
index 689eea2e5..4f26ceed6 100644
--- a/test/results/stats/default/NTPv2.pcap.out
+++ b/test/results/stats/default/NTPv2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5570
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5564
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/NTPv3.pcap.out b/test/results/stats/default/NTPv3.pcap.out
index 079d2a4f9..27e69a54e 100644
--- a/test/results/stats/default/NTPv3.pcap.out
+++ b/test/results/stats/default/NTPv3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5130
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5124
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/NTPv4.pcap.out b/test/results/stats/default/NTPv4.pcap.out
index 079d2a4f9..27e69a54e 100644
--- a/test/results/stats/default/NTPv4.pcap.out
+++ b/test/results/stats/default/NTPv4.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5130
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5124
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/Oscar.pcap.out b/test/results/stats/default/Oscar.pcap.out
index e174d9cda..9ded01d52 100644
--- a/test/results/stats/default/Oscar.pcap.out
+++ b/test/results/stats/default/Oscar.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9662
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9656
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/TivoDVR.pcap.out b/test/results/stats/default/TivoDVR.pcap.out
index ac806e262..94368e460 100644
--- a/test/results/stats/default/TivoDVR.pcap.out
+++ b/test/results/stats/default/TivoDVR.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6243
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6237
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/WebattackRCE.pcap.out b/test/results/stats/default/WebattackRCE.pcap.out
index 61f9c1379..5542501d2 100644
--- a/test/results/stats/default/WebattackRCE.pcap.out
+++ b/test/results/stats/default/WebattackRCE.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:3191
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3379261
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3379255
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:797
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:797
diff --git a/test/results/stats/default/WebattackSQLinj.pcap.out b/test/results/stats/default/WebattackSQLinj.pcap.out
index 57f3b4457..789b230ad 100644
--- a/test/results/stats/default/WebattackSQLinj.pcap.out
+++ b/test/results/stats/default/WebattackSQLinj.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:75
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65864
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65858
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/WebattackXSS.pcap.out b/test/results/stats/default/WebattackXSS.pcap.out
index 002f9d86b..2364f5a54 100644
--- a/test/results/stats/default/WebattackXSS.pcap.out
+++ b/test/results/stats/default/WebattackXSS.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:5305
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3632325
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3632317
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:661
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:657
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/activision.pcap.out b/test/results/stats/default/activision.pcap.out
index ee6df4a51..d6fcf597e 100644
--- a/test/results/stats/default/activision.pcap.out
+++ b/test/results/stats/default/activision.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26037
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26027
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/adult_content.pcap.out b/test/results/stats/default/adult_content.pcap.out
index da06885c1..ad6b36bb1 100644
--- a/test/results/stats/default/adult_content.pcap.out
+++ b/test/results/stats/default/adult_content.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9102
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9096
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/afp.pcap.out b/test/results/stats/default/afp.pcap.out
index 6040b6f7d..63ffd72d2 100644
--- a/test/results/stats/default/afp.pcap.out
+++ b/test/results/stats/default/afp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7386
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7380
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/agora-sd-rtn.pcap.out b/test/results/stats/default/agora-sd-rtn.pcap.out
index c2f7376e7..b469924ec 100644
--- a/test/results/stats/default/agora-sd-rtn.pcap.out
+++ b/test/results/stats/default/agora-sd-rtn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:238
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:225892
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:225878
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:26
diff --git a/test/results/stats/default/ah.pcapng.out b/test/results/stats/default/ah.pcapng.out
index 7731f5530..4f43ecd11 100644
--- a/test/results/stats/default/ah.pcapng.out
+++ b/test/results/stats/default/ah.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12175
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12169
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/ajp.pcap.out b/test/results/stats/default/ajp.pcap.out
index 860287ce7..260697f4c 100644
--- a/test/results/stats/default/ajp.pcap.out
+++ b/test/results/stats/default/ajp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:43
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23823
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23817
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/alexa-app.pcapng.out b/test/results/stats/default/alexa-app.pcapng.out
index 2c0187bed..2747db7d2 100644
--- a/test/results/stats/default/alexa-app.pcapng.out
+++ b/test/results/stats/default/alexa-app.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1415
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1268458
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1268452
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:160
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:104
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:56
diff --git a/test/results/stats/default/alicloud.pcap.out b/test/results/stats/default/alicloud.pcap.out
index e1c574bd8..cd552481f 100644
--- a/test/results/stats/default/alicloud.pcap.out
+++ b/test/results/stats/default/alicloud.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:135
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92461
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:92431
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15
diff --git a/test/results/stats/default/among_us.pcap.out b/test/results/stats/default/among_us.pcap.out
index c6fad6daa..d2d8c612c 100644
--- a/test/results/stats/default/among_us.pcap.out
+++ b/test/results/stats/default/among_us.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5054
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5048
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/amqp.pcap.out b/test/results/stats/default/amqp.pcap.out
index ac23898d7..a69745257 100644
--- a/test/results/stats/default/amqp.pcap.out
+++ b/test/results/stats/default/amqp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23195
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23189
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/android.pcap.out b/test/results/stats/default/android.pcap.out
index 71088cbb1..aae572ea8 100644
--- a/test/results/stats/default/android.pcap.out
+++ b/test/results/stats/default/android.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:437
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:374406
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:374400
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:63
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:54
diff --git a/test/results/stats/default/anyconnect-vpn.pcap.out b/test/results/stats/default/anyconnect-vpn.pcap.out
index fa54ac35d..f8205582f 100644
--- a/test/results/stats/default/anyconnect-vpn.pcap.out
+++ b/test/results/stats/default/anyconnect-vpn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:457
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:385180
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:385174
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:69
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:59
diff --git a/test/results/stats/default/anydesk.pcapng.out b/test/results/stats/default/anydesk.pcapng.out
index bd62e0483..1471815f4 100644
--- a/test/results/stats/default/anydesk.pcapng.out
+++ b/test/results/stats/default/anydesk.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:66
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65342
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:65332
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/avast.pcap.out b/test/results/stats/default/avast.pcap.out
index bd77c3a0a..f166a6ff3 100644
--- a/test/results/stats/default/avast.pcap.out
+++ b/test/results/stats/default/avast.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:101
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68518
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68476
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/avast_securedns.pcapng.out b/test/results/stats/default/avast_securedns.pcapng.out
index 39475fc01..ec0d5bf79 100644
--- a/test/results/stats/default/avast_securedns.pcapng.out
+++ b/test/results/stats/default/avast_securedns.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:218
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177858
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:177828
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:39
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:39
diff --git a/test/results/stats/default/bacnet.pcap.out b/test/results/stats/default/bacnet.pcap.out
index bbf9f64c6..cbe1c5f7a 100644
--- a/test/results/stats/default/bacnet.pcap.out
+++ b/test/results/stats/default/bacnet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44588
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44572
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/bad-dns-traffic.pcap.out b/test/results/stats/default/bad-dns-traffic.pcap.out
index 7dafabf3e..3eef2caf9 100644
--- a/test/results/stats/default/bad-dns-traffic.pcap.out
+++ b/test/results/stats/default/bad-dns-traffic.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:39
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40394
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40424
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
@@ -95,8 +95,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
diff --git a/test/results/stats/default/badpackets.pcap.out b/test/results/stats/default/badpackets.pcap.out
index 01e5775b5..0aa8d49df 100644
--- a/test/results/stats/default/badpackets.pcap.out
+++ b/test/results/stats/default/badpackets.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:194
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:127432
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:127424
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/beckhoff_ads.pcapng.out b/test/results/stats/default/beckhoff_ads.pcapng.out
index 52e2dd3bf..1b81b451b 100644
--- a/test/results/stats/default/beckhoff_ads.pcapng.out
+++ b/test/results/stats/default/beckhoff_ads.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9676
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9670
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/bets.pcapng.out b/test/results/stats/default/bets.pcapng.out
index 1db2676c2..68c89ed42 100644
--- a/test/results/stats/default/bets.pcapng.out
+++ b/test/results/stats/default/bets.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11390
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11384
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/bfd.pcap.out b/test/results/stats/default/bfd.pcap.out
index 18b36b097..35b79bdf7 100644
--- a/test/results/stats/default/bfd.pcap.out
+++ b/test/results/stats/default/bfd.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:26
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18517
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18511
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/bitcoin.pcap.out b/test/results/stats/default/bitcoin.pcap.out
index ded220540..fa286c2a9 100644
--- a/test/results/stats/default/bitcoin.pcap.out
+++ b/test/results/stats/default/bitcoin.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49970
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49958
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/bittorrent.pcap.out b/test/results/stats/default/bittorrent.pcap.out
index 9b10d3b07..28c1c68d9 100644
--- a/test/results/stats/default/bittorrent.pcap.out
+++ b/test/results/stats/default/bittorrent.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:164
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:148984
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:148978
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:24
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
diff --git a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out
index 3406490bb..303cd1b1e 100644
--- a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out
+++ b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10989
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10983
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/bittorrent_utp.pcap.out b/test/results/stats/default/bittorrent_utp.pcap.out
index ee5dcc4b3..5f9d4331e 100644
--- a/test/results/stats/default/bittorrent_utp.pcap.out
+++ b/test/results/stats/default/bittorrent_utp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19385
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19377
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/bjnp.pcap.out b/test/results/stats/default/bjnp.pcap.out
index 005ba819e..256eac800 100644
--- a/test/results/stats/default/bjnp.pcap.out
+++ b/test/results/stats/default/bjnp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:43
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34000
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33994
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/bot.pcap.out b/test/results/stats/default/bot.pcap.out
index e4caeb3df..48d920f6b 100644
--- a/test/results/stats/default/bot.pcap.out
+++ b/test/results/stats/default/bot.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10428
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10422
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/bt-dns.pcap.out b/test/results/stats/default/bt-dns.pcap.out
index 5c80590a1..418e72751 100644
--- a/test/results/stats/default/bt-dns.pcap.out
+++ b/test/results/stats/default/bt-dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6067
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6063
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/bt-http.pcapng.out b/test/results/stats/default/bt-http.pcapng.out
index ec8ce5644..2c03b0b66 100644
--- a/test/results/stats/default/bt-http.pcapng.out
+++ b/test/results/stats/default/bt-http.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8648
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8642
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/bt_search.pcap.out b/test/results/stats/default/bt_search.pcap.out
index 27ff0081c..5d388bd49 100644
--- a/test/results/stats/default/bt_search.pcap.out
+++ b/test/results/stats/default/bt_search.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5973
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5967
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/c1222.pcapng.out b/test/results/stats/default/c1222.pcapng.out
index 758b62ade..0d153539f 100644
--- a/test/results/stats/default/c1222.pcapng.out
+++ b/test/results/stats/default/c1222.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9909
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9903
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/cachefly.pcapng.out b/test/results/stats/default/cachefly.pcapng.out
index 0862c0a9e..78cb74b2b 100644
--- a/test/results/stats/default/cachefly.pcapng.out
+++ b/test/results/stats/default/cachefly.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17911
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17905
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/can.pcap.out b/test/results/stats/default/can.pcap.out
index ee54af259..74e3c11e4 100644
--- a/test/results/stats/default/can.pcap.out
+++ b/test/results/stats/default/can.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:36
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29214
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29208
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/capwap.pcap.out b/test/results/stats/default/capwap.pcap.out
index adbea52f6..26ed41546 100644
--- a/test/results/stats/default/capwap.pcap.out
+++ b/test/results/stats/default/capwap.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:70
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56303
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:56297
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/capwap_data.pcapng.out b/test/results/stats/default/capwap_data.pcapng.out
index f012d6f9d..131f8825c 100644
--- a/test/results/stats/default/capwap_data.pcapng.out
+++ b/test/results/stats/default/capwap_data.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:31
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14086
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14080
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/cassandra.pcap.out b/test/results/stats/default/cassandra.pcap.out
index 5fa48f010..c6340152a 100644
--- a/test/results/stats/default/cassandra.pcap.out
+++ b/test/results/stats/default/cassandra.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:26
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17839
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17833
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/ceph.pcap.out b/test/results/stats/default/ceph.pcap.out
index a51e32a8a..74bb816b6 100644
--- a/test/results/stats/default/ceph.pcap.out
+++ b/test/results/stats/default/ceph.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9418
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9412
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/check_mk_new.pcap.out b/test/results/stats/default/check_mk_new.pcap.out
index 75696e59f..1a78d3b9c 100644
--- a/test/results/stats/default/check_mk_new.pcap.out
+++ b/test/results/stats/default/check_mk_new.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9572
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9566
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/chrome.pcap.out b/test/results/stats/default/chrome.pcap.out
index 3ac22fe65..d5c0183f3 100644
--- a/test/results/stats/default/chrome.pcap.out
+++ b/test/results/stats/default/chrome.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48730
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48724
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/cip_io.pcap.out b/test/results/stats/default/cip_io.pcap.out
index 9b47ecd5a..e2ef94d90 100644
--- a/test/results/stats/default/cip_io.pcap.out
+++ b/test/results/stats/default/cip_io.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6822
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6816
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/citrix.pcap.out b/test/results/stats/default/citrix.pcap.out
index 1c4edb889..472cdaad5 100644
--- a/test/results/stats/default/citrix.pcap.out
+++ b/test/results/stats/default/citrix.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8353
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8349
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/cloudflare-warp.pcap.out b/test/results/stats/default/cloudflare-warp.pcap.out
index a2edaac8d..ffccc652b 100644
--- a/test/results/stats/default/cloudflare-warp.pcap.out
+++ b/test/results/stats/default/cloudflare-warp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:63
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48760
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48754
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/coap_mqtt.pcap.out b/test/results/stats/default/coap_mqtt.pcap.out
index c61e945c4..78fd9b031 100644
--- a/test/results/stats/default/coap_mqtt.pcap.out
+++ b/test/results/stats/default/coap_mqtt.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:121
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:102092
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:102082
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:16
diff --git a/test/results/stats/default/collectd.pcap.out b/test/results/stats/default/collectd.pcap.out
index f473284e3..f0ede6a75 100644
--- a/test/results/stats/default/collectd.pcap.out
+++ b/test/results/stats/default/collectd.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:74
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:103040
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:103264
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/corba.pcap.out b/test/results/stats/default/corba.pcap.out
index 6cc8e378e..536a4e340 100644
--- a/test/results/stats/default/corba.pcap.out
+++ b/test/results/stats/default/corba.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14638
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14632
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/cpha.pcap.out b/test/results/stats/default/cpha.pcap.out
index 057537211..f873e335f 100644
--- a/test/results/stats/default/cpha.pcap.out
+++ b/test/results/stats/default/cpha.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5077
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5071
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/crawler_false_positive.pcapng.out b/test/results/stats/default/crawler_false_positive.pcapng.out
index dfd71b057..a44b2189a 100644
--- a/test/results/stats/default/crawler_false_positive.pcapng.out
+++ b/test/results/stats/default/crawler_false_positive.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8746
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8740
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/crynet.pcap.out b/test/results/stats/default/crynet.pcap.out
index d6bbbd08f..4d7ed6b2b 100644
--- a/test/results/stats/default/crynet.pcap.out
+++ b/test/results/stats/default/crynet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:64
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47548
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47532
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/custom_categories.pcapng.out b/test/results/stats/default/custom_categories.pcapng.out
index b156e6f73..cf44cc681 100644
--- a/test/results/stats/default/custom_categories.pcapng.out
+++ b/test/results/stats/default/custom_categories.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26666
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26656
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/custom_risk_mask.pcapng.out b/test/results/stats/default/custom_risk_mask.pcapng.out
index 77968213f..c9e75d640 100644
--- a/test/results/stats/default/custom_risk_mask.pcapng.out
+++ b/test/results/stats/default/custom_risk_mask.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9162
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9156
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/custom_rules_ipv6.pcapng.out b/test/results/stats/default/custom_rules_ipv6.pcapng.out
index 489a2fabe..0b5afecac 100644
--- a/test/results/stats/default/custom_rules_ipv6.pcapng.out
+++ b/test/results/stats/default/custom_rules_ipv6.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:34
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31400
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31390
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out
index 12252f8d5..5d9315bce 100644
--- a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15317
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15309
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/dazn.pcapng.out b/test/results/stats/default/dazn.pcapng.out
index aed967942..a35b07586 100644
--- a/test/results/stats/default/dazn.pcapng.out
+++ b/test/results/stats/default/dazn.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29301
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29295
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/dcerpc.pcap.out b/test/results/stats/default/dcerpc.pcap.out
index 70895c14a..ecc7fb1cf 100644
--- a/test/results/stats/default/dcerpc.pcap.out
+++ b/test/results/stats/default/dcerpc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29220
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29214
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/dhcp-fuzz.pcapng.out b/test/results/stats/default/dhcp-fuzz.pcapng.out
index b6ffec0ab..402d31bd9 100644
--- a/test/results/stats/default/dhcp-fuzz.pcapng.out
+++ b/test/results/stats/default/dhcp-fuzz.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5398
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5392
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/diameter.pcap.out b/test/results/stats/default/diameter.pcap.out
index c848c7632..39816e0bd 100644
--- a/test/results/stats/default/diameter.pcap.out
+++ b/test/results/stats/default/diameter.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9251
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9245
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/discord.pcap.out b/test/results/stats/default/discord.pcap.out
index a55b176c0..6b9cbb4ad 100644
--- a/test/results/stats/default/discord.pcap.out
+++ b/test/results/stats/default/discord.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:316
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:262135
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:262123
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34
diff --git a/test/results/stats/default/discord_mid_flow.pcap.out b/test/results/stats/default/discord_mid_flow.pcap.out
index 2cc60906e..3bcfceafb 100644
--- a/test/results/stats/default/discord_mid_flow.pcap.out
+++ b/test/results/stats/default/discord_mid_flow.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14085
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14079
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/dlep.pcapng.out b/test/results/stats/default/dlep.pcapng.out
index 4bfa8eb5d..504c39745 100644
--- a/test/results/stats/default/dlep.pcapng.out
+++ b/test/results/stats/default/dlep.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12344
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12338
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/dlms.pcap.out b/test/results/stats/default/dlms.pcap.out
index ad7659e2a..c9c42e1db 100644
--- a/test/results/stats/default/dlms.pcap.out
+++ b/test/results/stats/default/dlms.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13721
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13713
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dlt_ppp.pcap.out b/test/results/stats/default/dlt_ppp.pcap.out
index 525ee213e..7c3e7bc36 100644
--- a/test/results/stats/default/dlt_ppp.pcap.out
+++ b/test/results/stats/default/dlt_ppp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3446
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3442
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/dnp3.pcap.out b/test/results/stats/default/dnp3.pcap.out
index 11a165ac3..8411ab896 100644
--- a/test/results/stats/default/dnp3.pcap.out
+++ b/test/results/stats/default/dnp3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:81
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64303
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64283
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/dns-exf.pcap.out b/test/results/stats/default/dns-exf.pcap.out
index 33999d95d..e2dc86f01 100644
--- a/test/results/stats/default/dns-exf.pcap.out
+++ b/test/results/stats/default/dns-exf.pcap.out
@@ -95,8 +95,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
diff --git a/test/results/stats/default/dns-google-nsid.pcapng.out b/test/results/stats/default/dns-google-nsid.pcapng.out
index 36ced1f60..045a8b3a7 100644
--- a/test/results/stats/default/dns-google-nsid.pcapng.out
+++ b/test/results/stats/default/dns-google-nsid.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:46
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40054
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40046
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/dns-invalid-chars.pcap.out b/test/results/stats/default/dns-invalid-chars.pcap.out
index 9b6b5a615..79486f096 100644
--- a/test/results/stats/default/dns-invalid-chars.pcap.out
+++ b/test/results/stats/default/dns-invalid-chars.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7436
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7430
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns-tunnel-iodine.pcap.out b/test/results/stats/default/dns-tunnel-iodine.pcap.out
index 36077f9cf..a281f41e9 100644
--- a/test/results/stats/default/dns-tunnel-iodine.pcap.out
+++ b/test/results/stats/default/dns-tunnel-iodine.pcap.out
@@ -95,8 +95,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
diff --git a/test/results/stats/default/dns.pcap.out b/test/results/stats/default/dns.pcap.out
index 0f1ea1ee8..8c03c20a5 100644
--- a/test/results/stats/default/dns.pcap.out
+++ b/test/results/stats/default/dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8601
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8593
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns2tcp_tunnel.pcap.out b/test/results/stats/default/dns2tcp_tunnel.pcap.out
index 8c001e4e8..cfd8653af 100644
--- a/test/results/stats/default/dns2tcp_tunnel.pcap.out
+++ b/test/results/stats/default/dns2tcp_tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12336
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12330
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns_ambiguous_names.pcap.out b/test/results/stats/default/dns_ambiguous_names.pcap.out
index 4ed5376ac..be2045c5e 100644
--- a/test/results/stats/default/dns_ambiguous_names.pcap.out
+++ b/test/results/stats/default/dns_ambiguous_names.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:63
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55455
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55449
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/dns_doh.pcap.out b/test/results/stats/default/dns_doh.pcap.out
index e5770e938..2b86fa0f6 100644
--- a/test/results/stats/default/dns_doh.pcap.out
+++ b/test/results/stats/default/dns_doh.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11807
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11801
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns_dot.pcap.out b/test/results/stats/default/dns_dot.pcap.out
index cb51aee9f..4e92bc2a6 100644
--- a/test/results/stats/default/dns_dot.pcap.out
+++ b/test/results/stats/default/dns_dot.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10474
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10468
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns_exfiltration.pcap.out b/test/results/stats/default/dns_exfiltration.pcap.out
index 619882402..797113adb 100644
--- a/test/results/stats/default/dns_exfiltration.pcap.out
+++ b/test/results/stats/default/dns_exfiltration.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14279
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14273
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns_fragmented.pcap.out b/test/results/stats/default/dns_fragmented.pcap.out
index 80fed3d0b..de464d098 100644
--- a/test/results/stats/default/dns_fragmented.pcap.out
+++ b/test/results/stats/default/dns_fragmented.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:153
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:146536
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:146526
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19
diff --git a/test/results/stats/default/dns_invert_query.pcapng.out b/test/results/stats/default/dns_invert_query.pcapng.out
index 58f3f7379..3f2f2e199 100644
--- a/test/results/stats/default/dns_invert_query.pcapng.out
+++ b/test/results/stats/default/dns_invert_query.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5864
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5858
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dns_long_domainname.pcap.out b/test/results/stats/default/dns_long_domainname.pcap.out
index 604bd1c3f..69639dcf6 100644
--- a/test/results/stats/default/dns_long_domainname.pcap.out
+++ b/test/results/stats/default/dns_long_domainname.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7405
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7399
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out
index fcc71ec12..fa4349dae 100644
--- a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1539
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581014
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1581006
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:245
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:245
diff --git a/test/results/stats/default/dnscrypt-v2-doh.pcap.out b/test/results/stats/default/dnscrypt-v2-doh.pcap.out
index 22216be00..4cbe244fe 100644
--- a/test/results/stats/default/dnscrypt-v2-doh.pcap.out
+++ b/test/results/stats/default/dnscrypt-v2-doh.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:309
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:416409
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:416403
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34
diff --git a/test/results/stats/default/dnscrypt-v2.pcap.out b/test/results/stats/default/dnscrypt-v2.pcap.out
index 47edeadad..53f5d6fe3 100644
--- a/test/results/stats/default/dnscrypt-v2.pcap.out
+++ b/test/results/stats/default/dnscrypt-v2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:18
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18621
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18615
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out
index cd7907ac6..1bd5cc3b2 100644
--- a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11692
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11684
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/doh.pcapng.out b/test/results/stats/default/doh.pcapng.out
index a2b025b9e..544ea0644 100644
--- a/test/results/stats/default/doh.pcapng.out
+++ b/test/results/stats/default/doh.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12229
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12223
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/doq.pcapng.out b/test/results/stats/default/doq.pcapng.out
index 0dcc5ff32..c70214f89 100644
--- a/test/results/stats/default/doq.pcapng.out
+++ b/test/results/stats/default/doq.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18417
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18411
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/doq_adguard.pcapng.out b/test/results/stats/default/doq_adguard.pcapng.out
index 47983bfcf..de3f4b59f 100644
--- a/test/results/stats/default/doq_adguard.pcapng.out
+++ b/test/results/stats/default/doq_adguard.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16737
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16731
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out
index f0e334944..7cad5ffb3 100644
--- a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:110
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60104
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:60098
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/dotenv.pcap.out b/test/results/stats/default/dotenv.pcap.out
index 625381428..8b741c003 100644
--- a/test/results/stats/default/dotenv.pcap.out
+++ b/test/results/stats/default/dotenv.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9465
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9475
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/drda_db2.pcap.out b/test/results/stats/default/drda_db2.pcap.out
index 538578919..4fd97447d 100644
--- a/test/results/stats/default/drda_db2.pcap.out
+++ b/test/results/stats/default/drda_db2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9750
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9744
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/dropbox.pcap.out b/test/results/stats/default/dropbox.pcap.out
index 4fa0c7454..b765154e4 100644
--- a/test/results/stats/default/dropbox.pcap.out
+++ b/test/results/stats/default/dropbox.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:132
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114246
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:114236
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15
diff --git a/test/results/stats/default/dtls.pcap.out b/test/results/stats/default/dtls.pcap.out
index 9750cde7c..55b91449f 100644
--- a/test/results/stats/default/dtls.pcap.out
+++ b/test/results/stats/default/dtls.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8227
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8221
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dtls2.pcap.out b/test/results/stats/default/dtls2.pcap.out
index e57fd1325..2ca207157 100644
--- a/test/results/stats/default/dtls2.pcap.out
+++ b/test/results/stats/default/dtls2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18040
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18034
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dtls_certificate.pcapng.out b/test/results/stats/default/dtls_certificate.pcapng.out
index 5be31b891..37ee1fcdb 100644
--- a/test/results/stats/default/dtls_certificate.pcapng.out
+++ b/test/results/stats/default/dtls_certificate.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7863
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7857
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dtls_certificate_fragments.pcap.out b/test/results/stats/default/dtls_certificate_fragments.pcap.out
index b20f2ca4c..8e853ece5 100644
--- a/test/results/stats/default/dtls_certificate_fragments.pcap.out
+++ b/test/results/stats/default/dtls_certificate_fragments.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30875
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30867
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/dtls_mid_sessions.pcapng.out b/test/results/stats/default/dtls_mid_sessions.pcapng.out
index 544e3649b..66d00d689 100644
--- a/test/results/stats/default/dtls_mid_sessions.pcapng.out
+++ b/test/results/stats/default/dtls_mid_sessions.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:31
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32984
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32978
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/dtls_old_version.pcapng.out b/test/results/stats/default/dtls_old_version.pcapng.out
index 1f97703f6..d70227962 100644
--- a/test/results/stats/default/dtls_old_version.pcapng.out
+++ b/test/results/stats/default/dtls_old_version.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11578
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11572
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out
index 0a3da3a72..37617ba3e 100644
--- a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9589
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9583
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/edonkey.pcap.out b/test/results/stats/default/edonkey.pcap.out
index 8710373d0..322457456 100644
--- a/test/results/stats/default/edonkey.pcap.out
+++ b/test/results/stats/default/edonkey.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7878
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7872
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/elasticsearch.pcap.out b/test/results/stats/default/elasticsearch.pcap.out
index 4d8040844..a18ba70a4 100644
--- a/test/results/stats/default/elasticsearch.pcap.out
+++ b/test/results/stats/default/elasticsearch.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:44
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38548
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38540
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/elf.pcap.out b/test/results/stats/default/elf.pcap.out
new file mode 100644
index 000000000..571ece3d9
--- /dev/null
+++ b/test/results/stats/default/elf.pcap.out
@@ -0,0 +1,169 @@
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45104
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:62064
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:7
+PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
diff --git a/test/results/stats/default/emotet.pcap.out b/test/results/stats/default/emotet.pcap.out
index 926a2941e..387cc3bce 100644
--- a/test/results/stats/default/emotet.pcap.out
+++ b/test/results/stats/default/emotet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:60
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52881
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:53381
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
@@ -95,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:3
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:2
diff --git a/test/results/stats/default/encrypted_sni.pcap.out b/test/results/stats/default/encrypted_sni.pcap.out
index 6147131a8..87ab89ddd 100644
--- a/test/results/stats/default/encrypted_sni.pcap.out
+++ b/test/results/stats/default/encrypted_sni.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15362
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15356
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/epicgames.pcapng.out b/test/results/stats/default/epicgames.pcapng.out
index 755e5a7fd..92b50f870 100644
--- a/test/results/stats/default/epicgames.pcapng.out
+++ b/test/results/stats/default/epicgames.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24744
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24738
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/esp.pcapng.out b/test/results/stats/default/esp.pcapng.out
index 3bf0b3191..a4805f5ef 100644
--- a/test/results/stats/default/esp.pcapng.out
+++ b/test/results/stats/default/esp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12330
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12324
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/ethereum.pcap.out b/test/results/stats/default/ethereum.pcap.out
index 1080c1144..4439edbd5 100644
--- a/test/results/stats/default/ethereum.pcap.out
+++ b/test/results/stats/default/ethereum.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:573
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509231
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:509225
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:74
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:47
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27
diff --git a/test/results/stats/default/ethernetIP.pcap.out b/test/results/stats/default/ethernetIP.pcap.out
index f8f0278e0..79c25c719 100644
--- a/test/results/stats/default/ethernetIP.pcap.out
+++ b/test/results/stats/default/ethernetIP.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28701
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28695
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/ethersbus.pcap.out b/test/results/stats/default/ethersbus.pcap.out
index b26c9eb6e..deb3dc0e4 100644
--- a/test/results/stats/default/ethersbus.pcap.out
+++ b/test/results/stats/default/ethersbus.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7314
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7308
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ethersio.pcap.out b/test/results/stats/default/ethersio.pcap.out
index 845ebe1b9..353920104 100644
--- a/test/results/stats/default/ethersio.pcap.out
+++ b/test/results/stats/default/ethersio.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9680
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9674
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/exe_download.pcap.out b/test/results/stats/default/exe_download.pcap.out
index 449e50a49..c9f467758 100644
--- a/test/results/stats/default/exe_download.pcap.out
+++ b/test/results/stats/default/exe_download.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9960
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10210
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/default/exe_download_as_png.pcap.out b/test/results/stats/default/exe_download_as_png.pcap.out
index a90ac05ea..f8852692a 100644
--- a/test/results/stats/default/exe_download_as_png.pcap.out
+++ b/test/results/stats/default/exe_download_as_png.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12231
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12225
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/facebook.pcap.out b/test/results/stats/default/facebook.pcap.out
index e273af163..30337543c 100644
--- a/test/results/stats/default/facebook.pcap.out
+++ b/test/results/stats/default/facebook.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20862
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20856
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/fastcgi.pcap.out b/test/results/stats/default/fastcgi.pcap.out
index c016731ad..581446d22 100644
--- a/test/results/stats/default/fastcgi.pcap.out
+++ b/test/results/stats/default/fastcgi.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10892
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10886
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/fins.pcap.out b/test/results/stats/default/fins.pcap.out
index 3bf1a2cd0..8353d0582 100644
--- a/test/results/stats/default/fins.pcap.out
+++ b/test/results/stats/default/fins.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:50
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28316
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:28308
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/firefox.pcap.out b/test/results/stats/default/firefox.pcap.out
index 7175ab590..f972bb155 100644
--- a/test/results/stats/default/firefox.pcap.out
+++ b/test/results/stats/default/firefox.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49168
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49162
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/fix.pcap.out b/test/results/stats/default/fix.pcap.out
index 84a1942fd..c82aa1659 100644
--- a/test/results/stats/default/fix.pcap.out
+++ b/test/results/stats/default/fix.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:104
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:80498
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:80492
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/fix2.pcap.out b/test/results/stats/default/fix2.pcap.out
index 45914e7c9..d98f1c6e9 100644
--- a/test/results/stats/default/fix2.pcap.out
+++ b/test/results/stats/default/fix2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17079
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17073
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/flute.pcapng.out b/test/results/stats/default/flute.pcapng.out
index a4063f1df..124660a6e 100644
--- a/test/results/stats/default/flute.pcapng.out
+++ b/test/results/stats/default/flute.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8219
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8213
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/forticlient.pcap.out b/test/results/stats/default/forticlient.pcap.out
index 0d8bea511..cd852ea9c 100644
--- a/test/results/stats/default/forticlient.pcap.out
+++ b/test/results/stats/default/forticlient.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:54
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:53525
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:53519
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ftp-start-tls.pcap.out b/test/results/stats/default/ftp-start-tls.pcap.out
index 7a165aabc..fbbe46066 100644
--- a/test/results/stats/default/ftp-start-tls.pcap.out
+++ b/test/results/stats/default/ftp-start-tls.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14722
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14716
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ftp.pcap.out b/test/results/stats/default/ftp.pcap.out
index dbed88127..475bbec9f 100644
--- a/test/results/stats/default/ftp.pcap.out
+++ b/test/results/stats/default/ftp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26724
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26454
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
@@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:174
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:111534
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -95,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
diff --git a/test/results/stats/default/ftp_failed.pcap.out b/test/results/stats/default/ftp_failed.pcap.out
index 75ababba3..1a811bb9a 100644
--- a/test/results/stats/default/ftp_failed.pcap.out
+++ b/test/results/stats/default/ftp_failed.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8112
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8106
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out
index 570d31c82..572db7d67 100644
--- a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:2134
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1900503
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1900493
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:257
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:255
diff --git a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out
index fa56bad2d..9efff16c1 100644
--- a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:219
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:190554
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:190548
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:39
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27
diff --git a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out
index fda2afb34..8199e4c27 100644
--- a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:615
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:548029
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:548015
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:79
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:79
diff --git a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
index d12b9aa55..2f9374b36 100644
--- a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3408
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:3402
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/fuzz-2021-10-13.pcap.out b/test/results/stats/default/fuzz-2021-10-13.pcap.out
index f57fb3d49..012da9995 100644
--- a/test/results/stats/default/fuzz-2021-10-13.pcap.out
+++ b/test/results/stats/default/fuzz-2021-10-13.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:5
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2771
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2765
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/gaijin_mobile_mixed.pcap.out b/test/results/stats/default/gaijin_mobile_mixed.pcap.out
index b07be0c1a..c6bd6f2a4 100644
--- a/test/results/stats/default/gaijin_mobile_mixed.pcap.out
+++ b/test/results/stats/default/gaijin_mobile_mixed.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24840
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24832
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/gaijin_warthunder.pcap.out b/test/results/stats/default/gaijin_warthunder.pcap.out
index 37a0f3642..c56f9b117 100644
--- a/test/results/stats/default/gaijin_warthunder.pcap.out
+++ b/test/results/stats/default/gaijin_warthunder.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14243
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14237
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/gearman.pcap.out b/test/results/stats/default/gearman.pcap.out
index a2bc71c9b..60e3a55d7 100644
--- a/test/results/stats/default/gearman.pcap.out
+++ b/test/results/stats/default/gearman.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7289
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7283
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/geforcenow.pcapng.out b/test/results/stats/default/geforcenow.pcapng.out
index 302806e49..40b1c3766 100644
--- a/test/results/stats/default/geforcenow.pcapng.out
+++ b/test/results/stats/default/geforcenow.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32033
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32027
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/genshin-impact.pcap.out b/test/results/stats/default/genshin-impact.pcap.out
index 452e70138..fc0f03b9e 100644
--- a/test/results/stats/default/genshin-impact.pcap.out
+++ b/test/results/stats/default/genshin-impact.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:56
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39820
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39804
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/git.pcap.out b/test/results/stats/default/git.pcap.out
index 837e6b707..72c328df4 100644
--- a/test/results/stats/default/git.pcap.out
+++ b/test/results/stats/default/git.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9565
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9559
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/gnutella.pcap.out b/test/results/stats/default/gnutella.pcap.out
index ce83fbe84..42205653d 100644
--- a/test/results/stats/default/gnutella.pcap.out
+++ b/test/results/stats/default/gnutella.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:6866
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5752913
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5753419
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:801
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:66
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:735
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:2
diff --git a/test/results/stats/default/google_chat.pcapng.out b/test/results/stats/default/google_chat.pcapng.out
index 70f594f7f..74c965af2 100644
--- a/test/results/stats/default/google_chat.pcapng.out
+++ b/test/results/stats/default/google_chat.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9887
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9881
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/google_meet.pcapng.out b/test/results/stats/default/google_meet.pcapng.out
index 08eecffca..873a46b81 100644
--- a/test/results/stats/default/google_meet.pcapng.out
+++ b/test/results/stats/default/google_meet.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22246
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22240
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/google_ssl.pcap.out b/test/results/stats/default/google_ssl.pcap.out
index 1f83770db..28d5c811a 100644
--- a/test/results/stats/default/google_ssl.pcap.out
+++ b/test/results/stats/default/google_ssl.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7280
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7274
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/googledns_android10.pcap.out b/test/results/stats/default/googledns_android10.pcap.out
index 1ead73a3c..e8c748d18 100644
--- a/test/results/stats/default/googledns_android10.pcap.out
+++ b/test/results/stats/default/googledns_android10.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:77
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:70746
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:70740
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/gquic.pcap.out b/test/results/stats/default/gquic.pcap.out
index 198b3ef5e..2ecfc36b6 100644
--- a/test/results/stats/default/gquic.pcap.out
+++ b/test/results/stats/default/gquic.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7048
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7042
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/gquic_only_from_server.pcap.out b/test/results/stats/default/gquic_only_from_server.pcap.out
index ef4da6934..579b2c2a5 100644
--- a/test/results/stats/default/gquic_only_from_server.pcap.out
+++ b/test/results/stats/default/gquic_only_from_server.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14745
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14739
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/gre.pcapng.out b/test/results/stats/default/gre.pcapng.out
index 022cc97ee..b3c6af716 100644
--- a/test/results/stats/default/gre.pcapng.out
+++ b/test/results/stats/default/gre.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5416
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5410
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/gtp_c.pcap.out b/test/results/stats/default/gtp_c.pcap.out
index 76fc6accb..0398ab4ed 100644
--- a/test/results/stats/default/gtp_c.pcap.out
+++ b/test/results/stats/default/gtp_c.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7318
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7312
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/gtp_false_positive.pcapng.out b/test/results/stats/default/gtp_false_positive.pcapng.out
index c805ca891..44ad39313 100644
--- a/test/results/stats/default/gtp_false_positive.pcapng.out
+++ b/test/results/stats/default/gtp_false_positive.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:22
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16450
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16440
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/gtp_prime.pcapng.out b/test/results/stats/default/gtp_prime.pcapng.out
index f975ab548..358defd8e 100644
--- a/test/results/stats/default/gtp_prime.pcapng.out
+++ b/test/results/stats/default/gtp_prime.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:5
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2880
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2874
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/h323-overflow.pcap.out b/test/results/stats/default/h323-overflow.pcap.out
index e9d09afea..593a330a7 100644
--- a/test/results/stats/default/h323-overflow.pcap.out
+++ b/test/results/stats/default/h323-overflow.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5058
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5052
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/h323.pcap.out b/test/results/stats/default/h323.pcap.out
index 8006d7af8..e46ef4e49 100644
--- a/test/results/stats/default/h323.pcap.out
+++ b/test/results/stats/default/h323.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12122
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12116
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/h323_tcp.pcap.out b/test/results/stats/default/h323_tcp.pcap.out
index 2a85c8226..24107f2b8 100644
--- a/test/results/stats/default/h323_tcp.pcap.out
+++ b/test/results/stats/default/h323_tcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7547
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7541
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/haproxy.pcap.out b/test/results/stats/default/haproxy.pcap.out
index a49b55bd6..1f02b4af8 100644
--- a/test/results/stats/default/haproxy.pcap.out
+++ b/test/results/stats/default/haproxy.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5481
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5475
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/hart_ip.pcap.out b/test/results/stats/default/hart_ip.pcap.out
index 24628a9fb..746e9933e 100644
--- a/test/results/stats/default/hart_ip.pcap.out
+++ b/test/results/stats/default/hart_ip.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18169
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18163
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out
index 54c423da7..efed551a5 100644
--- a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out
+++ b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:57
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45401
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45391
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/hislip.pcap.out b/test/results/stats/default/hislip.pcap.out
index ab7d22ffd..8a40a6177 100644
--- a/test/results/stats/default/hislip.pcap.out
+++ b/test/results/stats/default/hislip.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:39
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32630
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32624
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/hl7.pcap.out b/test/results/stats/default/hl7.pcap.out
index 5afdc6020..ed73a79df 100644
--- a/test/results/stats/default/hl7.pcap.out
+++ b/test/results/stats/default/hl7.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8328
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8322
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/hots.pcapng.out b/test/results/stats/default/hots.pcapng.out
index 56e60473a..b53eabe62 100644
--- a/test/results/stats/default/hots.pcapng.out
+++ b/test/results/stats/default/hots.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25608
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25598
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/hpvirtgrp.pcap.out b/test/results/stats/default/hpvirtgrp.pcap.out
index 551af1e3d..056a2767c 100644
--- a/test/results/stats/default/hpvirtgrp.pcap.out
+++ b/test/results/stats/default/hpvirtgrp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:82
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57222
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57202
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/hsrp0.pcap.out b/test/results/stats/default/hsrp0.pcap.out
index a9ddcc6d9..5d4fb35d9 100644
--- a/test/results/stats/default/hsrp0.pcap.out
+++ b/test/results/stats/default/hsrp0.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14756
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14750
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/hsrp2.pcap.out b/test/results/stats/default/hsrp2.pcap.out
index 2ef503f4a..f1323472f 100644
--- a/test/results/stats/default/hsrp2.pcap.out
+++ b/test/results/stats/default/hsrp2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8394
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8388
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/hsrp2_ipv6.pcapng.out b/test/results/stats/default/hsrp2_ipv6.pcapng.out
index bbccda675..ef8ed47a0 100644
--- a/test/results/stats/default/hsrp2_ipv6.pcapng.out
+++ b/test/results/stats/default/hsrp2_ipv6.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18281
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18275
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/http-crash-content-disposition.pcap.out b/test/results/stats/default/http-crash-content-disposition.pcap.out
index b6d0ee00a..3b5b604d5 100644
--- a/test/results/stats/default/http-crash-content-disposition.pcap.out
+++ b/test/results/stats/default/http-crash-content-disposition.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8328
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8322
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/http-lines-split.pcap.out b/test/results/stats/default/http-lines-split.pcap.out
index 0dcb8d825..9e403d29c 100644
--- a/test/results/stats/default/http-lines-split.pcap.out
+++ b/test/results/stats/default/http-lines-split.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9070
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9064
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http-manipulated.pcap.out b/test/results/stats/default/http-manipulated.pcap.out
index efbc2fbea..d987cbf56 100644
--- a/test/results/stats/default/http-manipulated.pcap.out
+++ b/test/results/stats/default/http-manipulated.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14920
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14912
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/http-proxy.pcapng.out b/test/results/stats/default/http-proxy.pcapng.out
index 7156426ff..ccaf9a1b3 100644
--- a/test/results/stats/default/http-proxy.pcapng.out
+++ b/test/results/stats/default/http-proxy.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7933
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7927
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http.pcapng.out b/test/results/stats/default/http.pcapng.out
index 77a6d521a..6ef1df07b 100644
--- a/test/results/stats/default/http.pcapng.out
+++ b/test/results/stats/default/http.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7551
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7545
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http2.pcapng.out b/test/results/stats/default/http2.pcapng.out
index 1f7826ce9..8d23f005b 100644
--- a/test/results/stats/default/http2.pcapng.out
+++ b/test/results/stats/default/http2.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7817
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7811
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/http_asymmetric.pcapng.out b/test/results/stats/default/http_asymmetric.pcapng.out
index 084dc554a..0edc13bdb 100644
--- a/test/results/stats/default/http_asymmetric.pcapng.out
+++ b/test/results/stats/default/http_asymmetric.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20864
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20858
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_auth.pcap.out b/test/results/stats/default/http_auth.pcap.out
index eedac873d..fbd4879d7 100644
--- a/test/results/stats/default/http_auth.pcap.out
+++ b/test/results/stats/default/http_auth.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12880
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12874
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_connect.pcap.out b/test/results/stats/default/http_connect.pcap.out
index 9b6afd632..f630ce0d1 100644
--- a/test/results/stats/default/http_connect.pcap.out
+++ b/test/results/stats/default/http_connect.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24967
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24961
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out
index d936a0b45..d55059062 100644
--- a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out
+++ b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5537
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5531
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_invalid_server.pcap.out b/test/results/stats/default/http_invalid_server.pcap.out
index 89f0351a4..1d93ebee7 100644
--- a/test/results/stats/default/http_invalid_server.pcap.out
+++ b/test/results/stats/default/http_invalid_server.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9413
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9407
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_ipv6.pcap.out b/test/results/stats/default/http_ipv6.pcap.out
index 5ece38c45..cdd10086d 100644
--- a/test/results/stats/default/http_ipv6.pcap.out
+++ b/test/results/stats/default/http_ipv6.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:117
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:105893
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:106005
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/http_on_sip_port.pcap.out b/test/results/stats/default/http_on_sip_port.pcap.out
index 23e28437d..57f2308b0 100644
--- a/test/results/stats/default/http_on_sip_port.pcap.out
+++ b/test/results/stats/default/http_on_sip_port.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11319
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11313
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/http_origin_different_than_host.pcap.out b/test/results/stats/default/http_origin_different_than_host.pcap.out
index 6ce55e91e..d7d2fa184 100644
--- a/test/results/stats/default/http_origin_different_than_host.pcap.out
+++ b/test/results/stats/default/http_origin_different_than_host.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6192
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6186
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_starting_with_reply.pcapng.out b/test/results/stats/default/http_starting_with_reply.pcapng.out
index 1b0f8c2b9..4b298170b 100644
--- a/test/results/stats/default/http_starting_with_reply.pcapng.out
+++ b/test/results/stats/default/http_starting_with_reply.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16346
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16340
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out
index 55da2c44c..de01c426c 100644
--- a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out
+++ b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13340
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13334
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/i3d.pcap.out b/test/results/stats/default/i3d.pcap.out
index 4f6d58e79..92f294993 100644
--- a/test/results/stats/default/i3d.pcap.out
+++ b/test/results/stats/default/i3d.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33186
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33176
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/iax.pcap.out b/test/results/stats/default/iax.pcap.out
index e0f952b40..7d478cc59 100644
--- a/test/results/stats/default/iax.pcap.out
+++ b/test/results/stats/default/iax.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9447
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9441
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/icmp-tunnel.pcap.out b/test/results/stats/default/icmp-tunnel.pcap.out
index a6ddf4ac0..b5931b8be 100644
--- a/test/results/stats/default/icmp-tunnel.pcap.out
+++ b/test/results/stats/default/icmp-tunnel.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:39
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39278
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39270
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/iec60780-5-104.pcap.out b/test/results/stats/default/iec60780-5-104.pcap.out
index a8e153891..76b75b7cb 100644
--- a/test/results/stats/default/iec60780-5-104.pcap.out
+++ b/test/results/stats/default/iec60780-5-104.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:53
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37842
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37834
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ieee_c37118.pcap.out b/test/results/stats/default/ieee_c37118.pcap.out
index 46adcf584..4c5614677 100644
--- a/test/results/stats/default/ieee_c37118.pcap.out
+++ b/test/results/stats/default/ieee_c37118.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:22
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18472
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18464
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/imap-starttls.pcap.out b/test/results/stats/default/imap-starttls.pcap.out
index 6e1c882fe..4b467dfbb 100644
--- a/test/results/stats/default/imap-starttls.pcap.out
+++ b/test/results/stats/default/imap-starttls.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14697
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14691
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/imap.pcap.out b/test/results/stats/default/imap.pcap.out
index 06eb2deb6..074cb30da 100644
--- a/test/results/stats/default/imap.pcap.out
+++ b/test/results/stats/default/imap.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10232
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10226
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/imaps.pcap.out b/test/results/stats/default/imaps.pcap.out
index 3411a3780..1200444b1 100644
--- a/test/results/stats/default/imaps.pcap.out
+++ b/test/results/stats/default/imaps.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18231
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18223
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/imo.pcap.out b/test/results/stats/default/imo.pcap.out
index 23b5977ad..b0d275feb 100644
--- a/test/results/stats/default/imo.pcap.out
+++ b/test/results/stats/default/imo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19512
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19506
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/instagram.pcap.out b/test/results/stats/default/instagram.pcap.out
index 14627805a..4b9f98611 100644
--- a/test/results/stats/default/instagram.pcap.out
+++ b/test/results/stats/default/instagram.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:299
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:319254
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:319718
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:38
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32
diff --git a/test/results/stats/default/ip_fragmented_garbage.pcap.out b/test/results/stats/default/ip_fragmented_garbage.pcap.out
index c839e8185..9402ce196 100644
--- a/test/results/stats/default/ip_fragmented_garbage.pcap.out
+++ b/test/results/stats/default/ip_fragmented_garbage.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:51
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25523
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25517
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/iphone.pcap.out b/test/results/stats/default/iphone.pcap.out
index dae7b264d..ce53b4c95 100644
--- a/test/results/stats/default/iphone.pcap.out
+++ b/test/results/stats/default/iphone.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:356
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:323613
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:323607
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:51
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48
diff --git a/test/results/stats/default/ipp.pcap.out b/test/results/stats/default/ipp.pcap.out
index 6076d46a9..b018c37bc 100644
--- a/test/results/stats/default/ipp.pcap.out
+++ b/test/results/stats/default/ipp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24124
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24118
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ipsec_isakmp_esp.pcap.out b/test/results/stats/default/ipsec_isakmp_esp.pcap.out
index f342890cf..da8c3b075 100644
--- a/test/results/stats/default/ipsec_isakmp_esp.pcap.out
+++ b/test/results/stats/default/ipsec_isakmp_esp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:321
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:314822
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:314796
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:36
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:36
diff --git a/test/results/stats/default/ipv6_in_gtp.pcap.out b/test/results/stats/default/ipv6_in_gtp.pcap.out
index 89c552e0e..7b178f6a2 100644
--- a/test/results/stats/default/ipv6_in_gtp.pcap.out
+++ b/test/results/stats/default/ipv6_in_gtp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:4164
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:4156
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/irc.pcap.out b/test/results/stats/default/irc.pcap.out
index 652a3579b..06020a8d6 100644
--- a/test/results/stats/default/irc.pcap.out
+++ b/test/results/stats/default/irc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8026
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8020
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/iso9506-1-mms.pcap.out b/test/results/stats/default/iso9506-1-mms.pcap.out
index 528317cb9..0a6d792d2 100644
--- a/test/results/stats/default/iso9506-1-mms.pcap.out
+++ b/test/results/stats/default/iso9506-1-mms.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7388
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7382
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out
index f4d9ce35b..34a33a8bb 100644
--- a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15871
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15865
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
index 954cb5f31..f9a0adebf 100644
--- a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22385
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22379
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/jabber.pcap.out b/test/results/stats/default/jabber.pcap.out
index 9a87ea20a..b76bd9f89 100644
--- a/test/results/stats/default/jabber.pcap.out
+++ b/test/results/stats/default/jabber.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:110
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:81357
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:81335
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/jsonrpc.pcap.out b/test/results/stats/default/jsonrpc.pcap.out
index 95c11d497..1cdbbb7fd 100644
--- a/test/results/stats/default/jsonrpc.pcap.out
+++ b/test/results/stats/default/jsonrpc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16294
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16288
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/kafka.pcapng.out b/test/results/stats/default/kafka.pcapng.out
index 0d644e367..ad9a3a7ff 100644
--- a/test/results/stats/default/kafka.pcapng.out
+++ b/test/results/stats/default/kafka.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7390
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7388
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/kcp.pcap.out b/test/results/stats/default/kcp.pcap.out
index a23602f48..b6edfff38 100644
--- a/test/results/stats/default/kcp.pcap.out
+++ b/test/results/stats/default/kcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:36
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46199
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46193
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/kerberos-error.pcap.out b/test/results/stats/default/kerberos-error.pcap.out
index f3ef1e076..e104e6958 100644
--- a/test/results/stats/default/kerberos-error.pcap.out
+++ b/test/results/stats/default/kerberos-error.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6282
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6276
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/kerberos-login.pcap.out b/test/results/stats/default/kerberos-login.pcap.out
index 7b64a1175..b5bd9078a 100644
--- a/test/results/stats/default/kerberos-login.pcap.out
+++ b/test/results/stats/default/kerberos-login.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:101255
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:101247
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/kerberos.pcap.out b/test/results/stats/default/kerberos.pcap.out
index b4bd892e9..b8c317a9b 100644
--- a/test/results/stats/default/kerberos.pcap.out
+++ b/test/results/stats/default/kerberos.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:190
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:172997
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:174525
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:36
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:36
diff --git a/test/results/stats/default/kerberos_fuzz.pcapng.out b/test/results/stats/default/kerberos_fuzz.pcapng.out
index d8df45af7..3320b3651 100644
--- a/test/results/stats/default/kerberos_fuzz.pcapng.out
+++ b/test/results/stats/default/kerberos_fuzz.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5589
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5583
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/kismet.pcap.out b/test/results/stats/default/kismet.pcap.out
index b8723c58c..bac089722 100644
--- a/test/results/stats/default/kismet.pcap.out
+++ b/test/results/stats/default/kismet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9764
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9758
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/kontiki.pcap.out b/test/results/stats/default/kontiki.pcap.out
index fc08ff680..c6cfca2ef 100644
--- a/test/results/stats/default/kontiki.pcap.out
+++ b/test/results/stats/default/kontiki.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:48
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38397
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38509
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/line.pcap.out b/test/results/stats/default/line.pcap.out
index 8d97debad..6a89035be 100644
--- a/test/results/stats/default/line.pcap.out
+++ b/test/results/stats/default/line.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:51
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52145
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:52137
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/linecall_falsepositve.pcap.out b/test/results/stats/default/linecall_falsepositve.pcap.out
index b6a21e18d..6d1bcf2ab 100644
--- a/test/results/stats/default/linecall_falsepositve.pcap.out
+++ b/test/results/stats/default/linecall_falsepositve.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:67
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39115
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39109
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/lisp_registration.pcap.out b/test/results/stats/default/lisp_registration.pcap.out
index 6f63b00fe..da658b647 100644
--- a/test/results/stats/default/lisp_registration.pcap.out
+++ b/test/results/stats/default/lisp_registration.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26539
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26533
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/log4j-webapp-exploit.pcap.out b/test/results/stats/default/log4j-webapp-exploit.pcap.out
index 0cc326f96..6d41056c2 100644
--- a/test/results/stats/default/log4j-webapp-exploit.pcap.out
+++ b/test/results/stats/default/log4j-webapp-exploit.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:67
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51205
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:51199
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/lol_wild_rift_udp.pcap.out b/test/results/stats/default/lol_wild_rift_udp.pcap.out
index a7b5888bd..20f32d29a 100644
--- a/test/results/stats/default/lol_wild_rift_udp.pcap.out
+++ b/test/results/stats/default/lol_wild_rift_udp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24051
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24037
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/long_tls_certificate.pcap.out b/test/results/stats/default/long_tls_certificate.pcap.out
index 1ad7ace07..f15d5858f 100644
--- a/test/results/stats/default/long_tls_certificate.pcap.out
+++ b/test/results/stats/default/long_tls_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17333
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17327
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/lru_ipv6_caches.pcapng.out b/test/results/stats/default/lru_ipv6_caches.pcapng.out
index 7dcdaa3d8..ac7365164 100644
--- a/test/results/stats/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/stats/default/lru_ipv6_caches.pcapng.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:86
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:87625
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91461
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:14408
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:846
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:41
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,7 +94,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/malformed_dns.pcap.out b/test/results/stats/default/malformed_dns.pcap.out
index 694162da6..f1578e87d 100644
--- a/test/results/stats/default/malformed_dns.pcap.out
+++ b/test/results/stats/default/malformed_dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15780
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15774
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/malformed_icmp.pcap.out b/test/results/stats/default/malformed_icmp.pcap.out
index f294f9672..3d7ae2547 100644
--- a/test/results/stats/default/malformed_icmp.pcap.out
+++ b/test/results/stats/default/malformed_icmp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5254
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5248
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/malware.pcap.out b/test/results/stats/default/malware.pcap.out
index 67cf48af1..fd263d10e 100644
--- a/test/results/stats/default/malware.pcap.out
+++ b/test/results/stats/default/malware.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:44
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39809
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39799
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/memcached.cap.out b/test/results/stats/default/memcached.cap.out
index cdc57af18..6b8fc78da 100644
--- a/test/results/stats/default/memcached.cap.out
+++ b/test/results/stats/default/memcached.cap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7354
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7348
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/merakicloud.pcapng.out b/test/results/stats/default/merakicloud.pcapng.out
index f3b967655..35b08e1ce 100644
--- a/test/results/stats/default/merakicloud.pcapng.out
+++ b/test/results/stats/default/merakicloud.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17135
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17129
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/mgcp.pcap.out b/test/results/stats/default/mgcp.pcap.out
index d4dfe7043..9f98c485b 100644
--- a/test/results/stats/default/mgcp.pcap.out
+++ b/test/results/stats/default/mgcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:36
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26350
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26336
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/mining.pcapng.out b/test/results/stats/default/mining.pcapng.out
index 1e8d39331..4f400e0d9 100644
--- a/test/results/stats/default/mining.pcapng.out
+++ b/test/results/stats/default/mining.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:41
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36316
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:36306
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/modbus.pcap.out b/test/results/stats/default/modbus.pcap.out
index a46fe7d9b..5678aa63d 100644
--- a/test/results/stats/default/modbus.pcap.out
+++ b/test/results/stats/default/modbus.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9518
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9512
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/monero.pcap.out b/test/results/stats/default/monero.pcap.out
index 5d15cc801..cd5ded36d 100644
--- a/test/results/stats/default/monero.pcap.out
+++ b/test/results/stats/default/monero.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:35
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25220
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25214
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/mongo_false_positive.pcapng.out b/test/results/stats/default/mongo_false_positive.pcapng.out
index 83d8fa83c..95971f2a8 100644
--- a/test/results/stats/default/mongo_false_positive.pcapng.out
+++ b/test/results/stats/default/mongo_false_positive.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10464
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10458
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/mongodb.pcap.out b/test/results/stats/default/mongodb.pcap.out
index af91e2096..3aeca1b60 100644
--- a/test/results/stats/default/mongodb.pcap.out
+++ b/test/results/stats/default/mongodb.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31685
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:31671
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/mpeg-dash.pcap.out b/test/results/stats/default/mpeg-dash.pcap.out
index 0e91392ad..6ff4ccb46 100644
--- a/test/results/stats/default/mpeg-dash.pcap.out
+++ b/test/results/stats/default/mpeg-dash.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27834
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27826
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/mpeg.pcap.out b/test/results/stats/default/mpeg.pcap.out
index 9aa808a88..c7d54db12 100644
--- a/test/results/stats/default/mpeg.pcap.out
+++ b/test/results/stats/default/mpeg.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8754
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8748
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/mpegts.pcap.out b/test/results/stats/default/mpegts.pcap.out
index c5e91a43f..b8fe494ad 100644
--- a/test/results/stats/default/mpegts.pcap.out
+++ b/test/results/stats/default/mpegts.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7348
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7342
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/mqtt.pcap.out b/test/results/stats/default/mqtt.pcap.out
index ef92a2260..df0b6bb07 100644
--- a/test/results/stats/default/mqtt.pcap.out
+++ b/test/results/stats/default/mqtt.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11047
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11041
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/mssql_tds.pcap.out b/test/results/stats/default/mssql_tds.pcap.out
index 23fefc148..90745750a 100644
--- a/test/results/stats/default/mssql_tds.pcap.out
+++ b/test/results/stats/default/mssql_tds.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:65
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64535
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:64525
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/mullvad_dns.pcap.out b/test/results/stats/default/mullvad_dns.pcap.out
index 6256e4002..d8240cc13 100644
--- a/test/results/stats/default/mullvad_dns.pcap.out
+++ b/test/results/stats/default/mullvad_dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7023
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7017
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/mullvad_wireguard.pcap.out b/test/results/stats/default/mullvad_wireguard.pcap.out
index 80d36243b..593b0f5e6 100644
--- a/test/results/stats/default/mullvad_wireguard.pcap.out
+++ b/test/results/stats/default/mullvad_wireguard.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8245
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8239
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/mumble.pcapng.out b/test/results/stats/default/mumble.pcapng.out
index 57ef7402c..7279f2b4d 100644
--- a/test/results/stats/default/mumble.pcapng.out
+++ b/test/results/stats/default/mumble.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:22
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17497
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17491
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/munin.pcap.out b/test/results/stats/default/munin.pcap.out
index 5165dd4ff..10db9f7e6 100644
--- a/test/results/stats/default/munin.pcap.out
+++ b/test/results/stats/default/munin.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25843
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25831
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/mysql.pcapng.out b/test/results/stats/default/mysql.pcapng.out
index 8f873de2a..8411a97b8 100644
--- a/test/results/stats/default/mysql.pcapng.out
+++ b/test/results/stats/default/mysql.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13762
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13754
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/natpmp.pcap.out b/test/results/stats/default/natpmp.pcap.out
index f7530c885..c8fd8bdc9 100644
--- a/test/results/stats/default/natpmp.pcap.out
+++ b/test/results/stats/default/natpmp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:31
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24155
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24147
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/nats.pcap.out b/test/results/stats/default/nats.pcap.out
index ba191b152..d92cdb554 100644
--- a/test/results/stats/default/nats.pcap.out
+++ b/test/results/stats/default/nats.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13447
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13441
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out
index 6b0f2c78f..6380761ce 100644
--- a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12521
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12513
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/nest_log_sink.pcap.out b/test/results/stats/default/nest_log_sink.pcap.out
index 0e8cdea7c..40171f710 100644
--- a/test/results/stats/default/nest_log_sink.pcap.out
+++ b/test/results/stats/default/nest_log_sink.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:168
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:146447
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:146419
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/netbios.pcap.out b/test/results/stats/default/netbios.pcap.out
index aead1f0a0..2ef8fdfb3 100644
--- a/test/results/stats/default/netbios.pcap.out
+++ b/test/results/stats/default/netbios.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:83
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68942
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68936
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15
diff --git a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out
index e08baf928..088dc2e2c 100644
--- a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5390
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5384
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/netease_games.pcapng.out b/test/results/stats/default/netease_games.pcapng.out
index 85d86edfd..74b0b74f8 100644
--- a/test/results/stats/default/netease_games.pcapng.out
+++ b/test/results/stats/default/netease_games.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33521
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33511
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/netflix.pcap.out b/test/results/stats/default/netflix.pcap.out
index c9565558d..4219611fc 100644
--- a/test/results/stats/default/netflix.pcap.out
+++ b/test/results/stats/default/netflix.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:557
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:555733
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:556677
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:61
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:31
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:30
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:70
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:18
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:18
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:18
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:18
diff --git a/test/results/stats/default/netflow-fritz.pcap.out b/test/results/stats/default/netflow-fritz.pcap.out
index 1b2846bf5..669237680 100644
--- a/test/results/stats/default/netflow-fritz.pcap.out
+++ b/test/results/stats/default/netflow-fritz.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5365
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5359
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/netflowv9.pcap.out b/test/results/stats/default/netflowv9.pcap.out
index ee764486a..46f430e1c 100644
--- a/test/results/stats/default/netflowv9.pcap.out
+++ b/test/results/stats/default/netflowv9.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16551
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16545
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/nfsv2.pcap.out b/test/results/stats/default/nfsv2.pcap.out
index a01db6841..8e9bcf207 100644
--- a/test/results/stats/default/nfsv2.pcap.out
+++ b/test/results/stats/default/nfsv2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34513
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:34507
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/nfsv3.pcap.out b/test/results/stats/default/nfsv3.pcap.out
index c73566fa9..3f45b1cb4 100644
--- a/test/results/stats/default/nfsv3.pcap.out
+++ b/test/results/stats/default/nfsv3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:47
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38784
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38778
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/nintendo.pcap.out b/test/results/stats/default/nintendo.pcap.out
index aa4accbdf..a6492d907 100644
--- a/test/results/stats/default/nintendo.pcap.out
+++ b/test/results/stats/default/nintendo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:164
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:135379
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:135476
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19
diff --git a/test/results/stats/default/nntp.pcap.out b/test/results/stats/default/nntp.pcap.out
index 3bfb650a7..89bd715f4 100644
--- a/test/results/stats/default/nntp.pcap.out
+++ b/test/results/stats/default/nntp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9676
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9670
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/no_sni.pcap.out b/test/results/stats/default/no_sni.pcap.out
index fd4448174..639bfacc1 100644
--- a/test/results/stats/default/no_sni.pcap.out
+++ b/test/results/stats/default/no_sni.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:79
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:71222
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:71216
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/nomachine.pcapng.out b/test/results/stats/default/nomachine.pcapng.out
index 25fe70c40..bc1df978c 100644
--- a/test/results/stats/default/nomachine.pcapng.out
+++ b/test/results/stats/default/nomachine.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15611
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15605
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ocs.pcap.out b/test/results/stats/default/ocs.pcap.out
index e656f6b8f..f606fc26e 100644
--- a/test/results/stats/default/ocs.pcap.out
+++ b/test/results/stats/default/ocs.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:137
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:113495
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:113489
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:20
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:15
diff --git a/test/results/stats/default/ocsp.pcapng.out b/test/results/stats/default/ocsp.pcapng.out
index aa3e7cba5..7ef47e109 100644
--- a/test/results/stats/default/ocsp.pcapng.out
+++ b/test/results/stats/default/ocsp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:93
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:84569
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:84555
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/oicq.pcap.out b/test/results/stats/default/oicq.pcap.out
index bc97fb197..ce10331bc 100644
--- a/test/results/stats/default/oicq.pcap.out
+++ b/test/results/stats/default/oicq.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:146
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118301
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:118269
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:29
diff --git a/test/results/stats/default/ookla.pcap.out b/test/results/stats/default/ookla.pcap.out
index e210ddb71..689f5e17d 100644
--- a/test/results/stats/default/ookla.pcap.out
+++ b/test/results/stats/default/ookla.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:56
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43520
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43512
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/opc-ua.pcap.out b/test/results/stats/default/opc-ua.pcap.out
index 50dbed409..da46278da 100644
--- a/test/results/stats/default/opc-ua.pcap.out
+++ b/test/results/stats/default/opc-ua.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9463
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9457
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/openflow.pcap.out b/test/results/stats/default/openflow.pcap.out
index 1c0ebdf5f..757ce9b47 100644
--- a/test/results/stats/default/openflow.pcap.out
+++ b/test/results/stats/default/openflow.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7388
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7382
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/openvpn-tlscrypt.pcap.out b/test/results/stats/default/openvpn-tlscrypt.pcap.out
index 0e32a2c38..1e509cd52 100644
--- a/test/results/stats/default/openvpn-tlscrypt.pcap.out
+++ b/test/results/stats/default/openvpn-tlscrypt.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17361
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17355
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/openvpn.pcap.out b/test/results/stats/default/openvpn.pcap.out
index db230ba97..ccc42b674 100644
--- a/test/results/stats/default/openvpn.pcap.out
+++ b/test/results/stats/default/openvpn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:78
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:72468
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:72452
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/openvpn_nohmac.pcapng.out b/test/results/stats/default/openvpn_nohmac.pcapng.out
index 86732f1a0..21575ea06 100644
--- a/test/results/stats/default/openvpn_nohmac.pcapng.out
+++ b/test/results/stats/default/openvpn_nohmac.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10820
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10814
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out b/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out
index a989c1787..68a42fbaa 100644
--- a/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out
+++ b/test/results/stats/default/openvpn_nohmac_tcp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9709
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9703
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/opera-vpn.pcapng.out b/test/results/stats/default/opera-vpn.pcapng.out
index f4bf5a9a4..e5e261821 100644
--- a/test/results/stats/default/opera-vpn.pcapng.out
+++ b/test/results/stats/default/opera-vpn.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:618
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:617531
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:617525
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:62
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:28
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:34
diff --git a/test/results/stats/default/oracle12.pcapng.out b/test/results/stats/default/oracle12.pcapng.out
index 6b9cfd7b8..4f12f1a55 100644
--- a/test/results/stats/default/oracle12.pcapng.out
+++ b/test/results/stats/default/oracle12.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7424
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7418
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/os_detected.pcapng.out b/test/results/stats/default/os_detected.pcapng.out
index 8037b21b9..3f45271fb 100644
--- a/test/results/stats/default/os_detected.pcapng.out
+++ b/test/results/stats/default/os_detected.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7700
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7694
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out
index 3f09904bd..7495f9989 100644
--- a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out
+++ b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5737
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5731
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out
index d99696999..4a2045508 100644
--- a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48788
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:48772
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out
index d827df7c0..b37815687 100644
--- a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:65
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49019
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:49007
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out
index 3625a9baa..c30bbdcb4 100644
--- a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out
+++ b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7091
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7085
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out
index 1bb31b5d9..82b024f11 100644
--- a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5447
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5441
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/path_of_exile.pcapng.out b/test/results/stats/default/path_of_exile.pcapng.out
index 7fbda00d9..d9047ff76 100644
--- a/test/results/stats/default/path_of_exile.pcapng.out
+++ b/test/results/stats/default/path_of_exile.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6897
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6891
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/pfcp.pcapng.out b/test/results/stats/default/pfcp.pcapng.out
index 3e6f24bf8..dfbb250d1 100644
--- a/test/results/stats/default/pfcp.pcapng.out
+++ b/test/results/stats/default/pfcp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8377
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8371
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/pgm.pcap.out b/test/results/stats/default/pgm.pcap.out
index fc782599b..c203d45dd 100644
--- a/test/results/stats/default/pgm.pcap.out
+++ b/test/results/stats/default/pgm.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11556
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11550
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/pgsql.pcap.out b/test/results/stats/default/pgsql.pcap.out
index 23235d0dd..139359019 100644
--- a/test/results/stats/default/pgsql.pcap.out
+++ b/test/results/stats/default/pgsql.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:52
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:35501
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:35493
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/pia.pcap.out b/test/results/stats/default/pia.pcap.out
index 02e3a3bd5..12a39f703 100644
--- a/test/results/stats/default/pia.pcap.out
+++ b/test/results/stats/default/pia.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12165
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12159
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/pim.pcap.out b/test/results/stats/default/pim.pcap.out
index f96b66706..bed76ada1 100644
--- a/test/results/stats/default/pim.pcap.out
+++ b/test/results/stats/default/pim.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7317
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7311
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/pinterest.pcap.out b/test/results/stats/default/pinterest.pcap.out
index 4b2ead965..c3ffc5849 100644
--- a/test/results/stats/default/pinterest.pcap.out
+++ b/test/results/stats/default/pinterest.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:297
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:297367
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:297361
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:37
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:32
diff --git a/test/results/stats/default/pluralsight.pcap.out b/test/results/stats/default/pluralsight.pcap.out
index 9b8437306..ebe9b870d 100644
--- a/test/results/stats/default/pluralsight.pcap.out
+++ b/test/results/stats/default/pluralsight.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73347
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73341
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/pop3.pcap.out b/test/results/stats/default/pop3.pcap.out
index fc43d0bfb..a32958d14 100644
--- a/test/results/stats/default/pop3.pcap.out
+++ b/test/results/stats/default/pop3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:53
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39538
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:39530
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/pop3_stls.pcap.out b/test/results/stats/default/pop3_stls.pcap.out
index a0fd74ac2..93760e8f1 100644
--- a/test/results/stats/default/pop3_stls.pcap.out
+++ b/test/results/stats/default/pop3_stls.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13668
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13662
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/pops.pcapng.out b/test/results/stats/default/pops.pcapng.out
index 07cd48af6..c390e9635 100644
--- a/test/results/stats/default/pops.pcapng.out
+++ b/test/results/stats/default/pops.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12204
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12198
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/portable_executable.pcap.out b/test/results/stats/default/portable_executable.pcap.out
new file mode 100644
index 000000000..704bebc43
--- /dev/null
+++ b/test/results/stats/default/portable_executable.pcap.out
@@ -0,0 +1,169 @@
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18073
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:11308
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:11308
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
diff --git a/test/results/stats/default/pps.pcap.out b/test/results/stats/default/pps.pcap.out
index cea56f29d..c97b947c3 100644
--- a/test/results/stats/default/pps.pcap.out
+++ b/test/results/stats/default/pps.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:701
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:728606
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:729652
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:107
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:105
@@ -94,10 +94,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:33
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:13
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:40
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:9
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:9
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:11
diff --git a/test/results/stats/default/pptp.pcap.out b/test/results/stats/default/pptp.pcap.out
index 978045a43..52e22e789 100644
--- a/test/results/stats/default/pptp.pcap.out
+++ b/test/results/stats/default/pptp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7513
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7507
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/profinet-io-le.pcap.out b/test/results/stats/default/profinet-io-le.pcap.out
index a33174db7..10f4c8df1 100644
--- a/test/results/stats/default/profinet-io-le.pcap.out
+++ b/test/results/stats/default/profinet-io-le.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6551
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6545
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/protobuf.pcap.out b/test/results/stats/default/protobuf.pcap.out
index f7d4d1ddd..51dfa9116 100644
--- a/test/results/stats/default/protobuf.pcap.out
+++ b/test/results/stats/default/protobuf.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:47
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32576
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32562
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/protonvpn.pcap.out b/test/results/stats/default/protonvpn.pcap.out
index a89215ea5..840fecaa4 100644
--- a/test/results/stats/default/protonvpn.pcap.out
+++ b/test/results/stats/default/protonvpn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19871
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19865
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/psiphon3.pcap.out b/test/results/stats/default/psiphon3.pcap.out
index 6aeb63e8d..f1b491670 100644
--- a/test/results/stats/default/psiphon3.pcap.out
+++ b/test/results/stats/default/psiphon3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13634
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13628
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ptpv2.pcap.out b/test/results/stats/default/ptpv2.pcap.out
index 8917e4839..e26003809 100644
--- a/test/results/stats/default/ptpv2.pcap.out
+++ b/test/results/stats/default/ptpv2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16994
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16988
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/punycode-idn.pcap.out b/test/results/stats/default/punycode-idn.pcap.out
index 0b4f4a01c..9a6c20f5e 100644
--- a/test/results/stats/default/punycode-idn.pcap.out
+++ b/test/results/stats/default/punycode-idn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20074
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20068
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/quic-23.pcap.out b/test/results/stats/default/quic-23.pcap.out
index d727cfb86..4332c750d 100644
--- a/test/results/stats/default/quic-23.pcap.out
+++ b/test/results/stats/default/quic-23.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13168
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13162
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-24.pcap.out b/test/results/stats/default/quic-24.pcap.out
index 3a2f73b73..21dca8cd6 100644
--- a/test/results/stats/default/quic-24.pcap.out
+++ b/test/results/stats/default/quic-24.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12876
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12870
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-27.pcap.out b/test/results/stats/default/quic-27.pcap.out
index 0fa07dd2f..b3da5a30d 100644
--- a/test/results/stats/default/quic-27.pcap.out
+++ b/test/results/stats/default/quic-27.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16842
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16836
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-28.pcap.out b/test/results/stats/default/quic-28.pcap.out
index b38f0e8e7..9ee5e2674 100644
--- a/test/results/stats/default/quic-28.pcap.out
+++ b/test/results/stats/default/quic-28.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13270
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13264
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-29.pcap.out b/test/results/stats/default/quic-29.pcap.out
index 23517078c..8efb95641 100644
--- a/test/results/stats/default/quic-29.pcap.out
+++ b/test/results/stats/default/quic-29.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12869
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12863
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-33.pcapng.out b/test/results/stats/default/quic-33.pcapng.out
index de4bd8dc2..52bb4f7a2 100644
--- a/test/results/stats/default/quic-33.pcapng.out
+++ b/test/results/stats/default/quic-33.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14747
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14741
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-34.pcap.out b/test/results/stats/default/quic-34.pcap.out
index e9997bcdc..cc4f87319 100644
--- a/test/results/stats/default/quic-34.pcap.out
+++ b/test/results/stats/default/quic-34.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14125
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14119
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out
index a49ff2556..977107d31 100644
--- a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out
+++ b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14641
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14635
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-fuzz-overflow.pcapng.out b/test/results/stats/default/quic-fuzz-overflow.pcapng.out
index 70dae0a18..9a0efd0e6 100644
--- a/test/results/stats/default/quic-fuzz-overflow.pcapng.out
+++ b/test/results/stats/default/quic-fuzz-overflow.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8266
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8260
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-mvfst-22.pcap.out b/test/results/stats/default/quic-mvfst-22.pcap.out
index 64114c6be..d4b89adfc 100644
--- a/test/results/stats/default/quic-mvfst-22.pcap.out
+++ b/test/results/stats/default/quic-mvfst-22.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15285
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15281
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out
index e030861b7..3255df7cf 100644
--- a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10266
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10260
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-mvfst-27.pcapng.out b/test/results/stats/default/quic-mvfst-27.pcapng.out
index bde3d4e19..7bc3d5dff 100644
--- a/test/results/stats/default/quic-mvfst-27.pcapng.out
+++ b/test/results/stats/default/quic-mvfst-27.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15580
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15576
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-mvfst-exp.pcap.out b/test/results/stats/default/quic-mvfst-exp.pcap.out
index 1ccce59fa..0ea1926c6 100644
--- a/test/results/stats/default/quic-mvfst-exp.pcap.out
+++ b/test/results/stats/default/quic-mvfst-exp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15355
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15349
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic-v2.pcapng.out b/test/results/stats/default/quic-v2.pcapng.out
index 4358816c7..9d97d5e56 100644
--- a/test/results/stats/default/quic-v2.pcapng.out
+++ b/test/results/stats/default/quic-v2.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14511
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14505
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic.pcap.out b/test/results/stats/default/quic.pcap.out
index 9d5e4179a..52e2d64d3 100644
--- a/test/results/stats/default/quic.pcap.out
+++ b/test/results/stats/default/quic.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115600
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115588
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/quic046.pcap.out b/test/results/stats/default/quic046.pcap.out
index ab62bb7ee..b7ba6ec75 100644
--- a/test/results/stats/default/quic046.pcap.out
+++ b/test/results/stats/default/quic046.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12575
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12569
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_0RTT.pcap.out b/test/results/stats/default/quic_0RTT.pcap.out
index cf1720522..9cd93cd42 100644
--- a/test/results/stats/default/quic_0RTT.pcap.out
+++ b/test/results/stats/default/quic_0RTT.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20112
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20104
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/quic_cc_ack.pcapng.out b/test/results/stats/default/quic_cc_ack.pcapng.out
index 7b90ede58..9f98a7389 100644
--- a/test/results/stats/default/quic_cc_ack.pcapng.out
+++ b/test/results/stats/default/quic_cc_ack.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12110
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12104
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out
index 371032cce..e6b051206 100644
--- a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out
+++ b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12786
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12780
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out
index 267499533..529198758 100644
--- a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14576
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14570
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index 54a71bb7f..3613ce81c 100644
--- a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:667
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:941886
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:941834
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:113
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:113
diff --git a/test/results/stats/default/quic_frags_different_dcid.pcapng.out b/test/results/stats/default/quic_frags_different_dcid.pcapng.out
index d7622a37f..ac5f8de86 100644
--- a/test/results/stats/default/quic_frags_different_dcid.pcapng.out
+++ b/test/results/stats/default/quic_frags_different_dcid.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13591
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13585
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_interop_V.pcapng.out b/test/results/stats/default/quic_interop_V.pcapng.out
index d07c7a678..baa67e773 100644
--- a/test/results/stats/default/quic_interop_V.pcapng.out
+++ b/test/results/stats/default/quic_interop_V.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:471
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631383
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:631377
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:77
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:77
diff --git a/test/results/stats/default/quic_q39.pcap.out b/test/results/stats/default/quic_q39.pcap.out
index cc89659f6..45555e63c 100644
--- a/test/results/stats/default/quic_q39.pcap.out
+++ b/test/results/stats/default/quic_q39.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14826
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14820
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_q43.pcap.out b/test/results/stats/default/quic_q43.pcap.out
index c5baa4663..eef98e492 100644
--- a/test/results/stats/default/quic_q43.pcap.out
+++ b/test/results/stats/default/quic_q43.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:8
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7547
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7541
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_q46.pcap.out b/test/results/stats/default/quic_q46.pcap.out
index 7a1679a5a..5c3f9a86b 100644
--- a/test/results/stats/default/quic_q46.pcap.out
+++ b/test/results/stats/default/quic_q46.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14673
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14667
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_q46_b.pcap.out b/test/results/stats/default/quic_q46_b.pcap.out
index 380526378..cdf30824c 100644
--- a/test/results/stats/default/quic_q46_b.pcap.out
+++ b/test/results/stats/default/quic_q46_b.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11481
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11475
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_q50.pcap.out b/test/results/stats/default/quic_q50.pcap.out
index 8b8fc119d..ae2652295 100644
--- a/test/results/stats/default/quic_q50.pcap.out
+++ b/test/results/stats/default/quic_q50.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12961
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12955
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_t50.pcap.out b/test/results/stats/default/quic_t50.pcap.out
index 2e20984f3..bbdd7b69d 100644
--- a/test/results/stats/default/quic_t50.pcap.out
+++ b/test/results/stats/default/quic_t50.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15377
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15371
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quic_t51.pcap.out b/test/results/stats/default/quic_t51.pcap.out
index da88b8612..8b55720e9 100644
--- a/test/results/stats/default/quic_t51.pcap.out
+++ b/test/results/stats/default/quic_t51.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16728
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16722
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/quickplay.pcap.out b/test/results/stats/default/quickplay.pcap.out
index aedf1068d..8e4ead132 100644
--- a/test/results/stats/default/quickplay.pcap.out
+++ b/test/results/stats/default/quickplay.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:145
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:170573
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:170719
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:19
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:3
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:4
diff --git a/test/results/stats/default/radius_false_positive.pcapng.out b/test/results/stats/default/radius_false_positive.pcapng.out
index d7a9a987d..af1642904 100644
--- a/test/results/stats/default/radius_false_positive.pcapng.out
+++ b/test/results/stats/default/radius_false_positive.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11593
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11587
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/radmin3.pcapng.out b/test/results/stats/default/radmin3.pcapng.out
index 33f25c15e..af939f013 100644
--- a/test/results/stats/default/radmin3.pcapng.out
+++ b/test/results/stats/default/radmin3.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13305
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13299
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/raft.pcap.out b/test/results/stats/default/raft.pcap.out
index 0b0aaf181..a069bffec 100644
--- a/test/results/stats/default/raft.pcap.out
+++ b/test/results/stats/default/raft.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17037
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17031
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/raknet.pcap.out b/test/results/stats/default/raknet.pcap.out
index ccfd212be..8cc419b6d 100644
--- a/test/results/stats/default/raknet.pcap.out
+++ b/test/results/stats/default/raknet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:95
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:80650
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:80642
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/rdp.pcap.out b/test/results/stats/default/rdp.pcap.out
index 06e32a994..166b533c9 100644
--- a/test/results/stats/default/rdp.pcap.out
+++ b/test/results/stats/default/rdp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7478
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7472
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rdp2.pcap.out b/test/results/stats/default/rdp2.pcap.out
index 67ffcc0d1..c06e467eb 100644
--- a/test/results/stats/default/rdp2.pcap.out
+++ b/test/results/stats/default/rdp2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29548
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29538
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/rdp3.pcap.out b/test/results/stats/default/rdp3.pcap.out
index db969bd1a..1420718c0 100644
--- a/test/results/stats/default/rdp3.pcap.out
+++ b/test/results/stats/default/rdp3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7558
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7552
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/reasm_crash_anon.pcapng.out b/test/results/stats/default/reasm_crash_anon.pcapng.out
index 5ad7590be..4be719268 100644
--- a/test/results/stats/default/reasm_crash_anon.pcapng.out
+++ b/test/results/stats/default/reasm_crash_anon.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10719
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10709
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/reasm_segv_anon.pcapng.out b/test/results/stats/default/reasm_segv_anon.pcapng.out
index e42cb55a4..3a9a8dbae 100644
--- a/test/results/stats/default/reasm_segv_anon.pcapng.out
+++ b/test/results/stats/default/reasm_segv_anon.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:44
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27013
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27007
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/reddit.pcap.out b/test/results/stats/default/reddit.pcap.out
index 870d80b6f..29deba6b6 100644
--- a/test/results/stats/default/reddit.pcap.out
+++ b/test/results/stats/default/reddit.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:582
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:564378
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:564372
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:60
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:37
diff --git a/test/results/stats/default/resp.pcap.out b/test/results/stats/default/resp.pcap.out
index 266482793..a29cb812b 100644
--- a/test/results/stats/default/resp.pcap.out
+++ b/test/results/stats/default/resp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9533
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9527
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/riot.pcapng.out b/test/results/stats/default/riot.pcapng.out
index bffcaccc8..e19ef8bcf 100644
--- a/test/results/stats/default/riot.pcapng.out
+++ b/test/results/stats/default/riot.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:18
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25237
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25334
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/riotgames.pcap.out b/test/results/stats/default/riotgames.pcap.out
index fa61821e1..2d1c3761f 100644
--- a/test/results/stats/default/riotgames.pcap.out
+++ b/test/results/stats/default/riotgames.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:62
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45140
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:45118
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/rmcp.pcap.out b/test/results/stats/default/rmcp.pcap.out
index d382d4141..309a348c5 100644
--- a/test/results/stats/default/rmcp.pcap.out
+++ b/test/results/stats/default/rmcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22445
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22435
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/roblox.pcapng.out b/test/results/stats/default/roblox.pcapng.out
index 21a7d88de..790ed762e 100644
--- a/test/results/stats/default/roblox.pcapng.out
+++ b/test/results/stats/default/roblox.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:39
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43165
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43155
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/roughtime.pcap.out b/test/results/stats/default/roughtime.pcap.out
index ec8209a02..b1d4bc9c0 100644
--- a/test/results/stats/default/roughtime.pcap.out
+++ b/test/results/stats/default/roughtime.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19260
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19252
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/rsh-syslog-false-positive.pcap.out b/test/results/stats/default/rsh-syslog-false-positive.pcap.out
index 244523d5d..9658da4a6 100644
--- a/test/results/stats/default/rsh-syslog-false-positive.pcap.out
+++ b/test/results/stats/default/rsh-syslog-false-positive.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14744
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14738
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rsh.pcap.out b/test/results/stats/default/rsh.pcap.out
index 281f1032b..a7c017410 100644
--- a/test/results/stats/default/rsh.pcap.out
+++ b/test/results/stats/default/rsh.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13832
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13826
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/rsync.pcap.out b/test/results/stats/default/rsync.pcap.out
index 40b9ff5d1..0c2d4fe54 100644
--- a/test/results/stats/default/rsync.pcap.out
+++ b/test/results/stats/default/rsync.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7322
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7316
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
index f983adb06..39f25eb8f 100644
--- a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
+++ b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8241
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8235
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rtmp.pcap.out b/test/results/stats/default/rtmp.pcap.out
index ba049fe86..09dcfbd8f 100644
--- a/test/results/stats/default/rtmp.pcap.out
+++ b/test/results/stats/default/rtmp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9233
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9227
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rtp.pcapng.out b/test/results/stats/default/rtp.pcapng.out
index b604cf1eb..66a2294ec 100644
--- a/test/results/stats/default/rtp.pcapng.out
+++ b/test/results/stats/default/rtp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27803
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27795
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/rtps.pcap.out b/test/results/stats/default/rtps.pcap.out
index baa057172..4a55c9bb0 100644
--- a/test/results/stats/default/rtps.pcap.out
+++ b/test/results/stats/default/rtps.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20361
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20355
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rtsp.pcap.out b/test/results/stats/default/rtsp.pcap.out
index e61bf5bdc..b99392054 100644
--- a/test/results/stats/default/rtsp.pcap.out
+++ b/test/results/stats/default/rtsp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:65
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55816
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:55810
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rtsp_setup_http.pcapng.out b/test/results/stats/default/rtsp_setup_http.pcapng.out
index 7ad34b77d..241a41af0 100644
--- a/test/results/stats/default/rtsp_setup_http.pcapng.out
+++ b/test/results/stats/default/rtsp_setup_http.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5646
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5640
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/rx.pcap.out b/test/results/stats/default/rx.pcap.out
index 8d36a64f2..2074d8cc6 100644
--- a/test/results/stats/default/rx.pcap.out
+++ b/test/results/stats/default/rx.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:40
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33264
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:33258
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/s7comm-plus.pcap.out b/test/results/stats/default/s7comm-plus.pcap.out
index fac64a2df..431d7148f 100644
--- a/test/results/stats/default/s7comm-plus.pcap.out
+++ b/test/results/stats/default/s7comm-plus.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9495
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9489
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/s7comm.pcap.out b/test/results/stats/default/s7comm.pcap.out
index ea24b0337..29d3ba24d 100644
--- a/test/results/stats/default/s7comm.pcap.out
+++ b/test/results/stats/default/s7comm.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9520
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9514
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/safari.pcap.out b/test/results/stats/default/safari.pcap.out
index 925e27f44..840c8cba2 100644
--- a/test/results/stats/default/safari.pcap.out
+++ b/test/results/stats/default/safari.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:69
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:59779
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:59773
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/salesforce.pcap.out b/test/results/stats/default/salesforce.pcap.out
index b870cf627..d70ddf630 100644
--- a/test/results/stats/default/salesforce.pcap.out
+++ b/test/results/stats/default/salesforce.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11289
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11283
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/sccp_hw_conf_register.pcapng.out b/test/results/stats/default/sccp_hw_conf_register.pcapng.out
index ab5acac43..fa176c860 100644
--- a/test/results/stats/default/sccp_hw_conf_register.pcapng.out
+++ b/test/results/stats/default/sccp_hw_conf_register.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7621
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7615
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/sctp.cap.out b/test/results/stats/default/sctp.cap.out
index 514065faf..90f6540b3 100644
--- a/test/results/stats/default/sctp.cap.out
+++ b/test/results/stats/default/sctp.cap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9272
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9266
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/selfsigned.pcap.out b/test/results/stats/default/selfsigned.pcap.out
index 233674f83..4390e80e6 100644
--- a/test/results/stats/default/selfsigned.pcap.out
+++ b/test/results/stats/default/selfsigned.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10436
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10430
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/sflow.pcap.out b/test/results/stats/default/sflow.pcap.out
index 0389a60ba..369ba9c07 100644
--- a/test/results/stats/default/sflow.pcap.out
+++ b/test/results/stats/default/sflow.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9116
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9110
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/shadowsocks.pcap.out b/test/results/stats/default/shadowsocks.pcap.out
index 2bef3af4b..94a2d6bfc 100644
--- a/test/results/stats/default/shadowsocks.pcap.out
+++ b/test/results/stats/default/shadowsocks.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12908
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12902
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/shell.pcap.out b/test/results/stats/default/shell.pcap.out
new file mode 100644
index 000000000..8922c35ba
--- /dev/null
+++ b/test/results/stats/default/shell.pcap.out
@@ -0,0 +1,169 @@
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:35278
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:12250
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
diff --git a/test/results/stats/default/signal.pcap.out b/test/results/stats/default/signal.pcap.out
index 5b91e6783..126deaa50 100644
--- a/test/results/stats/default/signal.pcap.out
+++ b/test/results/stats/default/signal.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:175
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:160815
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:160809
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:19
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/simple-dnscrypt.pcap.out b/test/results/stats/default/simple-dnscrypt.pcap.out
index 54fbc430c..a73d005f2 100644
--- a/test/results/stats/default/simple-dnscrypt.pcap.out
+++ b/test/results/stats/default/simple-dnscrypt.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42109
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42103
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/sip.pcap.out b/test/results/stats/default/sip.pcap.out
index 5a247d7c5..defce9cbb 100644
--- a/test/results/stats/default/sip.pcap.out
+++ b/test/results/stats/default/sip.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57867
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57857
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/sip_hello.pcapng.out b/test/results/stats/default/sip_hello.pcapng.out
index 8b2b9af1c..f2b77e8dd 100644
--- a/test/results/stats/default/sip_hello.pcapng.out
+++ b/test/results/stats/default/sip_hello.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15571
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15565
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/sites.pcapng.out b/test/results/stats/default/sites.pcapng.out
index 7bee1f593..f29c2d618 100644
--- a/test/results/stats/default/sites.pcapng.out
+++ b/test/results/stats/default/sites.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:488
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:535678
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:535642
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:56
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:47
diff --git a/test/results/stats/default/skinny.pcap.out b/test/results/stats/default/skinny.pcap.out
index 5f054b795..7b510470f 100644
--- a/test/results/stats/default/skinny.pcap.out
+++ b/test/results/stats/default/skinny.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:61
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50806
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50800
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/skype-conference-call.pcap.out b/test/results/stats/default/skype-conference-call.pcap.out
index 436ca3256..454e5c7fd 100644
--- a/test/results/stats/default/skype-conference-call.pcap.out
+++ b/test/results/stats/default/skype-conference-call.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10595
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10589
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/smb_deletefile.pcap.out b/test/results/stats/default/smb_deletefile.pcap.out
index 64ca33395..20d4d56b7 100644
--- a/test/results/stats/default/smb_deletefile.pcap.out
+++ b/test/results/stats/default/smb_deletefile.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11914
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11908
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/smb_frags.pcap.out b/test/results/stats/default/smb_frags.pcap.out
index 974aee9fd..93dabc02a 100644
--- a/test/results/stats/default/smb_frags.pcap.out
+++ b/test/results/stats/default/smb_frags.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10318
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10312
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/smbv1.pcap.out b/test/results/stats/default/smbv1.pcap.out
index 4657b9472..d1d0170c8 100644
--- a/test/results/stats/default/smbv1.pcap.out
+++ b/test/results/stats/default/smbv1.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8872
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8866
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/smpp_in_general.pcap.out b/test/results/stats/default/smpp_in_general.pcap.out
index 3c50ba9a1..ce3a15b81 100644
--- a/test/results/stats/default/smpp_in_general.pcap.out
+++ b/test/results/stats/default/smpp_in_general.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7424
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7418
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/smtp-starttls.pcap.out b/test/results/stats/default/smtp-starttls.pcap.out
index 3e15f993b..e40a56bf3 100644
--- a/test/results/stats/default/smtp-starttls.pcap.out
+++ b/test/results/stats/default/smtp-starttls.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26291
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26283
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/smtp.pcap.out b/test/results/stats/default/smtp.pcap.out
index 63a97df82..fe3bef1fa 100644
--- a/test/results/stats/default/smtp.pcap.out
+++ b/test/results/stats/default/smtp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9538
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9532
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/smtps.pcapng.out b/test/results/stats/default/smtps.pcapng.out
index 413b06912..0ed20ba94 100644
--- a/test/results/stats/default/smtps.pcapng.out
+++ b/test/results/stats/default/smtps.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9321
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9315
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/snapchat.pcap.out b/test/results/stats/default/snapchat.pcap.out
index c15e2835f..9bd8bc126 100644
--- a/test/results/stats/default/snapchat.pcap.out
+++ b/test/results/stats/default/snapchat.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25012
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25006
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/snapchat_call.pcapng.out b/test/results/stats/default/snapchat_call.pcapng.out
index f075ecc96..578a08dd9 100644
--- a/test/results/stats/default/snapchat_call.pcapng.out
+++ b/test/results/stats/default/snapchat_call.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19123
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19117
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/snapchat_call_v1.pcapng.out b/test/results/stats/default/snapchat_call_v1.pcapng.out
index f7b7423ac..b7ef3f0ad 100644
--- a/test/results/stats/default/snapchat_call_v1.pcapng.out
+++ b/test/results/stats/default/snapchat_call_v1.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18212
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18206
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/snmp.pcap.out b/test/results/stats/default/snmp.pcap.out
index 91a3c9ae8..8871c5ee6 100644
--- a/test/results/stats/default/snmp.pcap.out
+++ b/test/results/stats/default/snmp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:139
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115549
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115537
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:17
diff --git a/test/results/stats/default/soap.pcap.out b/test/results/stats/default/soap.pcap.out
index ed0fc65e6..afe2a63e7 100644
--- a/test/results/stats/default/soap.pcap.out
+++ b/test/results/stats/default/soap.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27572
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27564
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/socks.pcap.out b/test/results/stats/default/socks.pcap.out
index 498537f9e..be5dcc497 100644
--- a/test/results/stats/default/socks.pcap.out
+++ b/test/results/stats/default/socks.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:36
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24629
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24621
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/softether.pcap.out b/test/results/stats/default/softether.pcap.out
index 8b4c0453b..a0b573d24 100644
--- a/test/results/stats/default/softether.pcap.out
+++ b/test/results/stats/default/softether.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:107
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91835
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:91807
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/someip-tp.pcap.out b/test/results/stats/default/someip-tp.pcap.out
index b92b7e59f..87a679903 100644
--- a/test/results/stats/default/someip-tp.pcap.out
+++ b/test/results/stats/default/someip-tp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17014
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17008
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/someip-udp-method-call.pcapng.out b/test/results/stats/default/someip-udp-method-call.pcapng.out
index 2e54c8e6f..8f5988a76 100644
--- a/test/results/stats/default/someip-udp-method-call.pcapng.out
+++ b/test/results/stats/default/someip-udp-method-call.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10038
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10032
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/someip_sd_sample.pcap.out b/test/results/stats/default/someip_sd_sample.pcap.out
index da53f1a4e..b613d9c5c 100644
--- a/test/results/stats/default/someip_sd_sample.pcap.out
+++ b/test/results/stats/default/someip_sd_sample.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6558
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6552
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/source_engine.pcap.out b/test/results/stats/default/source_engine.pcap.out
index 7bd1f461e..05b27c953 100644
--- a/test/results/stats/default/source_engine.pcap.out
+++ b/test/results/stats/default/source_engine.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:85
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68671
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:68647
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:17
diff --git a/test/results/stats/default/spotify_tcp.pcap.out b/test/results/stats/default/spotify_tcp.pcap.out
index c0d1b277a..9bf2cb50d 100644
--- a/test/results/stats/default/spotify_tcp.pcap.out
+++ b/test/results/stats/default/spotify_tcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6894
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6890
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/sql_injection.pcap.out b/test/results/stats/default/sql_injection.pcap.out
index 3ed09691d..d59a8dbe1 100644
--- a/test/results/stats/default/sql_injection.pcap.out
+++ b/test/results/stats/default/sql_injection.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11382
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11376
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/srvloc-v1.pcapng.out b/test/results/stats/default/srvloc-v1.pcapng.out
index 9e05b5607..f0d50acb2 100644
--- a/test/results/stats/default/srvloc-v1.pcapng.out
+++ b/test/results/stats/default/srvloc-v1.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8958
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8952
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/srvloc.pcap.out b/test/results/stats/default/srvloc.pcap.out
index 689b1f4a4..e260e2592 100644
--- a/test/results/stats/default/srvloc.pcap.out
+++ b/test/results/stats/default/srvloc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:3001
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2440231
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:2439419
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:621
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:621
diff --git a/test/results/stats/default/ssdp-m-search-ua.pcap.out b/test/results/stats/default/ssdp-m-search-ua.pcap.out
index 505e64248..172f0d380 100644
--- a/test/results/stats/default/ssdp-m-search-ua.pcap.out
+++ b/test/results/stats/default/ssdp-m-search-ua.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7720
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7714
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ssdp-m-search.pcap.out b/test/results/stats/default/ssdp-m-search.pcap.out
index 1f1230a07..6855b527a 100644
--- a/test/results/stats/default/ssdp-m-search.pcap.out
+++ b/test/results/stats/default/ssdp-m-search.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8402
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8396
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/ssh.pcap.out b/test/results/stats/default/ssh.pcap.out
index cf4d3d92e..334e65093 100644
--- a/test/results/stats/default/ssh.pcap.out
+++ b/test/results/stats/default/ssh.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:16
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15535
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15529
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out
index e0cf18760..490e4c97e 100644
--- a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10908
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10902
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/starcraft_battle.pcap.out b/test/results/stats/default/starcraft_battle.pcap.out
index 7bec40785..25ecb0f6a 100644
--- a/test/results/stats/default/starcraft_battle.pcap.out
+++ b/test/results/stats/default/starcraft_battle.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:383
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:296740
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:296791
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:52
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:26
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/default/steam.pcapng.out b/test/results/stats/default/steam.pcapng.out
index 8593bb541..17fca8c0d 100644
--- a/test/results/stats/default/steam.pcapng.out
+++ b/test/results/stats/default/steam.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50697
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:50691
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/default/stomp.pcapng.out b/test/results/stats/default/stomp.pcapng.out
index c1c30b43e..a2fa55aa3 100644
--- a/test/results/stats/default/stomp.pcapng.out
+++ b/test/results/stats/default/stomp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7378
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7372
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/stun.pcap.out b/test/results/stats/default/stun.pcap.out
index 55a6766c5..f08c4a4fe 100644
--- a/test/results/stats/default/stun.pcap.out
+++ b/test/results/stats/default/stun.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:89
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:76168
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:76148
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/stun_classic.pcap.out b/test/results/stats/default/stun_classic.pcap.out
index b3a8ababf..c69b033d1 100644
--- a/test/results/stats/default/stun_classic.pcap.out
+++ b/test/results/stats/default/stun_classic.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8806
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8800
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/stun_dtls_rtp.pcapng.out b/test/results/stats/default/stun_dtls_rtp.pcapng.out
index 903ef8005..4c77604b3 100644
--- a/test/results/stats/default/stun_dtls_rtp.pcapng.out
+++ b/test/results/stats/default/stun_dtls_rtp.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12223
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12217
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out b/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out
index 73a8f74d8..66d186c90 100644
--- a/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/stats/default/stun_dtls_rtp_unidir.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17361
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17355
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out
index 56bd3f0b4..e4b42e183 100644
--- a/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out
+++ b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12062
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12056
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out
index 23cea237e..b784e412b 100644
--- a/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out
+++ b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12217
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12211
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/stun_google_meet.pcapng.out b/test/results/stats/default/stun_google_meet.pcapng.out
index 9ea3dd536..c3841fe5b 100644
--- a/test/results/stats/default/stun_google_meet.pcapng.out
+++ b/test/results/stats/default/stun_google_meet.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:71
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:63366
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:63358
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/stun_msteams_unidir.pcapng.out b/test/results/stats/default/stun_msteams_unidir.pcapng.out
index a63f3fdab..5697a2984 100644
--- a/test/results/stats/default/stun_msteams_unidir.pcapng.out
+++ b/test/results/stats/default/stun_msteams_unidir.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11199
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11193
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/stun_signal.pcapng.out b/test/results/stats/default/stun_signal.pcapng.out
index dc065ae08..55f35e993 100644
--- a/test/results/stats/default/stun_signal.pcapng.out
+++ b/test/results/stats/default/stun_signal.pcapng.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:211
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:169746
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:229
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:190798
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:23
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:15
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:26
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:13408
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:16192
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:15
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:113
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:4
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:21
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:14
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:35
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:21
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:35
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
index c48afc302..44e1fef09 100644
--- a/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
+++ b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7830
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7824
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/stun_wa_call.pcapng.out b/test/results/stats/default/stun_wa_call.pcapng.out
index 478255038..7ff971c32 100644
--- a/test/results/stats/default/stun_wa_call.pcapng.out
+++ b/test/results/stats/default/stun_wa_call.pcapng.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:130
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:113256
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:132
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:115689
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
@@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:20
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:22
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:44019
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:64856
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/stun_zoom.pcapng.out b/test/results/stats/default/stun_zoom.pcapng.out
index 4d3a180f7..46488e9f5 100644
--- a/test/results/stats/default/stun_zoom.pcapng.out
+++ b/test/results/stats/default/stun_zoom.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25766
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:25760
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/syncthing.pcap.out b/test/results/stats/default/syncthing.pcap.out
index 1305d2634..988ce6564 100644
--- a/test/results/stats/default/syncthing.pcap.out
+++ b/test/results/stats/default/syncthing.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:40
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37389
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37383
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/synscan.pcap.out b/test/results/stats/default/synscan.pcap.out
index 220ab72b2..87395ba98 100644
--- a/test/results/stats/default/synscan.pcap.out
+++ b/test/results/stats/default/synscan.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7996
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6243798
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6243792
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1994
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1989
diff --git a/test/results/stats/default/syslog.pcap.out b/test/results/stats/default/syslog.pcap.out
index 734daecc3..78924cb6d 100644
--- a/test/results/stats/default/syslog.pcap.out
+++ b/test/results/stats/default/syslog.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:148
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:120580
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:120556
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:19
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:18
diff --git a/test/results/stats/default/tailscale.pcap.out b/test/results/stats/default/tailscale.pcap.out
index 349783155..bbfbe51f4 100644
--- a/test/results/stats/default/tailscale.pcap.out
+++ b/test/results/stats/default/tailscale.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10198
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10192
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/targusdataspeed_false_positives.pcap.out b/test/results/stats/default/targusdataspeed_false_positives.pcap.out
index 9c6f84657..1a72a17f0 100644
--- a/test/results/stats/default/targusdataspeed_false_positives.pcap.out
+++ b/test/results/stats/default/targusdataspeed_false_positives.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10301
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10297
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/tcp_scan.pcapng.out b/test/results/stats/default/tcp_scan.pcapng.out
index 1b420f2b3..71cf63332 100644
--- a/test/results/stats/default/tcp_scan.pcapng.out
+++ b/test/results/stats/default/tcp_scan.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:42
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30210
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:30204
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/teams.pcap.out b/test/results/stats/default/teams.pcap.out
index f187e6ec6..88c740a5a 100644
--- a/test/results/stats/default/teams.pcap.out
+++ b/test/results/stats/default/teams.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:674
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:638720
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:682
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:647764
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66
@@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:80
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:57
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:65
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:293772
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:293323
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:16
 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:317
 PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:12
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1
diff --git a/test/results/stats/default/teamspeak3.pcap.out b/test/results/stats/default/teamspeak3.pcap.out
index eb8c49c8e..5b485b49f 100644
--- a/test/results/stats/default/teamspeak3.pcap.out
+++ b/test/results/stats/default/teamspeak3.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:260
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:218572
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:218370
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/teamviewer.pcap.out b/test/results/stats/default/teamviewer.pcap.out
index d5485db52..bab2f5616 100644
--- a/test/results/stats/default/teamviewer.pcap.out
+++ b/test/results/stats/default/teamviewer.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22135
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:22129
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/telegram.pcap.out b/test/results/stats/default/telegram.pcap.out
index fa97868b8..d6fba1413 100644
--- a/test/results/stats/default/telegram.pcap.out
+++ b/test/results/stats/default/telegram.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:340
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:290997
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:290991
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:48
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:48
diff --git a/test/results/stats/default/telegram_videocall.pcapng.out b/test/results/stats/default/telegram_videocall.pcapng.out
index 7023bd2e9..fa0e7f328 100644
--- a/test/results/stats/default/telegram_videocall.pcapng.out
+++ b/test/results/stats/default/telegram_videocall.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:258
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:214813
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:215025
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:34
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:28
@@ -54,11 +54,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:1
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:23
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:19
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
@@ -87,8 +87,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:25
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
diff --git a/test/results/stats/default/telnet.pcap.out b/test/results/stats/default/telnet.pcap.out
index 94ea5b43a..9c79ad0ed 100644
--- a/test/results/stats/default/telnet.pcap.out
+++ b/test/results/stats/default/telnet.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12113
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12107
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tencent_games.pcap.out b/test/results/stats/default/tencent_games.pcap.out
index 4d4f75951..80005b70e 100644
--- a/test/results/stats/default/tencent_games.pcap.out
+++ b/test/results/stats/default/tencent_games.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26104
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26094
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/teredo.pcap.out b/test/results/stats/default/teredo.pcap.out
index 01cd6ba02..a64436eab 100644
--- a/test/results/stats/default/teredo.pcap.out
+++ b/test/results/stats/default/teredo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:33
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24813
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:24807
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/tftp.pcap.out b/test/results/stats/default/tftp.pcap.out
index 7b00f3a0b..c5adb2ac6 100644
--- a/test/results/stats/default/tftp.pcap.out
+++ b/test/results/stats/default/tftp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:50
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43169
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:43157
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/threema.pcap.out b/test/results/stats/default/threema.pcap.out
index 90b77c2a8..af1c28933 100644
--- a/test/results/stats/default/threema.pcap.out
+++ b/test/results/stats/default/threema.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:54
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37701
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:37689
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/thrift.pcap.out b/test/results/stats/default/thrift.pcap.out
index f63906d92..1230a3f6e 100644
--- a/test/results/stats/default/thrift.pcap.out
+++ b/test/results/stats/default/thrift.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:18
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26122
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26114
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tinc.pcap.out b/test/results/stats/default/tinc.pcap.out
index c919d1d12..25f883f2a 100644
--- a/test/results/stats/default/tinc.pcap.out
+++ b/test/results/stats/default/tinc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40959
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40953
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/tk.pcap.out b/test/results/stats/default/tk.pcap.out
index adb5e991e..a89232c5b 100644
--- a/test/results/stats/default/tk.pcap.out
+++ b/test/results/stats/default/tk.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16948
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16942
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/tls-appdata.pcap.out b/test/results/stats/default/tls-appdata.pcap.out
index df3a78ce6..fb7860ac9 100644
--- a/test/results/stats/default/tls-appdata.pcap.out
+++ b/test/results/stats/default/tls-appdata.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29026
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:29012
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls-esni-fuzzed.pcap.out b/test/results/stats/default/tls-esni-fuzzed.pcap.out
index 72f3c975b..491180b07 100644
--- a/test/results/stats/default/tls-esni-fuzzed.pcap.out
+++ b/test/results/stats/default/tls-esni-fuzzed.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15864
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15858
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/tls-rdn-extract.pcap.out b/test/results/stats/default/tls-rdn-extract.pcap.out
index d19bbc0a8..1932096d5 100644
--- a/test/results/stats/default/tls-rdn-extract.pcap.out
+++ b/test/results/stats/default/tls-rdn-extract.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21041
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21035
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_2_reasms.pcapng.out b/test/results/stats/default/tls_2_reasms.pcapng.out
index ae1b42ca2..1b9c288f0 100644
--- a/test/results/stats/default/tls_2_reasms.pcapng.out
+++ b/test/results/stats/default/tls_2_reasms.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11815
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11809
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_2_reasms_b.pcapng.out b/test/results/stats/default/tls_2_reasms_b.pcapng.out
index e63b22a41..46d8fcd4c 100644
--- a/test/results/stats/default/tls_2_reasms_b.pcapng.out
+++ b/test/results/stats/default/tls_2_reasms_b.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11804
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11798
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_alert.pcap.out b/test/results/stats/default/tls_alert.pcap.out
index 2bdd8e2d3..1e981d3c4 100644
--- a/test/results/stats/default/tls_alert.pcap.out
+++ b/test/results/stats/default/tls_alert.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15940
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15932
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tls_certificate_too_long.pcap.out b/test/results/stats/default/tls_certificate_too_long.pcap.out
index 5833e81c9..abf4ed616 100644
--- a/test/results/stats/default/tls_certificate_too_long.pcap.out
+++ b/test/results/stats/default/tls_certificate_too_long.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:252
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:252748
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:253372
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:35
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:24
@@ -95,7 +95,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:8
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:2
diff --git a/test/results/stats/default/tls_cipher_lens.pcap.out b/test/results/stats/default/tls_cipher_lens.pcap.out
index 2c10f9571..0431d36f2 100644
--- a/test/results/stats/default/tls_cipher_lens.pcap.out
+++ b/test/results/stats/default/tls_cipher_lens.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21465
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21459
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out
index 052360187..6efaf36b1 100644
--- a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out
+++ b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19808
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19802
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/tls_ech.pcapng.out b/test/results/stats/default/tls_ech.pcapng.out
index 22d1c534f..8d3824e98 100644
--- a/test/results/stats/default/tls_ech.pcapng.out
+++ b/test/results/stats/default/tls_ech.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10058
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10052
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_esni_sni_both.pcap.out b/test/results/stats/default/tls_esni_sni_both.pcap.out
index 4dfc19cf9..5ac9c18e6 100644
--- a/test/results/stats/default/tls_esni_sni_both.pcap.out
+++ b/test/results/stats/default/tls_esni_sni_both.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19162
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:19156
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tls_false_positives.pcapng.out b/test/results/stats/default/tls_false_positives.pcapng.out
index b38c6f622..3b4aaeb04 100644
--- a/test/results/stats/default/tls_false_positives.pcapng.out
+++ b/test/results/stats/default/tls_false_positives.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9705
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9699
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_invalid_reads.pcap.out b/test/results/stats/default/tls_invalid_reads.pcap.out
index 3b5361597..272a7035b 100644
--- a/test/results/stats/default/tls_invalid_reads.pcap.out
+++ b/test/results/stats/default/tls_invalid_reads.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17528
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17518
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/tls_long_cert.pcap.out b/test/results/stats/default/tls_long_cert.pcap.out
index ccfe09374..ad2289484 100644
--- a/test/results/stats/default/tls_long_cert.pcap.out
+++ b/test/results/stats/default/tls_long_cert.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14677
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14671
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tls_malicious_sha1.pcapng.out b/test/results/stats/default/tls_malicious_sha1.pcapng.out
index 112fdf6ff..fafd66368 100644
--- a/test/results/stats/default/tls_malicious_sha1.pcapng.out
+++ b/test/results/stats/default/tls_malicious_sha1.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11074
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:11068
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_missing_ch_frag.pcap.out b/test/results/stats/default/tls_missing_ch_frag.pcap.out
index 69cebf005..568a82199 100644
--- a/test/results/stats/default/tls_missing_ch_frag.pcap.out
+++ b/test/results/stats/default/tls_missing_ch_frag.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14627
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14621
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out
index ae1919434..82e905bdf 100644
--- a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out
+++ b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12083
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12077
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_port_80.pcapng.out b/test/results/stats/default/tls_port_80.pcapng.out
index 02dcf6404..1e248bb22 100644
--- a/test/results/stats/default/tls_port_80.pcapng.out
+++ b/test/results/stats/default/tls_port_80.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9816
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9810
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_torrent.pcapng.out b/test/results/stats/default/tls_torrent.pcapng.out
index 41ea8737e..d1fb9e4af 100644
--- a/test/results/stats/default/tls_torrent.pcapng.out
+++ b/test/results/stats/default/tls_torrent.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15057
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15051
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/tls_unidirectional.pcap.out b/test/results/stats/default/tls_unidirectional.pcap.out
index 262e3ee6a..8b1994114 100644
--- a/test/results/stats/default/tls_unidirectional.pcap.out
+++ b/test/results/stats/default/tls_unidirectional.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27002
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26994
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/tls_verylong_certificate.pcap.out b/test/results/stats/default/tls_verylong_certificate.pcap.out
index 3e7ce388f..26591b2cf 100644
--- a/test/results/stats/default/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/default/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15966
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15960
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/toca-boca.pcap.out b/test/results/stats/default/toca-boca.pcap.out
index adb0226ed..06df0bbe6 100644
--- a/test/results/stats/default/toca-boca.pcap.out
+++ b/test/results/stats/default/toca-boca.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:118
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:97740
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:97714
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:21
diff --git a/test/results/stats/default/tor.pcap.out b/test/results/stats/default/tor.pcap.out
index 20099d460..e06b9949f 100644
--- a/test/results/stats/default/tor.pcap.out
+++ b/test/results/stats/default/tor.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:166
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:117275
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:117267
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:11
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/default/tplink_shp.pcap.out b/test/results/stats/default/tplink_shp.pcap.out
index fbd3bd461..4a6339adb 100644
--- a/test/results/stats/default/tplink_shp.pcap.out
+++ b/test/results/stats/default/tplink_shp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:314
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:295308
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:295296
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/trickbot.pcap.out b/test/results/stats/default/trickbot.pcap.out
index 180f027a3..19322423a 100644
--- a/test/results/stats/default/trickbot.pcap.out
+++ b/test/results/stats/default/trickbot.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14086
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:14080
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/tumblr.pcap.out b/test/results/stats/default/tumblr.pcap.out
index fb689727f..adcae378b 100644
--- a/test/results/stats/default/tumblr.pcap.out
+++ b/test/results/stats/default/tumblr.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:329
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:283654
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:283648
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:47
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:46
diff --git a/test/results/stats/default/tunnelbear.pcap.out b/test/results/stats/default/tunnelbear.pcap.out
index 011c41d3a..71b9b47d0 100644
--- a/test/results/stats/default/tunnelbear.pcap.out
+++ b/test/results/stats/default/tunnelbear.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:193
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:171321
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:171315
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/tuya_lp.pcap.out b/test/results/stats/default/tuya_lp.pcap.out
index 23e270ce7..53bab7d9c 100644
--- a/test/results/stats/default/tuya_lp.pcap.out
+++ b/test/results/stats/default/tuya_lp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:107
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:88255
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:88249
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
diff --git a/test/results/stats/default/ubntac2.pcap.out b/test/results/stats/default/ubntac2.pcap.out
index 39fa6d90d..049388f64 100644
--- a/test/results/stats/default/ubntac2.pcap.out
+++ b/test/results/stats/default/ubntac2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32053
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32047
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:8
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:8
diff --git a/test/results/stats/default/uftp_v4_v5.pcap.out b/test/results/stats/default/uftp_v4_v5.pcap.out
index 90692308b..54635a242 100644
--- a/test/results/stats/default/uftp_v4_v5.pcap.out
+++ b/test/results/stats/default/uftp_v4_v5.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:29
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26913
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26905
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/ultrasurf.pcap.out b/test/results/stats/default/ultrasurf.pcap.out
index a72a2424f..92cfdf263 100644
--- a/test/results/stats/default/ultrasurf.pcap.out
+++ b/test/results/stats/default/ultrasurf.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:32
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46228
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:46222
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/umas.pcap.out b/test/results/stats/default/umas.pcap.out
index f9e46c690..88cfabaf5 100644
--- a/test/results/stats/default/umas.pcap.out
+++ b/test/results/stats/default/umas.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:12
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9476
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9470
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/upnp.pcap.out b/test/results/stats/default/upnp.pcap.out
index b852584c9..42122ed0d 100644
--- a/test/results/stats/default/upnp.pcap.out
+++ b/test/results/stats/default/upnp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:19
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21383
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21377
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/viber.pcap.out b/test/results/stats/default/viber.pcap.out
index bdebf3d81..d68b27dac 100644
--- a/test/results/stats/default/viber.pcap.out
+++ b/test/results/stats/default/viber.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:222
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:186421
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:186409
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:29
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:23
diff --git a/test/results/stats/default/vk.pcapng.out b/test/results/stats/default/vk.pcapng.out
index f206e5bb4..6548eeef5 100644
--- a/test/results/stats/default/vk.pcapng.out
+++ b/test/results/stats/default/vk.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:84
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:75002
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:74996
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:10
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:10
diff --git a/test/results/stats/default/vnc.pcap.out b/test/results/stats/default/vnc.pcap.out
index 92e0ffcc1..2135d24f4 100644
--- a/test/results/stats/default/vnc.pcap.out
+++ b/test/results/stats/default/vnc.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18484
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18478
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/vrrp3.pcapng.out b/test/results/stats/default/vrrp3.pcapng.out
index 7de8832a3..b3abbbece 100644
--- a/test/results/stats/default/vrrp3.pcapng.out
+++ b/test/results/stats/default/vrrp3.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:15
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10441
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:10435
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/vxlan.pcap.out b/test/results/stats/default/vxlan.pcap.out
index f401a5176..a43b50b2f 100644
--- a/test/results/stats/default/vxlan.pcap.out
+++ b/test/results/stats/default/vxlan.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:63
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:59704
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:59698
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/wa_video.pcap.out b/test/results/stats/default/wa_video.pcap.out
index 7a9a0d69f..5c57c920c 100644
--- a/test/results/stats/default/wa_video.pcap.out
+++ b/test/results/stats/default/wa_video.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:108
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:94242
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:111
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:98039
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:14
@@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:10
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:264122
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:47653
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:5
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:7
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/wa_voice.pcap.out b/test/results/stats/default/wa_voice.pcap.out
index 633b096db..c7104529e 100644
--- a/test/results/stats/default/wa_voice.pcap.out
+++ b/test/results/stats/default/wa_voice.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:217
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:188017
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:220
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:191684
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:28
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:26
@@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:18
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:21
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:34223
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:94669
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:5
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:7
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/waze.pcap.out b/test/results/stats/default/waze.pcap.out
index 875d3abd4..9a070ba2b 100644
--- a/test/results/stats/default/waze.pcap.out
+++ b/test/results/stats/default/waze.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:282
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:228975
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:229026
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:30
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:38
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:34
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/default/webdav.pcap.out b/test/results/stats/default/webdav.pcap.out
index 0d763d3dc..c67fee6ba 100644
--- a/test/results/stats/default/webdav.pcap.out
+++ b/test/results/stats/default/webdav.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7921
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7915
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/webex.pcap.out b/test/results/stats/default/webex.pcap.out
index 50f1320ea..ac3a8eb9a 100644
--- a/test/results/stats/default/webex.pcap.out
+++ b/test/results/stats/default/webex.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:422984
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:422978
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/default/websocket.pcap.out b/test/results/stats/default/websocket.pcap.out
index 7fd7fa70d..23e65df03 100644
--- a/test/results/stats/default/websocket.pcap.out
+++ b/test/results/stats/default/websocket.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7496
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7490
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/wechat.pcap.out b/test/results/stats/default/wechat.pcap.out
index 3fbbd0305..cfc4d37cd 100644
--- a/test/results/stats/default/wechat.pcap.out
+++ b/test/results/stats/default/wechat.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:888
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:774934
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:775044
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:109
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:52
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:57
diff --git a/test/results/stats/default/weibo.pcap.out b/test/results/stats/default/weibo.pcap.out
index 090423375..d2590b48f 100644
--- a/test/results/stats/default/weibo.pcap.out
+++ b/test/results/stats/default/weibo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:267
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:221068
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:221298
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:44
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:43
diff --git a/test/results/stats/default/whatsapp.pcap.out b/test/results/stats/default/whatsapp.pcap.out
index 736137fef..b33eef3d1 100644
--- a/test/results/stats/default/whatsapp.pcap.out
+++ b/test/results/stats/default/whatsapp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:751
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:562535
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:562409
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:86
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:86
diff --git a/test/results/stats/default/whatsapp_login_call.pcap.out b/test/results/stats/default/whatsapp_login_call.pcap.out
index 0222013c4..739ed8487 100644
--- a/test/results/stats/default/whatsapp_login_call.pcap.out
+++ b/test/results/stats/default/whatsapp_login_call.pcap.out
@@ -1,5 +1,5 @@
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:493
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:412024
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:496
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:416115
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:24
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:33
@@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:45
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:20
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:37
-PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:45
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:81240
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:51420
@@ -94,8 +94,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:23
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:25
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
@@ -117,7 +117,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
@@ -158,7 +158,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:17
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:19
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0
diff --git a/test/results/stats/default/whatsapp_login_chat.pcap.out b/test/results/stats/default/whatsapp_login_chat.pcap.out
index d3d88cc56..2771340ef 100644
--- a/test/results/stats/default/whatsapp_login_chat.pcap.out
+++ b/test/results/stats/default/whatsapp_login_chat.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:61
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57110
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:57104
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/whatsapp_voice_and_message.pcap.out b/test/results/stats/default/whatsapp_voice_and_message.pcap.out
index 08267d0e3..12814905e 100644
--- a/test/results/stats/default/whatsapp_voice_and_message.pcap.out
+++ b/test/results/stats/default/whatsapp_voice_and_message.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:126
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:102778
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:102772
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/whatsappfiles.pcap.out b/test/results/stats/default/whatsappfiles.pcap.out
index 19017561b..f2f395bce 100644
--- a/test/results/stats/default/whatsappfiles.pcap.out
+++ b/test/results/stats/default/whatsappfiles.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23408
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:23402
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/whois.pcapng.out b/test/results/stats/default/whois.pcapng.out
index 83b421e37..7ac108e1d 100644
--- a/test/results/stats/default/whois.pcapng.out
+++ b/test/results/stats/default/whois.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26518
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26508
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/windowsupdate_over_http.pcap.out b/test/results/stats/default/windowsupdate_over_http.pcap.out
index 1f3cb9465..805c512d1 100644
--- a/test/results/stats/default/windowsupdate_over_http.pcap.out
+++ b/test/results/stats/default/windowsupdate_over_http.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9634
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9668
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:2
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/default/wireguard.pcap.out b/test/results/stats/default/wireguard.pcap.out
index edaeb5d58..76ac59e92 100644
--- a/test/results/stats/default/wireguard.pcap.out
+++ b/test/results/stats/default/wireguard.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16913
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16905
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/wow.pcap.out b/test/results/stats/default/wow.pcap.out
index 3f3ac3811..5d0b2831b 100644
--- a/test/results/stats/default/wow.pcap.out
+++ b/test/results/stats/default/wow.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:45
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32042
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:32034
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/xdmcp.pcap.out b/test/results/stats/default/xdmcp.pcap.out
index 79e4ae82f..70c637670 100644
--- a/test/results/stats/default/xdmcp.pcap.out
+++ b/test/results/stats/default/xdmcp.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7532
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7526
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/xiaomi.pcap.out b/test/results/stats/default/xiaomi.pcap.out
index 34bb38447..ddb7113c6 100644
--- a/test/results/stats/default/xiaomi.pcap.out
+++ b/test/results/stats/default/xiaomi.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:58
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47194
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:47180
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:7
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:7
diff --git a/test/results/stats/default/xss.pcap.out b/test/results/stats/default/xss.pcap.out
index 0ea1be0e4..f31505c8f 100644
--- a/test/results/stats/default/xss.pcap.out
+++ b/test/results/stats/default/xss.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:17
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12975
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12969
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/default/yandex.pcapng.out b/test/results/stats/default/yandex.pcapng.out
index 0cc9243a8..3181248cc 100644
--- a/test/results/stats/default/yandex.pcapng.out
+++ b/test/results/stats/default/yandex.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:84
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73661
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73651
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:9
diff --git a/test/results/stats/default/yojimbo.pcap.out b/test/results/stats/default/yojimbo.pcap.out
index 8b5ed9183..45782284d 100644
--- a/test/results/stats/default/yojimbo.pcap.out
+++ b/test/results/stats/default/yojimbo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6515
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6509
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/default/youtube_quic.pcap.out b/test/results/stats/default/youtube_quic.pcap.out
index f82250a06..adc87629a 100644
--- a/test/results/stats/default/youtube_quic.pcap.out
+++ b/test/results/stats/default/youtube_quic.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:28
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38667
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:38661
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/youtubeupload.pcap.out b/test/results/stats/default/youtubeupload.pcap.out
index 9661e2d62..72c62f7c4 100644
--- a/test/results/stats/default/youtubeupload.pcap.out
+++ b/test/results/stats/default/youtubeupload.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:30
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40637
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:40631
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/default/z3950.pcapng.out b/test/results/stats/default/z3950.pcapng.out
index e96477f09..820dcb521 100644
--- a/test/results/stats/default/z3950.pcapng.out
+++ b/test/results/stats/default/z3950.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13685
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:13677
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/zabbix.pcap.out b/test/results/stats/default/zabbix.pcap.out
index 827d39256..676f56dfc 100644
--- a/test/results/stats/default/zabbix.pcap.out
+++ b/test/results/stats/default/zabbix.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:196
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:141616
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:141608
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:24
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:24
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/zattoo.pcap.out b/test/results/stats/default/zattoo.pcap.out
index f05fd8c42..87c78f7ea 100644
--- a/test/results/stats/default/zattoo.pcap.out
+++ b/test/results/stats/default/zattoo.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18076
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:18070
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/default/zoom.pcap.out b/test/results/stats/default/zoom.pcap.out
index c71c687b9..bc8b2766e 100644
--- a/test/results/stats/default/zoom.pcap.out
+++ b/test/results/stats/default/zoom.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:317
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:243590
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:243700
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:33
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:27
diff --git a/test/results/stats/default/zoom2.pcap.out b/test/results/stats/default/zoom2.pcap.out
index dd2f9576a..1896631a3 100644
--- a/test/results/stats/default/zoom2.pcap.out
+++ b/test/results/stats/default/zoom2.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:46
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42077
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:42071
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:4
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:4
diff --git a/test/results/stats/default/zoom_p2p.pcapng.out b/test/results/stats/default/zoom_p2p.pcapng.out
index 8ddb51181..384e621e6 100644
--- a/test/results/stats/default/zoom_p2p.pcapng.out
+++ b/test/results/stats/default/zoom_p2p.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:131
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:107242
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:107236
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:13
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:13
diff --git a/test/results/stats/disable_aggressiveness/ookla.pcap.out b/test/results/stats/disable_aggressiveness/ookla.pcap.out
index df26fed70..1fd620226 100644
--- a/test/results/stats/disable_aggressiveness/ookla.pcap.out
+++ b/test/results/stats/disable_aggressiveness/ookla.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:56
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44360
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:44352
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:5
diff --git a/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out b/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out
index 29c494088..b27433cfb 100644
--- a/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/disable_metadata/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16092
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16086
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out
index f9054492f..861fb5b79 100644
--- a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out
+++ b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:9
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7495
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7489
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/disable_protocols/pluralsight.pcap.out b/test/results/stats/disable_protocols/pluralsight.pcap.out
index 4b6e27da4..9a460981c 100644
--- a/test/results/stats/disable_protocols/pluralsight.pcap.out
+++ b/test/results/stats/disable_protocols/pluralsight.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:59
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73937
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:73931
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:6
diff --git a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out
index ec7cf15c3..947dd5399 100644
--- a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out
+++ b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:10
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15680
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:15676
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/disable_protocols/soap.pcap.out b/test/results/stats/disable_protocols/soap.pcap.out
index b116e0c96..bc826f6a9 100644
--- a/test/results/stats/disable_protocols/soap.pcap.out
+++ b/test/results/stats/disable_protocols/soap.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:24
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27812
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:27804
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/dns_process_response_disable/dns.pcap.out b/test/results/stats/dns_process_response_disable/dns.pcap.out
index d38e29cf8..ac5114b09 100644
--- a/test/results/stats/dns_process_response_disable/dns.pcap.out
+++ b/test/results/stats/dns_process_response_disable/dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8895
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8887
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out b/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out
index 0105ceefc..9e28d5f5f 100644
--- a/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out
+++ b/test/results/stats/dns_subclassification_and_process_response_disable/dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9203
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:9195
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/dns_subclassification_disable/dns.pcap.out b/test/results/stats/dns_subclassification_disable/dns.pcap.out
index d9127011e..4f7b55d53 100644
--- a/test/results/stats/dns_subclassification_disable/dns.pcap.out
+++ b/test/results/stats/dns_subclassification_disable/dns.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8909
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:8901
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/enable_doh_heuristic/doh.pcapng.out b/test/results/stats/enable_doh_heuristic/doh.pcapng.out
index 2168930bb..96c2bd3a3 100644
--- a/test/results/stats/enable_doh_heuristic/doh.pcapng.out
+++ b/test/results/stats/enable_doh_heuristic/doh.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:13
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12398
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:12392
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1
diff --git a/test/results/stats/enable_payload_stat/1kxun.pcap.out b/test/results/stats/enable_payload_stat/1kxun.pcap.out
index 6e6fe0e8f..6afcfc9a8 100644
--- a/test/results/stats/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/stats/enable_payload_stat/1kxun.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1558432
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1558580
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:34
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out b/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out
index 8e333887b..4076c612f 100644
--- a/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out
+++ b/test/results/stats/flow_risk_lists_disable/protonvpn.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:25
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20271
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:20265
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:3
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:3
diff --git a/test/results/stats/guessing_disable/webex.pcap.out b/test/results/stats/guessing_disable/webex.pcap.out
index bb2c7a0bb..e1e6694cb 100644
--- a/test/results/stats/guessing_disable/webex.pcap.out
+++ b/test/results/stats/guessing_disable/webex.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:500
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:427484
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:427478
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:57
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:45
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:12
diff --git a/test/results/stats/http_process_response_disable/http.pcapng.out b/test/results/stats/http_process_response_disable/http.pcapng.out
index 2a321663b..a3983425e 100644
--- a/test/results/stats/http_process_response_disable/http.pcapng.out
+++ b/test/results/stats/http_process_response_disable/http.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:11
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7793
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:7787
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out b/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out
index 2bd98e21d..8d7989e50 100644
--- a/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out
+++ b/test/results/stats/http_process_response_disable/http_asymmetric.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21304
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:21298
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/ip_lists_disable/1kxun.pcap.out b/test/results/stats/ip_lists_disable/1kxun.pcap.out
index 359b17686..6beee6e41 100644
--- a/test/results/stats/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/stats/ip_lists_disable/1kxun.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:1303
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1554523
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:1554671
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:197
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:9
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:188
@@ -95,9 +95,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:34
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:6
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:20
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
@@ -116,7 +116,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:14
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
@@ -166,4 +166,4 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
-PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:1
diff --git a/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out b/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out
index 677b4486c..176433c58 100644
--- a/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/packets_limit_per_flow/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16176
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16170
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
index 14e53726f..aa54bc4e0 100644
--- a/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/stats/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:21
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17655
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:17649
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out
index 2d7980699..7b0d9118b 100644
--- a/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out
+++ b/test/results/stats/stun_extra_dissection/stun_zoom.pcapng.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:27
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26144
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:26138
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:2
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:2
diff --git a/test/results/stats/stun_mapped_address_disabled/teams.pcap.out b/test/results/stats/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..9141a57c7
--- /dev/null
+++ b/test/results/stats/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,169 @@
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:682
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:662086
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:83
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:17
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:66
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_analyse_count" interval=60 N:16
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:80
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:65
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:293772
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:293323
+PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:29
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:16
+PUTVAL "localhost/exec-nDPIsrvd/counter-packet_flow_count" interval=60 N:317
+PUTVAL "localhost/exec-nDPIsrvd/counter-init_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-reconnect_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-shutdown_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-status_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unknown_l3_protocol" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_unsupported_datalink" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_type_unknown" interval=60 N:16
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_packet_header_invalid" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip4_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_size_smaller_than_header" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_ip6_l4_payload_detection" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_tcp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_udp_packet_too_short" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_capture_size_smaller_than_packet" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_max_flows_to_track" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/counter-error_flow_memory_alloc" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unspecified_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:20
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:11
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:27
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:19
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_conn_check_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_iot_scada_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_virt_assistant_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cybersecurity_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_adult_content_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_gambling_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_port" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial" interval=60 N:6
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_partial_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_cache" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi" interval=60 N:74
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_nbpf" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_by_ip" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_dpi_aggressive" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_custom_rule" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_confidence_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_low" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_medium" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_high" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_severe" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_critical" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_emergency" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_severity_unknown" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:83
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:42
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:40
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:83
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:80
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:12
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:2
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:33
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0
+PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_54_count" interval=60 N:0
diff --git a/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
index dc6aa8399..c4d7d55d6 100644
--- a/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16106
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16100
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
index dc6aa8399..c4d7d55d6 100644
--- a/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16106
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16100
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
index dc6aa8399..c4d7d55d6 100644
--- a/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/stats/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
 PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:14
-PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16106
+PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:16100
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:1
 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:0
diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
index d8617eabc..0a295bb22 100644
--- a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
+++ b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out
@@ -1,5 +1,5 @@
-00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449812497255265}
+00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449812497255265}
 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"}
 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -18,7 +18,7 @@
 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1449812497496479,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1449812497496479,"pkt":"ACZs0wdDACZsIyatCABFAADMboRAAEARt44KAQADCgoAARbdCvgAuIfMABcAnCESpEKabwkxCgNoKDFqLpgAEwBsAAEAWCESpEJ+6j0VqO37x7qvJhcABgAZZWEydnJwQzRKd2NqQ0YwZToyNzBlMzkzZgAAAAAlAAAAJAAEbn4A\/4AqAAgAAAAAAAAAAQAIABSRSix2Wt+JeRYEja3Dcq7w4OuHlYAoAARIzREHABIACAABzHArEqTRgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInICc="}
 01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":43,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1449812504427110}
+00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1449812504427110}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 43/43
 ~~ skipped flows.............: 0
@@ -27,8 +27,8 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5501448 bytes
-~~ total memory freed........: 5501448 bytes
+~~ total memory allocated....: 5501488 bytes
+~~ total memory freed........: 5501488 bytes
 ~~ total allocations/frees...: 85916/85916
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 591 chars
diff --git a/test/results/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stun_extra_dissection/stun_zoom.pcapng.out
index 886dab8d8..d0ff8f0ce 100644
--- a/test/results/stun_extra_dissection/stun_zoom.pcapng.out
+++ b/test/results/stun_extra_dissection/stun_zoom.pcapng.out
@@ -1,5 +1,5 @@
-00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1661169535535091}
+00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1661169535535091}
 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"}
 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
@@ -24,7 +24,7 @@
 02332{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1661169536805680}
+00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1661169536805680}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 70/70
 ~~ skipped flows.............: 0
@@ -33,10 +33,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5511410 bytes
-~~ total memory freed........: 5511410 bytes
+~~ total memory allocated....: 5511450 bytes
+~~ total memory freed........: 5511450 bytes
 ~~ total allocations/frees...: 85950/85950
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json message min len.......: 587 chars
+~~ json message min len.......: 585 chars
 ~~ json message max len.......: 2337 chars
-~~ json message avg len.......: 1435 chars
+~~ json message avg len.......: 1434 chars
diff --git a/test/results/stun_mapped_address_disabled/teams.pcap.out b/test/results/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..9fb8f854e
--- /dev/null
+++ b/test/results/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,697 @@
+00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}}
+00311{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041672611330,"packet_id":2,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041672611330}
+00385{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041672419153,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041673094451,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041673094451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1587041673094451,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041673094451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041673412435,"packet_id":4,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041673412435}
+00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00311{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041673611235,"packet_id":5,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041673611235}
+00385{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00311{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041674611244,"packet_id":6,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041674611244}
+00385{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041673094451,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587041675216685,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041675216685,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041675409077,"packet_id":8,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041675409077}
+00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041675216685,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00311{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041675611218,"packet_id":9,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041675611218}
+00385{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041675216685,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041675997451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041675997451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041675997451,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041675997451,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
+01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041675997451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041675997451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1587041676010607,"pkt":"KDc3AG3IEBMx8Tl2CABFAABfTWlAADkRcM3AqAEBwKgBBgA17Y0ASwAAzp2BgAABAAEAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQABwAwAAQABAAAACQAENHJNIQ=="}
+01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041676010607,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}}}
+00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676362386,"flow_dst_last_pkt_time":1587041676362386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676362386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1587041676362386,"flow_dst_last_pkt_time":1587041676362386,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041676362386,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676362386,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676405623,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="}
+00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676405727,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676405727,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSMoSaIgqYAQEAmVMgAAAQEICjCEl5xhBkyo"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676435900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676435900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676435900,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041676435900,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676435900,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676448366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"}
+00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676448463,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041676448463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"}
+00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041676449862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"}
+01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676448366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676449862,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676449862,"flow_dst_last_pkt_time":1587041676462228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041676462228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"}
+01551{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676464401,"flow_dst_last_pkt_time":1587041676464459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":210,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041676464459,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
+00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041676499766,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"}
+01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676405623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676499766,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676535873,"flow_dst_last_pkt_time":1587041676535853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":10509,"midstream":0,"thread_ts_usec":1587041676535873,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6449.2,"max":29755,"stddev":8827.8,"var":77930416.0,"ent":3.7,"data": [12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537]},"pktlen": {"min":40,"avg":393.9,"max":1492,"stddev":548.1,"var":300365.6,"ent":3.9,"data": [64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]},"bins": {"c_to_s": [10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0],"entropies": [4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676499766,"flow_dst_last_pkt_time":1587041676545373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676545373,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676545644,"flow_dst_last_pkt_time":1587041676545713,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041676545713,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00312{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041676611249,"packet_id":64,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041676611249}
+00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041676592590,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676612882,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676612882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041676612882,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
+00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1587041676612882,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041676642642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="}
+00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1587041676642755,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041676642755,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"}
+00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041676643404,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
+01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676642642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041676643404,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041676675374,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"}
+01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676643404,"flow_dst_last_pkt_time":1587041676675374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041676675374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":109,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041676859269,"flow_dst_last_pkt_time":1587041676859222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":23115,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041676859269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":32055.5,"max":221245,"stddev":54144.2,"var":2931591680.0,"ent":3.4,"data": [43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3]},"pktlen": {"min":52,"avg":907.9,"max":1492,"stddev":687.5,"var":472618.5,"ent":4.4,"data": [64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]},"bins": {"c_to_s": [5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0],"s_to_c": [5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0],"entropies": [4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677042751,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677042751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677042751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"}
+00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677042751,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041677088014,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="}
+00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677088160,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677088160,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"}
+00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041677088499,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677088014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677088499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677088499,"flow_dst_last_pkt_time":1587041677137230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041677137230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677243705,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677243705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041677243705,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677243705,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041677255126,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677255227,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677255227,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"}
+00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1587041677255452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="}
+01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677255126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041677255452,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1587041677255452,"flow_dst_last_pkt_time":1587041677266382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041677266382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"}
+01552{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677269406,"flow_dst_last_pkt_time":1587041677269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":6025,"midstream":0,"thread_ts_usec":1587041677269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
+02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":209,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677328754,"flow_dst_last_pkt_time":1587041677327352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041677328754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":18406.6,"max":49836,"stddev":21194.3,"var":449200096.0,"ent":3.9,"data": [45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321]},"pktlen": {"min":52,"avg":680.6,"max":1492,"stddev":673.1,"var":453031.8,"ent":4.2,"data": [64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]},"bins": {"c_to_s": [7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0],"entropies": [4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041677380886,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
+00316{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677408485,"packet_id":213,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041677408485}
+00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677380886,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1587041677422728,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041677422728,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041677611261,"packet_id":215,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041677611261}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041677422728,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678029919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678029919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041678029919,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1587041678029919,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041678074133,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1587041678074233,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041678074233,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
+00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041678074525,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01308{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678074133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041678074525,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1587041678074525,"flow_dst_last_pkt_time":1587041678120796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041678120796,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01840{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678120910,"flow_dst_last_pkt_time":1587041678120987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041678120987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041678611338,"packet_id":242,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041678611338}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":242,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041678303901,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041679059584,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
+01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041679059584,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679059584,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280602,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
+00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280602,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
+00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041679280885,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+00317{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679406816,"packet_id":246,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041679406816}
+00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041679611289,"packet_id":247,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041679611289}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041679280885,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041680062816,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
+01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041679059584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680062816,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1587041680074798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
+01208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041680074798,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"b._dns-sd._udp.ntop.org","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01024{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1587041680216814,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
+01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041680216814,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}}
+00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1587041680294054,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
+00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041680294054,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1587041680294054,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294170,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
+02041{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_usec":1587041680294649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041680294680,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041680611341,"packet_id":255,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041680611341}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041680294680,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1587041681218709,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
+01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681218709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681218709,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041681248693,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
+01109{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":257,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041681248693,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"captive.apple.com.edgekey.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}}
+00317{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681407197,"packet_id":258,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_usec":1587041681407197}
+00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":258,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041681611328,"packet_id":259,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041681611328}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":259,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041681248693,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041681714331,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
+01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681714331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714331,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041681714835,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681714835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681714835,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1587041681744695,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="}
+01115{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041681744695,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"eu-prod.asyncgw.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681745719,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681745719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681745719,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"}
+00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1587041681754842,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="}
+01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041681754842,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"eu-api.asm.skype.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681755860,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681755860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041681755860,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681745719,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681772449,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681772560,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681772560,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"}
+00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_usec":1587041681772814,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681772449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681772814,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1587041681755860,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041681786454,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1587041681786551,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041681786551,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"}
+00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1587041681786764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="}
+01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681786454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041681786764,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681802258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
+01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681772814,"flow_dst_last_pkt_time":1587041681802258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":226,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681802258,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041681819208,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPqVAAGwGiRk0cktFwKgBBgG77HsaOO33T5C5IoAQBAWJqAAAAQEIClTde4YwhKxTjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"}
+01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681786764,"flow_dst_last_pkt_time":1587041681819208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041681819208,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682076700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682076700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682076700,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682077081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682077081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682077081,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682076700,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682106830,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682106937,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682106937,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"}
+00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_usec":1587041682107386,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="}
+01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682106830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682107386,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682077081,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682108320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682108400,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682108400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"}
+00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_usec":1587041682108566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="}
+01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682108320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682108566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1587041682129643,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682129643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682129643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682139467,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
+01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":313,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682107386,"flow_dst_last_pkt_time":1587041682139467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":230,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":230,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041682139467,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"eu-prod.asyncgw.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682108566,"flow_dst_last_pkt_time":1587041682140048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682140048,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPpAAG0GvcQ0cktFwKgBBgG77H37toO2hXm6NIAQBAUeeAAAAQEIClUPdxEwhK2LFgMDF00CAABVAwNemFWQkTKZfyBaLuzO97G0quTrEm7BgPWyftzaEzJa0iBuSwAAwHf6a8yXd\/slaOSfyDbI53lK7p5dSy9A7BIMcMAwAAANAAUAAAAXAAD\/AQABAAsADnAADm0ACK8wggirMIIGk6ADAgECAhN7AATgvGLpy2Vku+GeAAAABOC8MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA1MDcxMjUwMDNaFw0yMTA1MDcxMjUwMDNaMBoxGDAWBgNVBAMMDyouYXNtLnNreXBlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSeVBZeaxVgbEF7BDFpA+N3ExF3ZQK1QrQQqA05Ko2A7Gpby+2Es8MXR3Kj2VRAX9P5YFzjF3SN5faeJJRz+j7An2iOLXkwQNkglDT6\/sjB3LbEb7T\/nzN+yIm+S8blVfyih6JM9Apu\/ik1krtvLJUniVwHJtK2\/rOjpX264mOpTx8SQf7TjiIlSs3HiDphOG0YLn3YYZ8njuADtWKju18sgzmH3TMQYaJ5rR8rrvEPgZCHNBk+XQJFexPiGtcDjF2WCQ1CKqCKZf8hKbpm8Y4TnLNUxuhK2E+6sFA1dP+E8Bm6m26cCfBNV3G7APHf8AN1YKGjnSNcO3xC9CoOmEMCAwEAAaOCBHYwggRyMIIB9wYKKwYBBAHWeQIEAgSCAecEggHjAeEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWqSYTh5AAAEAwBIMEYCIQCK9TKQMvnjt3bF9IskNoov410+TNUfrflXc+EV+7RCFQIhAOhI+FRSDv5ZevTOA7yjzgGxZ7+Vifwc2fzYuzpyLBBgAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqkmE4gAAABAMARzBFAiAiHsCLrUDabE9VESRZTt4BikyAq6rNE1j3618pfpVpCAIhALEshKOsZh7n88+DKEMN6Qrti43TvlJOQ0RAjLMbS84WAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFqkmE4gwAABAMASDBGAiEAhlim8PX4pyi\/mpblvrIKUelL3OW87784ne5SOBJO7rUCIQCJx97+HPxXSJjEZtGi1euZMJxoXD7mYyvmnAr9RyA7ngB1AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABapJhOJEAAAQDAEYwRAIgSWpW2jkU6iqzOFfqoMvHGTVxpA4qvulMcPxZZ3C6R34CIBq5beRJMDaP8rIHcokNsjMMe+YTY4GBs5JmQen9SUa+MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQU3aROfyhw35kc1iGhSMjmHtjM\/20wCwYD"}
+01518{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682140200,"flow_dst_last_pkt_time":1587041682140797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":5970,"midstream":0,"thread_ts_usec":1587041682140797,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"eu-api.asm.skype.com","tls": {"version":"TLSv1.2","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d1312h2_8b80da21ef18_b00751acaffa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","advertised_alpns":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}}
+00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_usec":1587041682143053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"}
+01108{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041682143053,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"config.teams.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682144166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682144166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682144166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682144166,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682156833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682156932,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682156932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"}
+00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_usec":1587041682157086,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="}
+01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682156833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682157086,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682157086,"flow_dst_last_pkt_time":1587041682169218,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041682169218,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"}
+01603{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":351,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041682172494,"flow_dst_last_pkt_time":1587041682172683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":5949,"midstream":0,"thread_ts_usec":1587041682172683,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041682355684,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
+01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682355684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682355684,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682369801,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682369801,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682369801,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"}
+00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1587041682370931,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"}
+01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041682370931,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"northeuropecns.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682376166,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682376166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682376166,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682369801,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682420333,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682420448,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682420448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"}
+00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041682420739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682420333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682420739,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682376166,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682423316,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682423394,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682423394,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"}
+00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1587041682423900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="}
+01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682423316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682423900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682440956,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041682440956,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682467714,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"}
+01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":392,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682423900,"flow_dst_last_pkt_time":1587041682467714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":236,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682467714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"northeurope.notifications.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682420739,"flow_dst_last_pkt_time":1587041682484937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682484937,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKdAAGwGWts0ck0hwKgBBgG77H8VHmMm9rF61YAQBAVitAAAAQEICmEGtIQwhK6s"}
+01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":417,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682557246,"flow_dst_last_pkt_time":1587041682557307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041682557307,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+00314{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1587041682611214,"packet_id":421,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1587041682611214}
+00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":421,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1587041682598222,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041682668456,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
+01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682668456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682668456,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1587041682697730,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="}
+01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041682697730,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"presence.services.sfb.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682698689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682698689,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682698689,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_usec":1587041682740607,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="}
+00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041682740607,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682740712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682740712,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682698689,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682744342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682744445,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041682744445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"}
+00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_usec":1587041682744658,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"}
+01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682744342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682744658,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_usec":1587041682745381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="}
+02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745498,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"}
+02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682740607,"flow_dst_last_pkt_time":1587041682745501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1587041682745501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"}
+02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041682792228,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU9YZAAGwG0EI0ck06wKgBBgG77IG+FZj3YAjihlAQCAQbpwAAahz3MIwwCwYDVR0PBAQDAgSwMIHfBgNVHREEgdcwgdSCIyoubm9hbS5wcmVzZW5jZS50ZWFtcy5taWNyb3NvZnQuY29tgiMqLmVtZWEucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIjKi5hcGFjLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CJSoubm9hbWRmLnByZXNlbmNlLnRlYW1zLm1pY3Jvc29mdC5jb22CHioucHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbYIccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAFfJmXOb1G3\/gkDpDClarQB6kon6qcwX4Kh295CbM2AS5Vgj29434HX0cY+Z9iv\/MTbIOmx9325DU4Jkds6+IU\/YaIPC6iJQpcE2e349x3dnDm3opekdQpM9PDa129MKr2YMPfEeN8v0qTyUuQZhGs4n0KhbSGQjx5\/B9gHGSpxe32oG49c+UQMe29vQ918eWYGlRxmosgaDo1O8G3hucKxVwq7wwZImn3rzlX2p3MvbHeLrrJ0NnlDsEaTwHS4Q6zzFHSGKHEGxwFQAn8mD1A4CEULHR5utg70c+5SvpcPBwDRulBAl1YVyuiG0lQXudeFRPjGil0p6dBb5dVHM6sDa+2bhTnT5Xrs6ALFkSOC2eT01f34o0LD\/iYJpYUBbRpunp7qdsCEujVxZR8n0k581k760zp6eOKdldSwGD2zCkU49qbfX71ampz0Sa7apdvaSE3KDX92BVUqVgQf0FXIZml2UETl7GkuJ7ywmJNZy\/VBh5fwF2G5tkeqqgUFl6Pz5ffSKavNMdYdiF0oJdwf95BiDLfhWMFAZ\/Az1Qj25O939c39zHdQmU2Gk65JAtVnlAhmcxyqDVZJv7WCLyYv8x3gCNb27V5dMzb8gu1mMtVqxF0t9OtLhe0ZVbT57TWBzaMHvBs\/e9XYiw9V9PDcm\/ctwDNyy0pJxMD8+96LUABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk"}
+01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":451,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041682744658,"flow_dst_last_pkt_time":1587041682792228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":219,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":219,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041682792228,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"presence.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":467,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041682803345,"flow_dst_last_pkt_time":1587041682803309,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":20291,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041682803345,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":27969.4,"max":152917,"stddev":40324.3,"var":1626047232.0,"ent":3.6,"data": [50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765]},"pktlen": {"min":52,"avg":819.7,"max":1492,"stddev":699.2,"var":488828.9,"ent":4.3,"data": [64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480]},"bins": {"c_to_s": [5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0],"entropies": [4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682809173,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682809173,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041682809173,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1587041682809173,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041682862686,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1587041682862738,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682862738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"}
+01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041682863165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01378{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682862686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041682863165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_158b9cf6d7fa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917091,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041682917091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"}
+01466{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041682863165,"flow_dst_last_pkt_time":1587041682917561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041682917561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_158b9cf6d7fa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":580,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041683063920,"flow_dst_last_pkt_time":1587041683109441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2687,"flow_dst_tot_l4_payload_len":6860,"midstream":0,"thread_ts_usec":1587041683109441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":25031.7,"max":201410,"stddev":47065.5,"var":2215158784.0,"ent":3.2,"data": [45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222]},"pktlen": {"min":40,"avg":340.2,"max":1492,"stddev":510.3,"var":260451.7,"ent":3.8,"data": [64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]},"bins": {"c_to_s": [11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1],"entropies": [4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1587041683142905,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="}
+01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683142905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683142905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1587041683184989,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"}
+01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041683184989,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"chatsvcagg.svcs.teams.office.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683186164,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683186164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683186164,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683186164,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683220355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683220462,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683220462,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"}
+00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041683220741,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="}
+01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683220355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683220741,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"chatsvcagg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683220741,"flow_dst_last_pkt_time":1587041683257226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683257226,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683333389,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683333389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041683333389,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1587041683333389,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041683378966,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1587041683379074,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041683379074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
+00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041683379360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683378966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041683379360,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1587041683379360,"flow_dst_last_pkt_time":1587041683430778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041683430778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":624,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683430891,"flow_dst_last_pkt_time":1587041683431072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041683431072,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":635,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511604,"flow_dst_last_pkt_time":1587041683511700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7792,"midstream":0,"thread_ts_usec":1587041683511700,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20999.2,"max":115070,"stddev":31123.6,"var":968681216.0,"ent":3.5,"data": [34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185]},"pktlen": {"min":52,"avg":377.2,"max":1492,"stddev":521.7,"var":272149.2,"ent":3.9,"data": [64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]},"bins": {"c_to_s": [11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1587041684291077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
+01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684291077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684291077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1587041684304618,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="}
+01113{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":665,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041684304618,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"substrate.office.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684306115,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684306115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041684306115,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1587041684306115,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041684317619,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1587041684317725,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041684317725,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
+00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1587041684317987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="}
+01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684317619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041684317987,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1587041684317987,"flow_dst_last_pkt_time":1587041684329497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041684329497,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"}
+02062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":677,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684362150,"flow_dst_last_pkt_time":1587041684362335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":4396,"midstream":0,"thread_ts_usec":1587041684362335,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"substrate.office.com","tls": {"version":"TLSv1.2","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}}
+02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":697,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041684314927,"flow_dst_last_pkt_time":1587041684501131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1329,"flow_dst_tot_l4_payload_len":7087,"midstream":0,"thread_ts_usec":1587041684501131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":146055.7,"max":2009785,"stddev":489503.9,"var":239614050304.0,"ent":1.7,"data": [12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632]},"pktlen": {"min":40,"avg":305.2,"max":1492,"stddev":468.1,"var":219152.8,"ent":3.8,"data": [64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]},"bins": {"c_to_s": [9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":702,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041684950374,"flow_dst_last_pkt_time":1587041684410372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":3472,"flow_dst_tot_l4_payload_len":5797,"midstream":0,"thread_ts_usec":1587041684950374,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":24145.7,"max":539594,"stddev":94604.1,"var":8949939200.0,"ent":1.9,"data": [11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314]},"pktlen": {"min":40,"avg":331.5,"max":1492,"stddev":473.5,"var":224192.2,"ent":3.9,"data": [64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]},"bins": {"c_to_s": [9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0],"entropies": [4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1587041685090830,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
+01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685090830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685090830,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685091534,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="}
+01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685091534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685091534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041685092516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="}
+01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685092516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685092516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1587041685093044,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
+01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685093044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685093044,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_usec":1587041685104871,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="}
+01122{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041685104871,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}}
+00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1587041685105349,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="}
+01123{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":721,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041685105349,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685106192,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685106192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685106192,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"}
+00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1587041685127636,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"}
+01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":723,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041685127636,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"api.flightproxy.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}}
+00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1587041685136892,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="}
+01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":728,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041685136892,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"euaz.tr.teams.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685171649,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"}
+01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685171649,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685171649,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1587041685185131,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="}
+01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":730,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041685185131,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"outlook.office.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685232231,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685232231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685232231,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685240465,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685240465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685240465,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1587041685243104,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"}
+01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685243104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685243104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685248604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685248604,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685248604,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"}
+00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685251950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685251950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685251950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685240465,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685253368,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685253460,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685253460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"}
+00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1587041685253933,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685253368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685253933,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1587041685256108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="}
+01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":744,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041685256108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skypedataprdcolneu04.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685106192,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685261856,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685261955,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685261955,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"}
+00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_usec":1587041685262299,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685261856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685262299,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685253933,"flow_dst_last_pkt_time":1587041685265739,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041685265739,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"}
+01682{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":755,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685269429,"flow_dst_last_pkt_time":1587041685269476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":5936,"midstream":0,"thread_ts_usec":1587041685269476,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"config.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685232231,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685278616,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685278702,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685278702,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"}
+00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041685278900,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685278616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685278900,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685251950,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685280598,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685280662,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685280662,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"}
+00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041685281210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
+01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685280598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685281210,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685248604,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041685294102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685294163,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685294163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"}
+00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041685294436,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685294102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685294436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685312634,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"}
+01274{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":777,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685281210,"flow_dst_last_pkt_time":1587041685312634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041685312634,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685278900,"flow_dst_last_pkt_time":1587041685327366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685327366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa5AAGwGXDQ0ck0hwKgBBgG77IgacWa\/co2UYoAQBAV+ZwAAAQEICmEe3EYwhLlzFgMDEGYCAABRAwNemFWVd4ONVISrGBzenOh1wz59KlhffXpAp\/SRVzeitiAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sf8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
+01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685327559,"flow_dst_last_pkt_time":1587041685327736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041685327736,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685294436,"flow_dst_last_pkt_time":1587041685350456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685350456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"}
+01841{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":805,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041685350807,"flow_dst_last_pkt_time":1587041685350857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":6079,"midstream":0,"thread_ts_usec":1587041685350857,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685262299,"flow_dst_last_pkt_time":1587041685419490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041685419490,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjN5AAG0Gdfg0cg8twKgBBgG77IfA1AaSAv0PYlAQCARVFQAAFgMDF0UCAABVAwNemFWVsa3S0qCCJCKRvR5FvfRm4ku4Wp9dZjR4sGYcKSB2HAAAgvc9nFx0wNSQ+kfvV9B0Mq9ipN+Lt19U\/tPHHsAwAAANAAUAAAAXAAD\/AQABAAsADkgADkUACIcwggiDMIIGa6ADAgECAhMgAA1\/5iyI2CMUD4FHAAAADX\/mMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMjAeFw0xOTExMjkxNzU3NThaFw0yMTExMjkxNzU3NThaMCgxJjAkBgNVBAMMHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcimDO37qOiITdGLLSgRk4SNqeQiChf5fToMO+7e1Qw4j4NVAURrkRlqOSwosi6x2ool0Qjlt5bANU2A7E0ubHR6fs+J4y2vgrsv41S7Ao\/UxdKklkG0wgp+paNcl2enqs+JFcPVtFPe+T+pnY6IZUpOziGi8NLx\/K2NG5xSvrdawVpY5vXRxXKsvLFIAdaJQozyWf9lCNbt+4C0IVl2Ep7N5bp06LVMZktn1YAjolqeEl3RQ6hM3GKceom5l4hpyP43E\/dTe3eLNBfmO8cDd9p8HlGVSrgjhKz1wuJWFoWgHTgDnVBSZVB7t78lIFlze4qLsPX90PfKUlmjF\/zIQIDAQABo4IEQDCCBDwwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbrhZJv4AAAQDAEcwRQIhALfHXTClbVL1ZG3BQH+fsd9EVlnIhlrRTh9b\/BWQkqOPAiArDlgg99bYekywwY8T40DyNspZOTZKKrpABVWSIcE7CwB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbrhZJyYAAAQDAEgwRgIhAJuNw4ivK3DXIXmUE+m57QEHF+rXHdB72ZviRwQ9s+0GAiEA9kNgaFnkw8l1xiyZdSGjaIfmqNZ4qpxCiXwbbmlDWu4AdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW64WScNAAAEAwBIMEYCIQDmc93n7UJEyvvIddsbJMxC7aPmS7n2Z\/C8vjlA2j\/H8AIhAP0Hy\/4XLfkD3pYHuzfG85l40mxoPZVRGXbh3zqAj+miMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUdTnCFCgplfnCaQOBNT9YTfK9XfMwCwYDVR0PBAQDAgSwMFsGA1UdEQRUMFKCHSoudHJvdXRlci50ZWFtcy5taWNyb3NvZnQuY29tgg1nby50cm91dGVyLmlvghEqLmRyaXAudHJvdXRlci5pb4IPKi5kYy50cm91dGVyLmlvMIGsBgNVHR8EgaQwgaEw"}
+01716{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":830,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685420065,"flow_dst_last_pkt_time":1587041685420103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":5962,"midstream":0,"thread_ts_usec":1587041685420103,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"trouter2-asse-a.trouter.teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}}
+02339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685469669,"flow_dst_last_pkt_time":1587041685469973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":15976,"midstream":0,"thread_ts_usec":1587041685469973,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":14797.2,"max":153955,"stddev":35697.7,"var":1274323968.0,"ent":2.8,"data": [12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243]},"pktlen": {"min":40,"avg":585.7,"max":1492,"stddev":671.4,"var":450756.0,"ent":4.0,"data": [64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]},"bins": {"c_to_s": [10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":920,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685984732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685984732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041685984732,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1587041685984732,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041685996890,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1587041685996986,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041685996986,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"}
+00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1587041685997296,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":923,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041685996890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041685997296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1587041685997296,"flow_dst_last_pkt_time":1587041686008515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1587041686008515,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"}
+01632{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":931,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686010918,"flow_dst_last_pkt_time":1587041686010988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1587041686010988,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"teams.microsoft.com","tls": {"version":"TLSv1.2","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}}
+00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":945,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686239545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686239545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686239545,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"}
+00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686239545,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686288146,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686288255,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686288255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
+00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041686288562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686288146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686288562,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686339149,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
+01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":949,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686288562,"flow_dst_last_pkt_time":1587041686339149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041686339149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02323{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":976,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686541501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041686542441,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19511.4,"max":52987,"stddev":22191.7,"var":492470496.0,"ent":3.9,"data": [48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111]},"pktlen": {"min":52,"avg":640.9,"max":1492,"stddev":667.9,"var":446080.7,"ent":4.1,"data": [64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]},"bins": {"c_to_s": [9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0],"entropies": [4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1587041686659283,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
+00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686659283,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
+00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":982,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686889381,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686889381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041686889381,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"}
+00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1587041686889381,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041686918390,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1587041686918473,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041686918473,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"}
+00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_usec":1587041686919156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
+01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":988,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686918390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041686919156,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1587041686919156,"flow_dst_last_pkt_time":1587041686950659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041686950659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"}
+01848{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":995,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041686950934,"flow_dst_last_pkt_time":1587041686950999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":1587041686950999,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"login.microsoftonline.com","tls": {"version":"TLSv1.2","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687245112,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687245112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687245112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687245112,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687293530,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687293639,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687293639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"}
+00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687294098,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+01310{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687294098,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687294098,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1587041687370480,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
+01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687370480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687370480,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687382278,"flow_dst_last_pkt_time":1587041687293530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1587041687382278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmY0wAAAQEICjCEwWdg9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
+00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687427043,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041687427043,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETBAAEARZ+HAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJGRMVEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_usec":1587041687435320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
+01102{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1022,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041687435320,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"api.microsoftstream.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1023,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687436782,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687436782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687436782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687436782,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687466298,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687466398,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687466398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
+00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_usec":1587041687466635,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="}
+01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1026,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687466298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687466635,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687466635,"flow_dst_last_pkt_time":1587041687512045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687512045,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"}
+01842{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1047,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687544052,"flow_dst_last_pkt_time":1587041687544137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":206,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":4203,"midstream":0,"thread_ts_usec":1587041687544137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"mobile.pipe.aria.microsoft.com","tls": {"version":"TLSv1.2","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}}
+02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1079,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041687725655,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18634.2,"max":125561,"stddev":31723.1,"var":1006353792.0,"ent":3.4,"data": [29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561]},"pktlen": {"min":52,"avg":345.2,"max":1492,"stddev":499.9,"var":249913.2,"ent":3.9,"data": [64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]},"bins": {"c_to_s": [12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0],"s_to_c": [2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0],"entropies": [4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995]},"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1587041687731296,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
+01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687731296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687731296,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1587041687745080,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"}
+01109{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1081,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041687745080,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"euno-1.api.microsoftstream.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1082,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687745932,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687745932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041687745932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"}
+02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1085,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041687718851,"flow_dst_last_pkt_time":1587041687768506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17623,"flow_dst_tot_l4_payload_len":4254,"midstream":0,"thread_ts_usec":1587041687768506,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32165.6,"max":161774,"stddev":44327.4,"var":1964919296.0,"ent":3.6,"data": [48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749]},"pktlen": {"min":52,"avg":736.7,"max":1492,"stddev":694.0,"var":481656.1,"ent":4.2,"data": [64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52]},"bins": {"c_to_s": [5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0],"s_to_c": [8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1],"entropies": [4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1587041687745932,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041687789261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1587041687789367,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041687789367,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
+00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"thread_ts_usec":1587041687789561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="}
+01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687789261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":221,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":221,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041687789561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"euno-1.api.microsoftstream.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1587041687789561,"flow_dst_last_pkt_time":1587041687835274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041687835274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1587041690880711,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
+01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1138,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690880711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690880711,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_usec":1587041690915102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="}
+01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1139,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041690915102,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"dc.applicationinsights.microsoft.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1140,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690916341,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690916341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041690916341,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"}
+00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1587041690916341,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041690946470,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1587041690946579,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041690946579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"}
+00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041690946965,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
+01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1143,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690946470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041690946965,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041690980253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
+01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1144,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041690946965,"flow_dst_last_pkt_time":1587041690980253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041690980253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1159,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1587041691075869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
+01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691075869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691075869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041691148968,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="}
+01124{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1162,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041691148968,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"emea.ng.msg.teams-msgapi.trafficmanager.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1163,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691149774,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691149774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041691149774,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"}
+00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1587041691149774,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041691168973,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1587041691169076,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041691169076,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
+00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1587041691169247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"}
+01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691168973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041691169247,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041691190981,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"}
+01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1167,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691169247,"flow_dst_last_pkt_time":1587041691190981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041691190981,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"emea.ng.msg.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","ja4":"t12d1311h2_8b80da21ef18_77989cba1f4a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}}
+02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1195,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691305451,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041691582252,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":18972.7,"max":276869,"stddev":49493.9,"var":2449644032.0,"ent":2.9,"data": [19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869]},"pktlen": {"min":52,"avg":370.2,"max":1492,"stddev":512.1,"var":262257.7,"ent":3.9,"data": [64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]},"bins": {"c_to_s": [11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1],"entropies": [4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+02191{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1208,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041682938651,"flow_dst_last_pkt_time":1587041692001418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2113,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041692001418,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":328636.7,"max":8978171,"stddev":1582353.1,"var":2503841415168.0,"ent":0.8,"data": [47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7]},"pktlen": {"min":40,"avg":339.2,"max":1492,"stddev":486.1,"var":236250.5,"ent":3.9,"data": [64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]},"bins": {"c_to_s": [10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1],"entropies": [4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692419649,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041692419649,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETFAAEARZ+DAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPmTDokAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
+00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041692528594,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1587041692528594,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528684,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692528684,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
+00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692528594,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587041692528752,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692578366,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cMxAADIGTLOXCzKLwKgBBgiu1d6yibeDw8sj14AQAfXhSgAAAQEICnMgXxEwhNVF"}
+00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692808980,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692808980,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041692808980,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
+00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1587041692808980,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041692880898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1587041692880999,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692880999,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
+01262{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1587041692881339,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692880898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041692881339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","ja4":"t13d5713h2_131602cb7446_158b9cf6d7fa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692951911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041692951911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"}
+01467{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1226,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041692881339,"flow_dst_last_pkt_time":1587041692953141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":152,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":152,"midstream":0,"thread_ts_usec":1587041692953141,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"dati.ntop.org","tls": {"version":"TLSv1.2","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","ja4":"t13d5713h2_131602cb7446_158b9cf6d7fa","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":977,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":977,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693428391,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+01860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693428391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_usec":1587041693428391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693474528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693474528,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
+00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
+00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1587041693517336,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="}
+01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1587041693530810,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="}
+01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1241,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041693530810,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693561382,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693561493,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693561493,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"}
+00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693561676,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693561382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693561676,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693572678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693572678,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="}
+00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693576546,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
+00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
+00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
+01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
+02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
+01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"}
+00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1587041693628756,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
+01313{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693628756,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
+00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
+01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
+00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
+00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
+00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+02509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"}
+01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
+00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693711026,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
+01012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1299,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693711026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":">??i)?<????????????r"}}
+00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693714142,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
+00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693711026,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693756239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
+00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693763689,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
+01012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1308,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693714142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1587041693763689,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"s?>?ed???[??+ez4???m"}}
+00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693763689,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693808734,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693828302,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693828302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693828302,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
+00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693849498,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693849498,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693849498,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"}
+00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693828302,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693869354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693869423,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693869423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"}
+00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693869663,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693869354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693869663,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693849498,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693893017,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693893121,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693893121,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"}
+00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041693893319,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693893017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693893319,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693869663,"flow_dst_last_pkt_time":1587041693912361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693912361,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
+01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1336,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041693913259,"flow_dst_last_pkt_time":1587041693913604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693913604,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.152","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
+02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693893319,"flow_dst_last_pkt_time":1587041693937910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693937910,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
+01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041693938156,"flow_dst_last_pkt_time":1587041693938382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":6126,"midstream":0,"thread_ts_usec":1587041693938382,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"52.114.250.153","tls": {"version":"TLSv1.2","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","ja4":"t12i220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}}
+00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1371,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694219802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694219802,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041694219802,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1587041694221137,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="}
+01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1372,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694221137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694221137,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1587041694234511,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="}
+01117{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1373,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041694234511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"c-flightproxy-euno-01-teams.cloudapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
+00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1587041694219802,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041694262764,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1587041694262870,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041694262870,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
+00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1587041694263191,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1378,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694262764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041694263191,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041694308351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"}
+01334{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1380,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="}
+01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="}
+01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="}
+00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
+00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330389,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMX9EAAEARjM3AqAEGXUduzcN0P80AeEAgAAEAXCESpEJvsFtMkRg8G\/ztdLwABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUIVL6+UU6k643kpe64\/MzitD9Q4eAKAAEwjOytg=="}
+00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381451,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsaPwAAEARIBfAqAEGNHL6jcNgDZYBGBOdAAQA\/CESpEIsNFIeR67x\/KSTudUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg7sRmb8sPDDsK8L9wIx7c4\/un3a7csABeHu5jm1wMzFk="}
+01134{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1413,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381451,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
+00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695381585,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
+01134{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1414,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695381585,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
+00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389155,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
+01013{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695381451,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389155,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"?n???z`?s????}??d??]"}}
+00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1587041695389378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
+01013{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1417,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041695381585,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1587041695389378,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"<??a????h (?\/??????"}}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695406639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0Bd0AADUR8dldR27NwKgBBj\/Mw2AAYJiUAQEARCESpEL9LF5WbGc54yQwO\/eAcAAEAAAABwAgAAgAAcHVcadqCoA3AAQAAAACgDYABAAAAAEACAAUfLZK4Jp9GCnUwepSRXJ0QYfNKUiAKAAEeKXxaw=="}
+00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
+00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
+01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="}
+01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="}
+00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="}
+00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="}
+00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695433232,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695433232,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIB74AAEARgX3AqAEGNHL6icN0DZYA9JXXAAQA2CESpEJpchKVO4fonPIh+aAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAWAEBAEQhEqRCU+T1MUCwjYYr45mggHAABAAAAAcAIAAIAAEe33xVyo+ANwAEAAAAAoA2AAQAAAABAAgAFKSOPm9ycNiS3mJyX4fapy4vEu1\/gCgABIqjvoYACAAg+pL5K0Lk7MyR0ZqbhlMFnDsKGKI3TTZKmRHPJasNnPQ="}
+00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695433333,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="}
+00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695433459,"flow_dst_last_pkt_time":1587041695389378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695433459,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsR2QAAEARQbPAqAEGNHL6icN0DZYBGOj5AAQA\/CESpELTjfKyZNTNUCzFgVAADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAgUB2ZPqsXXGYjBv8pRG+HEjCK6R8QdiEsnAYTs3tf1IE="}
+02314{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1429,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693824623,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041695435566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":71850.4,"max":1566873,"stddev":274680.6,"var":75449425920.0,"ent":1.9,"data": [44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873]},"pktlen": {"min":40,"avg":256.9,"max":1492,"stddev":427.0,"var":182315.3,"ent":3.7,"data": [64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]},"bins": {"c_to_s": [15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1],"entropies": [4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586059,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1435,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695586059,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695586146,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+01229{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695586146,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":224,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695586146,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890424,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890424,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695890513,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695890513,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194345,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194345,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMXPIAAEARmxTAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_src_last_pkt_time":1587041696194432,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696194432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMFBgAAEAR4+7AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498337,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMrv0AAEARSQnAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
+00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695406639,"flow_dst_last_pkt_time":1587041696498551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498551,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQu2oAAEARMTDAqAEGXUduzcNgP8wAfBKsAAEAYCESpEKyalJ26c+bCI1C0PUABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFNd7wOvI0gzaWL0JHAJmvaCW1OcegCgABLiDaXI="}
+00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":5,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041696498651,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMPIAAAEARu4bAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
+00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041696498784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1587041696498784,"pkt":"EBMx8Tl2KDc3AG3ICABFAACQSB8AAEARpHvAqAEGXUduzcN0P80AfNVTAAEAYCESpEKDWwnX0gcAJk8k2boABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAlAAAAJAAEbv\/+\/4A3AAQAAAACAAgAFPLvVpmLRoXR+XSjZzwE+pIZjkn7gCgABO2z0lM="}
+00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697061972,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697061972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041697061972,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
+00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697061972,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1587041697091344,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
+00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1587041697091452,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041697091452,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
+00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_usec":1587041697092026,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
+01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697091344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697092026,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041697123566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
+01263{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1459,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697092026,"flow_dst_last_pkt_time":1587041697123566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1587041697123566,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"gate.hockeyapp.net","tls": {"version":"TLSv1.2","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","ja4":"t12d2010h2_2a284e3b0c56_f05fdf8c38a9","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041693756239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697617344,"pkt":"EBMx8Tl2KDc3AG3ICABFAADW2xEAAEARrlfAqAEGNHL6jcNhDZYAwt8iAAMApiESpEINQAd8TvBOvXDWMxoADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABQ+mj9JKfg8kAiQ47rNqp++2YC3UgAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAILegjOD1prOmcIML6MAq3Q5voM\/8\/Vbx8\/OHsgTOe6Dx"}
+00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697660621,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
+00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1490,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697660621,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041697660621,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.321296}}
+00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041693808734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1587041697668978,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1587041697673040,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="}
+02366{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1528,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041697913583,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4324,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041697913583,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":160381.3,"max":1168245,"stddev":365653.3,"var":133702352896.0,"ent":2.7,"data": [24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257]},"pktlen": {"min":66,"avg":253.4,"max":1242,"stddev":374.4,"var":140199.2,"ent":4.0,"data": [140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]},"bins": {"c_to_s": [0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041693828302,"flow_src_last_pkt_time":1587041694047808,"flow_dst_last_pkt_time":1587041694047695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":6363,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041695435668,"flow_dst_last_pkt_time":1587041695435566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041694243274,"flow_dst_last_pkt_time":1587041694243144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":477,"flow_dst_tot_l4_payload_len":6361,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1587041697660621,"flow_src_last_pkt_time":1587041697673040,"flow_dst_last_pkt_time":1587041697660621,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01242{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1587041693849498,"flow_src_last_pkt_time":1587041697722873,"flow_dst_last_pkt_time":1587041697765326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":235,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":817,"flow_dst_tot_l4_payload_len":6541,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1587041676435900,"flow_src_last_pkt_time":1587041676536132,"flow_dst_last_pkt_time":1587041676536089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":11864,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1587041677243705,"flow_src_last_pkt_time":1587041677286941,"flow_dst_last_pkt_time":1587041677286365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2950,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1587041682144166,"flow_src_last_pkt_time":1587041685098215,"flow_dst_last_pkt_time":1587041685098126,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1754,"flow_dst_tot_l4_payload_len":7280,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01150{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1587041685240465,"flow_src_last_pkt_time":1587041685471822,"flow_dst_last_pkt_time":1587041685471619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1082,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1426,"flow_dst_tot_l4_payload_len":28998,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":13,"flow_first_seen":1587041685984732,"flow_src_last_pkt_time":1587041686156488,"flow_dst_last_pkt_time":1587041686156402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":900,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1750,"flow_dst_tot_l4_payload_len":6374,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Skype_Teams","proto_by_ip_id":125,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01246{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041696498337,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1587041687745932,"flow_src_last_pkt_time":1587041687963041,"flow_dst_last_pkt_time":1587041687962963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2098,"flow_dst_tot_l4_payload_len":7352,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714835,"flow_src_last_pkt_time":1587041681714835,"flow_dst_last_pkt_time":1587041681744695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01246{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041696498651,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685092516,"flow_src_last_pkt_time":1587041685092516,"flow_dst_last_pkt_time":1587041685105349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041680216814,"flow_src_last_pkt_time":1587041680216814,"flow_dst_last_pkt_time":1587041680216814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":355,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":355,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":355,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685090830,"flow_src_last_pkt_time":1587041685090830,"flow_dst_last_pkt_time":1587041685136892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681714331,"flow_src_last_pkt_time":1587041681714331,"flow_dst_last_pkt_time":1587041681754842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":140,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01136{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":28,"flow_first_seen":1587041676362386,"flow_src_last_pkt_time":1587041677034491,"flow_dst_last_pkt_time":1587041677077119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":55346,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01136{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":13,"flow_first_seen":1587041677042751,"flow_src_last_pkt_time":1587041677329010,"flow_dst_last_pkt_time":1587041677375849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":15383,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01131{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1587041678029919,"flow_src_last_pkt_time":1587041678260705,"flow_dst_last_pkt_time":1587041678303901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7350,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681745719,"flow_src_last_pkt_time":1587041681895434,"flow_dst_last_pkt_time":1587041681895339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":623,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":6679,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1587041681755860,"flow_src_last_pkt_time":1587041681908691,"flow_dst_last_pkt_time":1587041681908585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":6653,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682355684,"flow_src_last_pkt_time":1587041682355684,"flow_dst_last_pkt_time":1587041682370931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1587041682076700,"flow_src_last_pkt_time":1587041682204478,"flow_dst_last_pkt_time":1587041682204431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":7425,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1587041682077081,"flow_src_last_pkt_time":1587041682212323,"flow_dst_last_pkt_time":1587041682212216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":7371,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":67,"flow_dst_packets_processed":40,"flow_first_seen":1587041682369801,"flow_src_last_pkt_time":1587041683043372,"flow_dst_last_pkt_time":1587041683086074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":81655,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1587041682376166,"flow_src_last_pkt_time":1587041692020857,"flow_dst_last_pkt_time":1587041692106644,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1060,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":7396,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1587041682698689,"flow_src_last_pkt_time":1587041691929361,"flow_dst_last_pkt_time":1587041691929326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4886,"flow_dst_tot_l4_payload_len":9530,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":15,"flow_first_seen":1587041683186164,"flow_src_last_pkt_time":1587041683511746,"flow_dst_last_pkt_time":1587041683511702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2582,"flow_dst_tot_l4_payload_len":7830,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01133{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1587041683333389,"flow_src_last_pkt_time":1587041683605577,"flow_dst_last_pkt_time":1587041683650246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":10847,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041685106192,"flow_src_last_pkt_time":1587041685981024,"flow_dst_last_pkt_time":1587041685980991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1339,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":7160,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01132{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1587041685232231,"flow_src_last_pkt_time":1587041685846969,"flow_dst_last_pkt_time":1587041685890013,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4906,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":13,"flow_first_seen":1587041685248604,"flow_src_last_pkt_time":1587041688035601,"flow_dst_last_pkt_time":1587041688035530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4661,"flow_dst_tot_l4_payload_len":7035,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1587041686239545,"flow_src_last_pkt_time":1587041686542441,"flow_dst_last_pkt_time":1587041686589907,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":14115,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01137{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":14,"flow_first_seen":1587041687245112,"flow_src_last_pkt_time":1587041688014105,"flow_dst_last_pkt_time":1587041688061175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":17654,"flow_dst_tot_l4_payload_len":4699,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
+01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":14,"flow_first_seen":1587041691149774,"flow_src_last_pkt_time":1587041691582349,"flow_dst_last_pkt_time":1587041691582252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":994,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2028,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041695898012,"flow_dst_last_pkt_time":1587041695993731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":649,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":6669,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative"}}
+00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041697427096,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1674,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280602,"flow_src_last_pkt_time":1587041679280602,"flow_dst_last_pkt_time":1587041679280602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1587041673094451,"flow_src_last_pkt_time":1587041677380886,"flow_dst_last_pkt_time":1587041673094451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041684291077,"flow_src_last_pkt_time":1587041684291077,"flow_dst_last_pkt_time":1587041684304618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":172,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1587041684306115,"flow_src_last_pkt_time":1587041685465859,"flow_dst_last_pkt_time":1587041685465767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":6160,"flow_dst_tot_l4_payload_len":8327,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685243104,"flow_src_last_pkt_time":1587041685243104,"flow_dst_last_pkt_time":1587041685256108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01130{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1587041682809173,"flow_src_last_pkt_time":1587041688135097,"flow_dst_last_pkt_time":1587041688190082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":1226,"flow_src_tot_l4_payload_len":1523,"flow_dst_tot_l4_payload_len":1409,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
+00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}}
+01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00890{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
+00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682129643,"flow_src_last_pkt_time":1587041682129643,"flow_dst_last_pkt_time":1587041682143053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":162,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":162,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":7,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041698021081,"flow_dst_last_pkt_time":1587041697668816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1214,"flow_dst_max_l4_payload_len":1214,"flow_src_tot_l4_payload_len":4692,"flow_dst_tot_l4_payload_len":2890,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041696574201,"flow_dst_last_pkt_time":1587041697619539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":424,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685091534,"flow_src_last_pkt_time":1587041685091534,"flow_dst_last_pkt_time":1587041685104871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":131,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":131,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041690880711,"flow_src_last_pkt_time":1587041690880711,"flow_dst_last_pkt_time":1587041690915102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":259,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":259,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693530810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041686659283,"flow_src_last_pkt_time":1587041686659283,"flow_dst_last_pkt_time":1587041686659283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
+00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1587041682740607,"flow_src_last_pkt_time":1587041682856432,"flow_dst_last_pkt_time":1587041682745518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":8819,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Dropbox","proto_by_ip_id":121,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1587041679059584,"flow_src_last_pkt_time":1587041680062816,"flow_dst_last_pkt_time":1587041680074798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695591686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041697617344,"flow_dst_last_pkt_time":1587041697663187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041697669056,"flow_dst_last_pkt_time":1587041697713165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":186,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":565,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041697668978,"flow_dst_last_pkt_time":1587041697714311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":485,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695433333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687370480,"flow_src_last_pkt_time":1587041687370480,"flow_dst_last_pkt_time":1587041687435320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1587041676612882,"flow_src_last_pkt_time":1587041676808147,"flow_dst_last_pkt_time":1587041676808041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1808,"flow_dst_tot_l4_payload_len":6621,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1587041685251950,"flow_src_last_pkt_time":1587041685681752,"flow_dst_last_pkt_time":1587041685681659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3164,"flow_dst_tot_l4_payload_len":6995,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1587041686889381,"flow_src_last_pkt_time":1587041687253807,"flow_dst_last_pkt_time":1587041687253692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3163,"flow_dst_tot_l4_payload_len":7012,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Microsoft365","proto_by_ip_id":219,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}}
+00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041680294054,"flow_src_last_pkt_time":1587041680294649,"flow_dst_last_pkt_time":1587041680294680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1090,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1126,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685171649,"flow_src_last_pkt_time":1587041685171649,"flow_dst_last_pkt_time":1587041685185131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","proto_id":"5.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041690916341,"flow_src_last_pkt_time":1587041691089391,"flow_dst_last_pkt_time":1587041691089314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1587041697061972,"flow_src_last_pkt_time":1587041697244908,"flow_dst_last_pkt_time":1587041697244816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1359,"flow_dst_tot_l4_payload_len":7609,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041687731296,"flow_src_last_pkt_time":1587041687731296,"flow_dst_last_pkt_time":1587041687745080,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041681218709,"flow_src_last_pkt_time":1587041681218709,"flow_dst_last_pkt_time":1587041681248693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041675997451,"flow_src_last_pkt_time":1587041675997451,"flow_dst_last_pkt_time":1587041676010607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":67,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":67,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041691075869,"flow_src_last_pkt_time":1587041691075869,"flow_dst_last_pkt_time":1587041691148968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}}
+00666{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/stun_mapped_address_disabled\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":65,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":682,"global_ts_usec":1587041698021081}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 1540/1498
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 587095 bytes
+~~ total detected protocols..: 80
+~~ total active/idle flows...: 83/83
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6633459 bytes
+~~ total memory freed........: 6633459 bytes
+~~ total allocations/frees...: 88666/88666
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 316 chars
+~~ json message max len.......: 2522 chars
+~~ json message avg len.......: 1419 chars
diff --git a/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
index 2b46065ca..f640e22a5 100644
--- a/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_ja3c_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 572 chars
diff --git a/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
index e0e9793f3..f2c3a6521 100644
--- a/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_ja3s_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja3s_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 572 chars
diff --git a/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out b/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
index e41e95de2..daa55e929 100644
--- a/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_ja4c_disabled/tls_verylong_certificate.pcap.out
@@ -1,5 +1,5 @@
-00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
+00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751}
 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
@@ -11,7 +11,7 @@
 03986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","ja4":"t12d6707ht_2955a3196ffa_b1760ac0ffd7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}}
 02181{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
 01014{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}}
-00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4613-09bb38343","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
+00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/tls_ja4c_disabled\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1578254908551114}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
 ~~ skipped flows.............: 0
@@ -20,8 +20,8 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5673701 bytes
-~~ total memory freed........: 5673701 bytes
+~~ total memory allocated....: 5673725 bytes
+~~ total memory freed........: 5673725 bytes
 ~~ total allocations/frees...: 86047/86047
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 572 chars
-- 
cgit v1.2.3